2514 matches found
CVE-2019-11552
Code42 Enterprise and CrashPlan for Small Business Client versions 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 are affected by an eval injection vulnerability. A proxy auto-configuration (PAC) file, crafted by a user with lower privileges, may be used to execute arbitrary code with t...
CVE-2019-12826
A Cross-Site-Request-Forgery CSRF vulnerability in widgetlogic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets that are attached to widgets and then eval'd to dynamically determine their visibility by crafting a maliciou...
Sandbox Breakout / Arbitrary Code Execution
Overview Versions of safer-eval prior to 1.3.4 are vulnerable to Sandbox Escape leading to Remote Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code. For example, evaluating he string console.constructor.constructor'return process'.env prints...
PYSEC-2019-199
A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDGCONFIGDIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in...
DEBIAN-CVE-2019-12761
A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDGCONFIGDIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in...
UBUNTU-CVE-2019-12761
A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDGCONFIGDIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in...
CVE-2018-20190
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operatorSass::SupportsOperator in eval.cpp may cause a Denial of Service application crash via a crafted sass input file...
Arbitrary Code Execution
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1970,...
SSJI-to Node. js vulnerability audit of the series a-vulnerability warning-the black bar safety net
hello I was in control of the security laboratory of the Whispering Wind, the JavaScript in Node. js with the help of turned into a server-side scripting language, so since it is a service side scripting language, there may be some security issues. SSJIserver side JavaScript injection is a...
CVE-2019-10842
Arbitrary code execution via backdoor code was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can be leveraged to execute arbitrary code on the target...
CVE-2019-10633
An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs...
Design/Logic Flaw
An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs...
CVE-2019-10633
An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs...
CVE-2019-10633
CVE-2019-10633 affects Zyxel NAS326 (firmware 5.21 and earlier). It is an eval injection vulnerability in the Python web server routing, enabling a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs. Root cause is eval-based handling in the routin...
CVE-2019-10633
An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs...
Zyxel NAS 326 eval injection vulnerability
Zyxel NAS 326 is a two-drive personal cloud storage device from Zyxel Hopscotch. An eval injection vulnerability exists in the Python web server routing in Zyxel NAS 326 5.21 and earlier versions. A remote authenticated attacker can exploit this vulnerability to execute arbitrary code via the...
GHSA-VQQV-V9M2-48P2 Bootstrap-sass contains code execution backdoor
Arbitrary code execution via backdoor code was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can be leveraged to execute arbitrary code on the target...
Bootstrap-sass contains code execution backdoor
Arbitrary code execution via backdoor code was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can be leveraged to execute arbitrary code on the target...
Code injection
Arbitrary code execution via backdoor code was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can be leveraged to execute arbitrary code on the target...
CVE-2019-10842
Arbitrary code execution via backdoor code was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can be leveraged to execute arbitrary code on the target...