Lucene search
K

2514 matches found

OSV
OSV
added 2018/07/23 4:29 p.m.2 views

DEBIAN-CVE-2018-1999022

PEAR HTMLQuickForm version 3.2.14 contains an eval injection CWE-95 vulnerability in HTMLQuickForm's getSubmitValue method, HTMLQuickForm's validate method, HTMLQuickFormhierselect's setOptions method, HTMLQuickFormelement's findValue method, HTMLQuickFormelement's prepareValue method. that can...

9.8CVSS7.4AI score0.02209EPSS
Exploits0References1
OSV
OSV
added 2018/07/23 4:29 p.m.2 views

UBUNTU-CVE-2018-1999022

PEAR HTMLQuickForm version 3.2.14 contains an eval injection CWE-95 vulnerability in HTMLQuickForm's getSubmitValue method, HTMLQuickForm's validate method, HTMLQuickFormhierselect's setOptions method, HTMLQuickFormelement's findValue method, HTMLQuickFormelement's prepareValue method. that can...

9.8CVSS7.5AI score0.02209EPSS
Exploits0References4
Cvelist
Cvelist
added 2018/07/23 4:0 p.m.33 views

CVE-2018-1999022

PEAR HTMLQuickForm version 3.2.14 contains an eval injection CWE-95 vulnerability in HTMLQuickForm's getSubmitValue method, HTMLQuickForm's validate method, HTMLQuickFormhierselect's setOptions method, HTMLQuickFormelement's findValue method, HTMLQuickFormelement's prepareValue method. that can...

9.7AI score0.02209EPSS
Exploits0References2
CVE
CVE
added 2018/07/23 4:0 p.m.58 views

CVE-2018-1999022

The CVE-2018-1999022 entry concerns PEAR HTML_QuickForm version 3.2.14, where an eval injection vulnerability exists in multiple methods (getSubmitValue, validate, hierselect _setOptions, element _findValue, element _prepareValue). The described exploit could lead to information disclosure, data ...

9.8CVSS9.5AI score0.02209EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2018/07/19 1:36 a.m.13 views

Remote Code Execution (RCE)

YARD is affected by a remote code execution vulnerability. This is due to the usage of eval to parse and evaluate defined? blocks for complex expressions, which allows arbitrary execution of code...

7.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2018/07/18 6:28 p.m.6 views

@ajaxlinux/tools (>=1.1.2 <=1.1.7), @autorest/powershell (>=2.0.295 <=2.0.315) +239 more potentially affected by CVE-2017-16088 via safe-eval (>=0.2.0 <=0.3.0)

safe-eval NPM version =0.2.0, =1.1.2, =2.0.295, =2.0.4, =2.0.142, =3.0.136, =3.0.142, =4.0.149, =3.0.129, =1.2.9, =1.1.4, =0.0.34, =0.1.0 and more Source cves: CVE-2017-16088 Source advisory: OSV:GHSA-WW6V-677G-P656...

10CVSS7.3AI score0.03494EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2018/07/18 6:28 p.m.57 views

Sandbox Breakout in safe-eval

Affected versions of safe-eval are vulnerable to a sandbox escape. By accessing object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox. Proof of Concept: This code accesses the process object and calls .exit js var safeEval =...

10CVSS9AI score0.03494EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2018/07/18 6:28 p.m.3 views

GHSA-WW6V-677G-P656 Sandbox Breakout in safe-eval

Affected versions of safe-eval are vulnerable to a sandbox escape. By accessing object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox. Proof of Concept: This code accesses the process object and calls .exit js var safeEval =...

10CVSS5.9AI score0.03494EPSS
Exploits0References6
OSV
OSV
added 2018/07/13 8:29 p.m.4 views

CVE-2016-6558

A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the actionscript parameter. The actionscript parameter specifies a script to be executed if the actionmode parameter does not conta...

9.8CVSS5.9AI score0.03548EPSS
Exploits0References2
Veracode
Veracode
added 2018/07/06 7:22 a.m.19 views

Cross-site Scripting (XSS)

angular-redactor is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization of user input that is used in an eval call...

6.1CVSS5.7AI score0.00937EPSS
Exploits1References2Affected Software1
seebug.org
seebug.org
added 2018/06/14 12:0 a.m.76 views

Code Injection in Moodle

Moodle is a widely-used open-source e-Learning software with more than 127 million users allowing teachers and students to digitally manage course activities and exchange learning material, often deployed by large universities. In this post we will examine the technical intrinsics of a critical...

0.3AI score
Exploits0
Veracode
Veracode
added 2018/06/07 1:24 p.m.37 views

Remote Code Execution (RCE)

safe-eval is vulnerable to remote code execution RCE. The application does not properly sanitize user input in object constructors, allowing a malicious user to break out of the Sandbox and execute arbitrary commands...

10CVSS9.7AI score0.03494EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2018/06/07 2:29 a.m.21 views

CVE-2017-16226

The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution...

9.8CVSS9.8AI score
Exploits0References3
NVD
NVD
added 2018/06/07 2:29 a.m.26 views

CVE-2017-16088

The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox...

10CVSS9.4AI score0.03494EPSS
Exploits0References3
OSV
OSV
added 2018/06/07 2:29 a.m.19 views

CVE-2017-16088

The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox...

10CVSS9.6AI score
Exploits0References3
Prion
Prion
added 2018/06/07 2:29 a.m.21 views

Improper access control

The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox...

10CVSS9.4AI score0.03494EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2018/06/07 2:29 a.m.14 views

Code injection

The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution...

7.5CVSS9.7AI score0.03596EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2018/06/07 2:0 a.m.32 views

CVE-2017-16088

The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox...

9.5AI score0.03494EPSS
Exploits0References3
CVE
CVE
added 2018/06/07 2:0 a.m.59 views

CVE-2017-16226

The CVE-2017-16226 issue affects the static-eval module where untrusted input can access the global Function constructor, enabling arbitrary code execution. Exploitation details are present in multiple connected sources (e.g., npm advisory 548 and OSS/GHSA entries) showing that affected versions ...

9.8CVSS9.6AI score0.03596EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2018/06/07 2:0 a.m.32 views

CVE-2017-16226

The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution...

9.7AI score0.03596EPSS
Exploits1References3
Rows per page
Query Builder