Lucene search
K

2514 matches found

OSV
OSV
added 2019/10/21 9:58 p.m.24 views

GHSA-R3X4-WR4H-PW33 Sandbox Breakout / Arbitrary Code Execution in safer-eval

Versions of safer-eval prior to 1.3.4 are vulnerable to Sandbox Escape leading to Remote Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code. For example, evaluating he string console.constructor.constructor'return process'.env prints process.e...

9.9CVSS10AI score0.01787EPSS
Exploits1References3
Exploit DB
Exploit DB
added 2019/10/18 12:0 a.m.2330 views

Joomla! 3.4.6 - Remote Code Execution

Exploit Title: Joomla! 3.4.6 - Remote Code Execution Google Dork: N/A Date: 2019-10-02 Exploit Author: Alessandro Groppo Vendor Homepage: https//www.joomla.it/ Software Link: https://downloads.joomla.org/it/cms/joomla3/3-4-6 Version: 3.0.0 -- 3.4.6 Tested on: Linux CVE : N/A Technical details:...

7.4AI score
Exploits0
Node.js
Node.js
added 2019/10/17 8:17 p.m.17 views

Sandbox Breakout / Arbitrary Code Execution

Overview All versions of safer-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. It is possible to escape the sandbox by forcing exceptions recursively in the evaluated code. This may allow attacker to execute arbitrary code in the system. Recommendation The package is not...

8.1AI score
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2019/10/17 6:27 p.m.6 views

@pl-test/c (>=1.1.0 <=1.1.1), @pl-test/e (=1.1.0) potentially affected by CVE-2019-10760 via safer-eval (=1.2.3)

safer-eval NPM version =1.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on safer-eval and may be impacted: - @pl-test/c =1.1.0, =1.1.1 - @pl-test/e =1.1.0 Source cves: CVE-2019-10760 Source advisory: OSV:GHSA-HGCH-JJMR-GP7W...

9.9CVSS7.2AI score0.02852EPSS
Exploits0
OSV
OSV
added 2019/10/17 6:27 p.m.17 views

GHSA-HGCH-JJMR-GP7W Sandbox Breakout / Arbitrary Code Execution in safer-eval

Versions of safer-eval before 1.3.2 are vulnerable to Sandbox Escape leading to Remote Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code. Recommendation Upgrade to version 1.3.2...

9.9CVSS10AI score0.02852EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2019/10/17 6:27 p.m.36 views

Sandbox Breakout / Arbitrary Code Execution in safer-eval

Versions of safer-eval before 1.3.2 are vulnerable to Sandbox Escape leading to Remote Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code. Recommendation Upgrade to version 1.3.2...

9.9CVSS5.6AI score0.02852EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2019/10/16 12:15 p.m.2 views

UBUNTU-CVE-2019-17626

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

9.8CVSS7.9AI score0.10231EPSS
Exploits1References4
Cvelist
Cvelist
added 2019/10/16 11:29 a.m.22 views

CVE-2019-17626

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

9.8AI score0.10231EPSS
Exploits1References14
Vulnrichment
Vulnrichment
added 2019/10/16 11:29 a.m.13 views

CVE-2019-17626

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

7.8AI score0.10231EPSS
Exploits1References14
Veracode
Veracode
added 2019/10/16 4:37 a.m.17 views

Prototype Pollution

safer-eval is vulnerable to prototype pollution. A lack of validation allows an attacker to inject arbitrary objects using Object.constructor to execute arbitrary code...

9.9CVSS4.5AI score0.01787EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2019/10/16 12:0 a.m.2 views

safer-eval code injection vulnerability

safer-eval is a security evaluation module that runs in node and browsers. A code injection vulnerability exists in versions prior to safer-eval 1.3.2, which arises from the failure of a network system or product to properly filter specific elements of externally input data during the constructio...

9.9CVSS7.6AI score0.02852EPSS
Exploits0References1
OSV
OSV
added 2019/10/15 11:15 p.m.2 views

CVE-2019-17613

qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin&action=addjf via CSRF, as demonstrated by a payload in...

9.8CVSS7.8AI score
Exploits0References1
CVE
CVE
added 2019/10/15 10:56 p.m.60 views

CVE-2019-17613

CVE-2019-17613 affects qibosoft 7. The vulnerability is due to do/jf.php performing eval on input, enabling remote code execution. An attacker can leverage the Point Introduction Management feature to inject PHP code to be evaluated, or exploit CSRF via admin/index.php?lfj=jfadmin&action=addjf (p...

9.8CVSS9.6AI score0.02857EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/10/15 3:15 p.m.27 views

CVE-2019-10760

safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code...

9.9CVSS9.8AI score0.02852EPSS
Exploits0References1
NVD
NVD
added 2019/10/15 3:15 p.m.31 views

CVE-2019-10759

safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code...

9.9CVSS9.8AI score0.01787EPSS
Exploits1References1
OSV
OSV
added 2019/10/15 3:15 p.m.25 views

CVE-2019-10760

safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code...

9.9CVSS10AI score
Exploits0References1
Prion
Prion
added 2019/10/15 3:15 p.m.14 views

Code injection

safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code...

6.5CVSS9.8AI score0.01787EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2019/10/15 3:15 p.m.16 views

Code injection

safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code...

6.5CVSS9.8AI score0.02852EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/10/15 2:53 p.m.36 views

CVE-2019-10760

safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code...

9.9AI score0.02852EPSS
Exploits0References1
CVE
CVE
added 2019/10/15 2:53 p.m.73 views

CVE-2019-10760

Safer-eval prior to 1.3.2 is vulnerable to sandbox escape via constructor properties, enabling arbitrary code execution. Affected component: safer-eval (

9.9CVSS9.8AI score0.02852EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder