Lucene search
K

2514 matches found

CVE
CVE
added 2018/04/13 5:0 a.m.46 views

CVE-2018-10086

CMS Made Simple (CMSMS) up to version 2.2.7 has an arbitrary code execution vulnerability in the admin dashboard. The root cause is the use of eval('function testfunction'.rand()) which can bypass certain restrictions on these testfunction functions. Affected product: CMSMS. The issue is document...

7.2CVSS7.3AI score0.01953EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/04/11 5:29 a.m.0 views

UBUNTU-CVE-2018-10016

Netwide Assembler NASM 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file...

5.5CVSS7.1AI score0.01093EPSS
Exploits1References2
CNVD
CNVD
added 2018/04/11 12:0 a.m.3 views

Netwide Assembler De-Zero Vulnerability

Netwide Assembler NASM is a portable, modular 80x86 and x86-64 assembler. A divide-by-zero vulnerability exists in the expr5 function in asm/eval.c in Netwide Assembler NASM 2.14rc0. An attacker can exploit this vulnerability via a malformed input file to cause a divide-by-zero error...

5.5CVSS6.9AI score0.01093EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2018/03/18 6:29 a.m.2 views

CVE-2018-8756

Eval injection in yzmphp/core/function/global.func.php in YzmCMS v3.7.1 allows remote attackers to achieve arbitrary code execution via PHP code in the POST data of an index.php?m=member&c=membercontent&a=init request...

7.2CVSS6.5AI score0.03394EPSS
Exploits1References3
OSV
OSV
added 2018/03/18 6:29 a.m.4 views

CVE-2018-8756

Eval injection in yzmphp/core/function/global.func.php in YzmCMS v3.7.1 allows remote attackers to achieve arbitrary code execution via PHP code in the POST data of an index.php?m=member&c=membercontent&a=init request...

7.2CVSS6.3AI score0.03394EPSS
Exploits1References2
Cvelist
Cvelist
added 2018/03/18 6:0 a.m.25 views

CVE-2018-8756

Eval injection in yzmphp/core/function/global.func.php in YzmCMS v3.7.1 allows remote attackers to achieve arbitrary code execution via PHP code in the POST data of an index.php?m=member&c=membercontent&a=init request...

7.6AI score0.03394EPSS
Exploits1References2
CVE
CVE
added 2018/03/18 6:0 a.m.51 views

CVE-2018-8756

YzmCMS v3.7.1 is affected by CVE-2018-8756 due to an eval injection in yzmphp/core/function/global.func.php. The vulnerability allows remote code execution via PHP code supplied in the POST data of the request index.php?m=member&c=member_content&a=init. The connected CNVD/CNVD-derived records cor...

7.2CVSS7.5AI score0.03394EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2018/03/13 3:29 p.m.21 views

CVE-2018-1000070

Bitmessage PyBitmessage version v0.6.2 and introduced in or after commit 8ce72d8d2d25973b7064b1cf76a6b0b3d62f0ba0 contains a Eval injection vulnerability in main program, file src/messagetypes/init.py function constructObject that can result in Code Execution. This attack appears to be exploitabl...

8.8CVSS9.1AI score
Exploits0References1
NVD
NVD
added 2018/03/13 3:29 p.m.27 views

CVE-2018-1000070

Bitmessage PyBitmessage version v0.6.2 and introduced in or after commit 8ce72d8d2d25973b7064b1cf76a6b0b3d62f0ba0 contains a Eval injection vulnerability in main program, file src/messagetypes/init.py function constructObject that can result in Code Execution. This attack appears to be exploitabl...

8.8CVSS8.8AI score0.02441EPSS
Exploits0References1
Prion
Prion
added 2018/03/13 3:29 p.m.16 views

Design/Logic Flaw

Bitmessage PyBitmessage version v0.6.2 and introduced in or after commit 8ce72d8d2d25973b7064b1cf76a6b0b3d62f0ba0 contains a Eval injection vulnerability in main program, file src/messagetypes/init.py function constructObject that can result in Code Execution. This attack appears to be exploitabl...

