2514 matches found
GHSA-R3X4-WR4H-PW33 Sandbox Breakout / Arbitrary Code Execution in safer-eval
Versions of safer-eval prior to 1.3.4 are vulnerable to Sandbox Escape leading to Remote Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code. For example, evaluating he string console.constructor.constructor'return process'.env prints process.e...
Joomla! 3.4.6 - Remote Code Execution
Exploit Title: Joomla! 3.4.6 - Remote Code Execution Google Dork: N/A Date: 2019-10-02 Exploit Author: Alessandro Groppo Vendor Homepage: https//www.joomla.it/ Software Link: https://downloads.joomla.org/it/cms/joomla3/3-4-6 Version: 3.0.0 -- 3.4.6 Tested on: Linux CVE : N/A Technical details:...
Sandbox Breakout / Arbitrary Code Execution
Overview All versions of safer-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. It is possible to escape the sandbox by forcing exceptions recursively in the evaluated code. This may allow attacker to execute arbitrary code in the system. Recommendation The package is not...
@pl-test/c (>=1.1.0 <=1.1.1), @pl-test/e (=1.1.0) potentially affected by CVE-2019-10760 via safer-eval (=1.2.3)
safer-eval NPM version =1.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on safer-eval and may be impacted: - @pl-test/c =1.1.0, =1.1.1 - @pl-test/e =1.1.0 Source cves: CVE-2019-10760 Source advisory: OSV:GHSA-HGCH-JJMR-GP7W...
GHSA-HGCH-JJMR-GP7W Sandbox Breakout / Arbitrary Code Execution in safer-eval
Versions of safer-eval before 1.3.2 are vulnerable to Sandbox Escape leading to Remote Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code. Recommendation Upgrade to version 1.3.2...
Sandbox Breakout / Arbitrary Code Execution in safer-eval
Versions of safer-eval before 1.3.2 are vulnerable to Sandbox Escape leading to Remote Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code. Recommendation Upgrade to version 1.3.2...
UBUNTU-CVE-2019-17626
ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...
CVE-2019-17626
ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...
CVE-2019-17626
ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...
Prototype Pollution
safer-eval is vulnerable to prototype pollution. A lack of validation allows an attacker to inject arbitrary objects using Object.constructor to execute arbitrary code...
safer-eval code injection vulnerability
safer-eval is a security evaluation module that runs in node and browsers. A code injection vulnerability exists in versions prior to safer-eval 1.3.2, which arises from the failure of a network system or product to properly filter specific elements of externally input data during the constructio...
CVE-2019-17613
qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin&action=addjf via CSRF, as demonstrated by a payload in...
CVE-2019-17613
CVE-2019-17613 affects qibosoft 7. The vulnerability is due to do/jf.php performing eval on input, enabling remote code execution. An attacker can leverage the Point Introduction Management feature to inject PHP code to be evaluated, or exploit CSRF via admin/index.php?lfj=jfadmin&action=addjf (p...
CVE-2019-10760
safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code...
CVE-2019-10759
safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code...
CVE-2019-10760
safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code...
Code injection
safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code...
Code injection
safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code...
CVE-2019-10760
safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code...
CVE-2019-10760
Safer-eval prior to 1.3.2 is vulnerable to sandbox escape via constructor properties, enabling arbitrary code execution. Affected component: safer-eval (