Lucene search
K

2514 matches found

Prion
Prion
added 2019/02/11 4:29 a.m.16 views

Design/Logic Flaw

taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php dbname parameter and then making a config.php request...

7.5CVSS9.6AI score0.01607EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/02/11 4:29 a.m.25 views

CVE-2019-7720

taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php dbname parameter and then making a config.php request...

9.8CVSS9.7AI score0.01607EPSS
Exploits1References1
CVE
CVE
added 2019/02/11 3:0 a.m.41 views

CVE-2019-7719

Nibbleblog 4.0.5 is affected by CVE-2019-7719 via an eval injection flaw. The vulnerability occurs when PHP code is placed in the install.php username parameter and a subsequent request to content/private/shadow.php is made, enabling arbitrary PHP evaluation on the server. The NVD entry lists a h...

9.8CVSS9.6AI score0.01717EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/02/11 3:0 a.m.48 views

CVE-2019-7720

The CVE-2019-7720 entry applies to TaoCMS, describing an eval-injection flaw in which PHP code can be placed in the install.php db_name parameter and then triggered via a config.php request. Red Hat and other sources corroborate the same issue, indicating the root cause is eval injection leading ...

9.8CVSS9.6AI score0.01607EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2019/02/11 12:0 a.m.14 views

TaoCMS code injection vulnerability

TaoCMS is a php sqlite/mysql based ultra-small CMS management system. TaoCMS is vulnerable to code injection, which can be exploited by placing PHP code in the install.php dbname parameter and then issuing a config.php request to perform eval injection...

9.8CVSS2AI score0.01607EPSS
Exploits1References1
Veracode
Veracode
added 2019/01/15 9:2 a.m.15 views

Remote Code Execution (RCE)

luci is vulnerable to remote code execution RCE attacks. The vulnerability exists through an eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration...

6CVSS7.5AI score0.01363EPSS
Exploits0References12Affected Software1
OSV
OSV
added 2019/01/15 12:29 a.m.3 views

DEBIAN-CVE-2019-6290

An infinite recursion issue was discovered in eval.c in Netwide Assembler NASM through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '' characters. Remote attackers could leverage...

5.5CVSS6.8AI score0.01261EPSS
Exploits1References1
OSV
OSV
added 2019/01/15 12:29 a.m.3 views

UBUNTU-CVE-2019-6290

An infinite recursion issue was discovered in eval.c in Netwide Assembler NASM through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '' characters. Remote attackers could leverage...

5.5CVSS6.4AI score0.01261EPSS
Exploits1References2
Node.js
Node.js
added 2019/01/03 7:44 p.m.20 views

Sandbox Breakout / Arbitrary Code Execution

Overview Versions of static-evalprior to 2.0.2 pass untrusted user input directly to the global function constructor, resulting in an arbitrary code execution vulnerability when user input is parsed via the package. Proof of concept var evaluate = require'static-eval'; var parse =...

7.8AI score
Exploits0Affected Software1
OSV
OSV
added 2018/12/17 8:29 p.m.3 views

UBUNTU-CVE-2018-20190

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operatorSass::SupportsOperator in eval.cpp may cause a Denial of Service application crash via a crafted sass input file...

6.5CVSS6.9AI score0.02587EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2018/12/17 8:0 p.m.17 views

CVE-2018-20190

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operatorSass::SupportsOperator in eval.cpp may cause a Denial of Service application crash via a crafted sass input file...

6.5CVSS7.7AI score0.02587EPSS
Exploits1
OSV
OSV
added 2018/12/04 9:29 a.m.1 views

UBUNTU-CVE-2018-19837

In LibSass prior to 3.5.5, Sass::Eval::operatorSass::BinaryExpression inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%' as a modulo operator in parser.cpp...

6.5CVSS7.3AI score0.01807EPSS
Exploits1References3
CNVD
CNVD
added 2018/12/04 12:0 a.m.3 views

LibSass Denial of Service Vulnerability (CNVD-2019-06788)

LibSass is an open source written in C using Sass CSS extension language parser . A security vulnerability exists in the 'Sass::Eval::operator' function of the eval.cpp file in LibSass versions prior to 3.5.5, which stems from the program failing to properly parse the '%' character. The...

6.5CVSS9.1AI score0.01807EPSS
Exploits1References1
Prion
Prion
added 2018/11/27 7:29 a.m.21 views

Code injection

PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current=pboot:ifevAl$GETa1/pboot:if&a=phpinfo; URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel...

7.5CVSS9.8AI score0.03858EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2018/11/27 7:29 a.m.4 views

CVE-2018-19595

PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current=pboot:ifevAl$GETa1/pboot:if&a=phpinfo; URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel...

9.8CVSS6.1AI score0.03858EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2018/11/20 12:0 a.m.3 views

PT-2018-3063 · D Link · D-Link Central Wifi Manager Cwm

Name of the Vulnerable Software and Affected Versions: D-Link Central WiFi Manager CWM100 versions prior to v1.03R0100 BETA6 Description: The issue is related to a flaw in the authentication procedure of the D-Link Central WiFi Manager CWM100. This flaw allows remote attackers to execute arbitrar...

10CVSS10AI score0.80682EPSS
Exploits4References9
CNVD
CNVD
added 2018/11/14 12:0 a.m.2 views

Unspecified Vulnerability in LibSass (CNVD-2019-40138)

LibSass is an open source written in C using Sass CSS extension language parser . A security vulnerability exists in the 'Sass::Eval::operator' function in LibSass version 3.5-stable. An attacker can exploit this vulnerability to cause a denial of service...

6.5CVSS6.8AI score0.01053EPSS
Exploits1References1
OSV
OSV
added 2018/11/12 7:29 p.m.2 views

UBUNTU-CVE-2018-19219

In LibSass 3.5-stable, there is an illegal address access at Sass::Eval::operator that will lead to a DoS attack...

6.5CVSS5.8AI score0.01053EPSS
Exploits1References2
OSV
OSV
added 2018/10/15 6:29 a.m.4 views

CVE-2018-18319

An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because api.php has an eval call, as demonstrated by the /6/api.php?function=command&class=remote&Cc='ls' URI. NOTE: the vendor indicates that Merlin.PHP is designed on...

9.8CVSS6.5AI score0.05434EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2018/10/15 12:0 a.m.4 views

PT-2018-14403 · Asuswrt Merlin · Merlin.Php

Name of the Vulnerable Software and Affected Versions: Merlin.PHP version 0.6.6 Description: An issue was discovered in the Merlin.PHP component for Asuswrt-Merlin devices, allowing an attacker to execute arbitrary commands. This is due to an eval call in api.php, as demonstrated by the...

9.8CVSS10AI score0.05434EPSS
Exploits1References4
Rows per page
Query Builder