Lucene search
K

2514 matches found

CVE
CVE
added 2019/07/19 1:51 p.m.50 views

CVE-2019-11552

Code42 Enterprise and CrashPlan for Small Business Client versions 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 are affected by an eval injection vulnerability. A proxy auto-configuration (PAC) file, crafted by a user with lower privileges, may be used to execute arbitrary code with t...

7CVSS7.3AI score0.00545EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2019/07/01 6:15 p.m.7 views

CVE-2019-12826

A Cross-Site-Request-Forgery CSRF vulnerability in widgetlogic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets that are attached to widgets and then eval'd to dynamically determine their visibility by crafting a maliciou...

8.8CVSS9AI score0.0111EPSS
Exploits1References4
Node.js
Node.js
added 2019/06/25 7:33 p.m.11 views

Sandbox Breakout / Arbitrary Code Execution

Overview Versions of safer-eval prior to 1.3.4 are vulnerable to Sandbox Escape leading to Remote Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code. For example, evaluating he string console.constructor.constructor'return process'.env prints...

7.9AI score
Exploits0Affected Software1
PyPA
PyPA
added 2019/06/06 7:29 p.m.6 views

PYSEC-2019-199

A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDGCONFIGDIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in...

7.5CVSS7.5AI score0.02105EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2019/06/06 7:29 p.m.2 views

DEBIAN-CVE-2019-12761

A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDGCONFIGDIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in...

7.5CVSS7.5AI score0.02105EPSS
Exploits1References1
OSV
OSV
added 2019/06/06 7:29 p.m.0 views

UBUNTU-CVE-2019-12761

A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDGCONFIGDIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in...

7.5CVSS7.3AI score0.02105EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2019/05/14 11:54 a.m.23 views

CVE-2018-20190

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operatorSass::SupportsOperator in eval.cpp may cause a Denial of Service application crash via a crafted sass input file...

6.5CVSS3.1AI score0.02587EPSS
Exploits1References1
Veracode
Veracode
added 2019/05/02 4:42 a.m.27 views

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1970,...

10CVSS9.6AI score0.07762EPSS
Exploits2References15Affected Software3
myhack58
myhack58
added 2019/04/10 12:0 a.m.208 views

SSJI-to Node. js vulnerability audit of the series a-vulnerability warning-the black bar safety net

hello I was in control of the security laboratory of the Whispering Wind, the JavaScript in Node. js with the help of turned into a server-side scripting language, so since it is a service side scripting language, there may be some security issues. SSJIserver side JavaScript injection is a...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2019/04/09 1:50 p.m.40 views

CVE-2019-10842

Arbitrary code execution via backdoor code was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can be leveraged to execute arbitrary code on the target...

10CVSS6.5AI score0.04923EPSS
Exploits1References2
NVD
NVD
added 2019/04/09 5:29 a.m.24 views

CVE-2019-10633

An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs...

8.8CVSS8.7AI score0.03296EPSS
Exploits1References1
Prion
Prion
added 2019/04/09 5:29 a.m.15 views

Design/Logic Flaw

An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs...

6.5CVSS8.6AI score0.03296EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2019/04/09 5:29 a.m.3 views

CVE-2019-10633

An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs...

8.8CVSS7.6AI score0.03296EPSS
Exploits1References1
CVE
CVE
added 2019/04/09 5:0 a.m.50 views

CVE-2019-10633

CVE-2019-10633 affects Zyxel NAS326 (firmware 5.21 and earlier). It is an eval injection vulnerability in the Python web server routing, enabling a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs. Root cause is eval-based handling in the routin...

8.8CVSS8.6AI score0.03296EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/04/09 5:0 a.m.29 views

CVE-2019-10633

An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs...

8.7AI score0.03296EPSS
Exploits1References1
CNVD
CNVD
added 2019/04/09 12:0 a.m.4 views

Zyxel NAS 326 eval injection vulnerability

Zyxel NAS 326 is a two-drive personal cloud storage device from Zyxel Hopscotch. An eval injection vulnerability exists in the Python web server routing in Zyxel NAS 326 5.21 and earlier versions. A remote authenticated attacker can exploit this vulnerability to execute arbitrary code via the...

8.8CVSS8.1AI score0.03296EPSS
Exploits1References1
OSV
OSV
added 2019/04/04 4:28 p.m.18 views

GHSA-VQQV-V9M2-48P2 Bootstrap-sass contains code execution backdoor

Arbitrary code execution via backdoor code was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can be leveraged to execute arbitrary code on the target...

9.8CVSS9.8AI score0.04923EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2019/04/04 4:28 p.m.34 views

Bootstrap-sass contains code execution backdoor

Arbitrary code execution via backdoor code was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can be leveraged to execute arbitrary code on the target...

10CVSS9.7AI score0.04923EPSS
Exploits1References6Affected Software1
Prion
Prion
added 2019/04/04 4:29 a.m.15 views

Code injection

Arbitrary code execution via backdoor code was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can be leveraged to execute arbitrary code on the target...

10CVSS9.8AI score0.04923EPSS
Exploits1References4Affected Software1
UbuntuCve
UbuntuCve
added 2019/04/04 4:29 a.m.26 views

CVE-2019-10842

Arbitrary code execution via backdoor code was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can be leveraged to execute arbitrary code on the target...

10CVSS7.6AI score0.04923EPSS
Exploits1References4
Rows per page
Query Builder