6.8CVSS8.8AI score0.02441EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/03/13 3:0 p.m.43 views

CVE-2018-1000070

CVE-2018-1000070 relates to Bitmessage PyBitmessage. The connected CNVD/CNVD-2018-07896 and CNVD-derived entries confirm a vulnerability in the file src/messagetypes/init .py, in the function constructObject, within PyBitmessage v0.6.2 and later (introduced around commit 8ce72d8d...), that enable...

8.8CVSS8.8AI score0.02441EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/03/13 3:0 p.m.36 views

CVE-2018-1000070

Bitmessage PyBitmessage version v0.6.2 and introduced in or after commit 8ce72d8d2d25973b7064b1cf76a6b0b3d62f0ba0 contains a Eval injection vulnerability in main program, file src/messagetypes/init.py function constructObject that can result in Code Execution. This attack appears to be exploitabl...

8.9AI score0.02441EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2018/02/27 2:52 p.m.10 views

WordPress Users Warned of Malware Masquerading as ionCube Files

Security researchers are warning WordPress and Joomla admins of a sneaky new malware strain masquerading as legitimate ionCube files. The malware, dubbed ionCube Malware, is used by cybercriminals to create backdoors on vulnerable websites allowing them to steal data or plant more malware. In the...

7.5AI score
Exploits0References1
Exploit DB
Exploit DB
added 2017/12/19 12:0 a.m.58 views

Tuleap 9.6 - Second-Order PHP Object Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Tuleap 9.6 Second-Order PHP Object Injection', 'Description' = %q This module exploits a Second-Order PHP Object Injection vulnerability in Tulea...

8.8CVSS7.4AI score0.66632EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2017/11/20 12:0 a.m.110 views

GLSA-201711-15 : PHPUnit: Remote code execution

The remote host is affected by the vulnerability described in GLSA-201711-15 PHPUnit: Remote code execution When PHPUnit is installed in a production environment via composer and these modules are in a web accessible directory, the eval-stdin.php file in PHPUnit contains vulnerable statements tha...

9.8CVSS8.6AI score0.99999EPSS
Exploits19References2
Metasploit
Metasploit
added 2017/11/01 3:9 p.m.29 views

Tuleap 9.6 Second-Order PHP Object Injection

This module exploits a Second-Order PHP Object Injection vulnerability in Tuleap 'Tuleap 9.6 Second-Order PHP Object Injection', 'Description' = %q This module exploits a Second-Order PHP Object Injection vulnerability in Tuleap = 9.6 which could be abused by authenticated users to execute...

8.8CVSS7.8AI score0.66632EPSS
Exploits6
OSV
OSV
added 2017/10/24 6:33 p.m.1 views

GHSA-5J3G-JFQ3-7JWX Arbitrary JavaScript Execution in bassmaster

A vulnerability exists in bassmaster = 1.5.1 that allows for an attacker to provide arbitrary JavaScript that is then executed server side via eval. Recommendation Update to bassmaster version 1.5.2 or greater...

10CVSS7.3AI score0.78582EPSS
Exploits6References9
Node.js
Node.js
added 2017/10/17 11:19 p.m.181 views

Sandbox Breakout / Arbitrary Code Execution

Overview Affected versions of static-eval pass untrusted user input directly to the global function constructor, resulting in an arbitrary code execution vulnerability when user input is parsed via the package. Proof of concept var evaluate = require'static-eval'; var parse =...

7.5CVSS4.8AI score0.03596EPSS
Exploits1Affected Software1
Prion
Prion
added 2017/10/17 4:29 p.m.9 views

Sql injection

Eval injection vulnerability in the fmsaveHelperGatherItems function in ajax.php in the Form Manager plugin before 1.7.3 for WordPress allows remote attackers to execute arbitrary code via unspecified vectors...

7.5CVSS8.6AI score0.05972EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2017/10/17 4:0 p.m.43 views

CVE-2015-7806

The CVE-2015-7806 issue affects the WordPress Form Manager plugin (prior to 1.7.3). The vulnerability is in the fm_saveHelperGatherItems function of ajax.php, enabling remote code execution via unspecified vectors. Multiple sources confirm RCE potential, including CNVD and WPVulndB entries noting...

9.8CVSS9.6AI score0.05972EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder