Lucene search
K

2552 matches found

Prion
Prion
added 2019/03/21 4:0 p.m.16 views

Authentication flaw

In Webgalamb through 7.0, an arbitrary code execution vulnerability could be exploited remotely without authentication. Exploitation requires authentication bypass to access administrative functions of the site to upload a crafted CSV file with a malicious payload that becomes part of a PHP eval...

7.5CVSS9.7AI score0.04929EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2019/03/21 12:0 a.m.33 views

Social Warfare <= 3.5.2 - Unauthenticated Arbitrary Settings Update

Malicious eval is being inserted into the wpoptions table, in the optionname: socialwafaresettings, in the Twitter field. When the plugin is active, it causes the site to issue a JavaScript redirect to porn sites. Deactivating the plugin disables the redirect, but the malicious eval is still in t...

4.3CVSS0.4AI score0.73543EPSS
Exploits20References5Affected Software1
Veracode
Veracode
added 2019/03/18 6:47 a.m.14 views

Prototype Pollution

safer-eval is vulnerable to prototype pollution. A lack of validation allows an attacker to inject arbitrary objects using Object.constructor to execute arbitrary code...

9.9CVSS9.4AI score0.02852EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/03/17 10:6 p.m.54 views

CVE-2018-19514

CVE-2018-19514 affects Webgalamb up to version 7.0 and enables remote arbitrary code execution. An authentication bypass is required to access admin features to upload a crafted CSV payload that becomes part of a PHP eval() expression in subscriber.php. The connected records corroborate this desc...

9.8CVSS9.7AI score0.04929EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2019/03/17 10:6 p.m.26 views

CVE-2018-19514

In Webgalamb through 7.0, an arbitrary code execution vulnerability could be exploited remotely without authentication. Exploitation requires authentication bypass to access administrative functions of the site to upload a crafted CSV file with a malicious payload that becomes part of a PHP eval...

9.8AI score0.04929EPSS
Exploits2References2
Node.js
Node.js
added 2019/03/08 2:31 p.m.13 views

Sandbox Breakout / Arbitrary Code Execution

Overview Versions of safer-eval before 1.3.2 are vulnerable to Sandbox Escape leading to Remote Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code. Recommendation Upgrade to version 1.3.2. References GitHub Advisory...

7.9AI score
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2019/03/08 11:0 a.m.6 views

@pl-test/c (>=1.1.0 <=1.1.1), @pl-test/e (=1.1.0) potentially affected by CVE-2019-10760 via safer-eval (=1.2.3)

safer-eval NPM version =1.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on safer-eval and may be impacted: - @pl-test/c =1.1.0, =1.1.1 - @pl-test/e =1.1.0 Source cves: CVE-2019-10760 Source advisory: SNYK:JS-SAFEREVAL-473029...

9.9CVSS7.2AI score0.02852EPSS
Exploits0
Snyk
Snyk
added 2019/03/08 11:0 a.m.4 views

Arbitrary Code Execution

Overview safer-eval is a safer approach for eval in node and browser. Affected versions of this package are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code. Remediation Upgrade safer-eval to version 1.3.2 or higher...

9.9CVSS7.5AI score0.02852EPSS
Exploits0References3
NVD
NVD
added 2019/02/25 4:29 a.m.18 views

CVE-2019-9115

In irisnet-crypto before 1.1.7 for IRISnet, the util/utils.js file allows code execution because of unsafe eval usage...

9.8CVSS9.7AI score0.02332EPSS
Exploits0References1
OSV
OSV
added 2019/02/25 4:29 a.m.23 views

CVE-2019-9115

In irisnet-crypto before 1.1.7 for IRISnet, the util/utils.js file allows code execution because of unsafe eval usage...

9.8CVSS7.5AI score
Exploits0References1
Prion
Prion
added 2019/02/25 4:29 a.m.17 views

Code injection

In irisnet-crypto before 1.1.7 for IRISnet, the util/utils.js file allows code execution because of unsafe eval usage...

7.5CVSS9.7AI score0.02332EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/02/25 4:0 a.m.26 views

CVE-2019-9115

In irisnet-crypto before 1.1.7 for IRISnet, the util/utils.js file allows code execution because of unsafe eval usage...

9.8AI score0.02332EPSS
Exploits0References1
CVE
CVE
added 2019/02/25 4:0 a.m.53 views

CVE-2019-9115

irisnet-crypto before 1.1.7 for IRISnet contains unsafe eval usage in util/utils.js, enabling remote code execution (RCE). This is confirmed by multiple sources (GHSA-5FH8-X9XC-HXMC, OSV) and aligns with CVE-2019-9115 severity (NVD: high/critical). Mitigation: upgrade to version 1.1.7 or later; n...

9.8CVSS9.7AI score0.02332EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2019/02/15 2:43 a.m.24 views

Arbitrary Code Execution

static-eval is vulnerable to arbitrary code execution. The vulnerability is possible because there is no protection by sandbox isolated process, allowing the user to input malicious code through it...

7.5AI score
Exploits0References3Affected Software1
Prion
Prion
added 2019/02/11 4:29 a.m.20 views

Design/Logic Flaw

Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request...

7.5CVSS9.6AI score0.01717EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/02/11 4:29 a.m.15 views

CVE-2019-7719

Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request...

9.8CVSS9.7AI score0.01717EPSS
Exploits1References1
Prion
Prion
added 2019/02/11 4:29 a.m.17 views

Design/Logic Flaw

taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php dbname parameter and then making a config.php request...

7.5CVSS9.6AI score0.01607EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2019/02/11 4:29 a.m.4 views

CVE-2019-7720

taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php dbname parameter and then making a config.php request...

9.8CVSS5.8AI score0.01607EPSS
Exploits1References1
OSV
OSV
added 2019/02/11 4:29 a.m.4 views

CVE-2019-7719

Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request...

9.8CVSS7.4AI score0.01717EPSS
Exploits1References1
NVD
NVD
added 2019/02/11 4:29 a.m.27 views

CVE-2019-7720

taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php dbname parameter and then making a config.php request...

9.8CVSS9.7AI score0.01607EPSS
Exploits1References1
Rows per page
Query Builder