Lucene search
K

2514 matches found

CNVD
CNVD
added 2017/06/30 12:0 a.m.4 views

PHPUnit RCE Vulnerability

PHPUnit is one of the PHP-based testing framework. A security vulnerability exists in the Util/PHP/eval-stdin.php file in PHPUnit versions prior to 4.8.28 and 5.x versions prior to 5.6.3. A remote attacker can exploit this vulnerability by sending HTTP POST data beginning with the string '?php' t...

9.8CVSS7.5AI score0.99999EPSS
Exploits19References1
Veracode
Veracode
added 2017/06/28 1:33 a.m.38 views

Remote Code Execution (RCE)

phpunit is vulnerable to remote code execution RCE attacks. A malicious user can inject and execute arbitrary PHP script by using the ?php tag and sending a POST request to the eval-stdin.php file on the system...

9.8CVSS9.9AI score0.99999EPSS
Exploits19References11Affected Software1
Prion
Prion
added 2017/06/27 5:29 p.m.54 views

Code injection

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the...

7.5CVSS7.9AI score0.99999EPSS
Exploits19References7Affected Software2
OSV
OSV
added 2017/06/27 5:29 p.m.2 views

UBUNTU-CVE-2017-9841

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the...

9.8CVSS7.4AI score0.99999EPSS
Exploits19References7
CNVD
CNVD
added 2017/06/27 12:0 a.m.2 views

E2open Device OpenWebif Plugin Arbitrary Code Execution Vulnerability

OpenWebif plugin for E2 open devices is a Web interface plugin for E2open devices from E2open, Inc. A security vulnerability exists in versions of the OpenWebif plugin for E2open devices prior to version 1.2.4, which originates from the 'saveConfig' function in...

10CVSS7.8AI score0.04923EPSS
Exploits3References1
Veracode
Veracode
added 2017/05/02 9:37 a.m.9 views

Remote Code Execution (RCE)

kmc is vulnerable to remote code execution RCE. A malicious user can inject and execute arbitrary code due to the lack of sanitization of user input before executing the eval function...

8.2AI score
Exploits0
Veracode
Veracode
added 2017/05/02 9:23 a.m.10 views

Remote Code Execution (RCE)

mongo-edit is vulnerable to remote code execution RCE. A malicious user can inject and execute arbitrary code due to the lack of sanitization of user input before executing the eval function...

8.2AI score
Exploits0
Veracode
Veracode
added 2017/05/02 9:4 a.m.7 views

Remote Code Execution (RCE)

mongui is vulnerable to remote code execution RCE. A malicious user can inject and execute arbitrary code due to the lack of sanitization of user input before executing the eval function...

8.2AI score
Exploits0
Veracode
Veracode
added 2017/05/02 8:27 a.m.8 views

Remote Code Execution (RCE)

mongoosify is vulnerable to remote code execution RCE. A malicious user can inject and execute arbitrary code due to the lack of sanitization of user input before executing the eval function...

8.2AI score
Exploits0
Veracode
Veracode
added 2017/05/02 8:14 a.m.10 views

Remote Code Execution (RCE)

nameless-cli is vulnerable to remote code execution RCE. A malicious user can inject and execute arbitrary code due to the lack of sanitization of user input before executing the eval function...

8.2AI score
Exploits0
Veracode
Veracode
added 2017/05/02 7:12 a.m.9 views

Remote Code Execution (RCE)

nd-validator is vulnerable to remote code execution RCE. A malicious user can inject and execute arbitrary code due to the lack of sanitization of user input before executing the eval function...

8.2AI score
Exploits0
Veracode
Veracode
added 2017/05/02 7:1 a.m.7 views

Remote Code Execution (RCE)

m2m-supervisor is vulnerable to remote code execution RCE. A malicious user can inject and execute arbitrary code due to the lack of sanitization of user input before executing the eval function...

8.2AI score
Exploits0
Node.js
Node.js
added 2017/04/19 11:29 p.m.2227 views

Sandbox Breakout

Overview Affected versions of safe-eval are vulnerable to a sandbox escape. By accessing object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox. Proof of Concept: This code accesses the process object and calls .exit var safeEv...

10CVSS3.3AI score0.03494EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2017/04/17 1:58 a.m.14 views

Command Execution Through Collection Name

summit is vulnerable to command execution. There is an unsafe eval in summit which allows an attacker to execute arbitrary commands through a malicious collection name. This only happens when using the PouchDB driver...

9.8CVSS9.6AI score0.02497EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2017/04/03 9:23 a.m.10 views

Remote Code Execution (RCE)

MathJS is vulnerable to remote code execution RCE attacks. These attacks are possible through the eval function...

7.8AI score
Exploits0
Veracode
Veracode
added 2017/04/03 9:6 a.m.7 views

Remote Code Execution (RCE)

MathJS is vulnerable to remote code execution RCE attacks. These attacks are possible through the eval function...

7.8AI score
Exploits0
Veracode
Veracode
added 2017/03/17 3:24 a.m.13 views

Remote Code Execution (RCE) Through Eval

heist is vulnerable to remote code execution RCE attacks. The vulnerability exists as the eval code for strings leads to Kernel.eval, and allows string interpolation to happen. This can eventually lead to a sandbox escape and remote code execution. The following code illustrates the issue RCE...

7.9AI score
Exploits0
NVD
NVD
added 2017/03/15 3:59 p.m.18 views

CVE-2017-5359

EasyCom SQL iPlug allows remote attackers to cause a denial of service via the D$EVAL parameter to the default URI...

7.5CVSS7.6AI score0.07365EPSS
Exploits6References6
CVE
CVE
added 2017/03/15 3:0 p.m.59 views

CVE-2017-5359

Affected product: EasyCom SQL iPlug. Vulnerability: Denial of Service via the D$EVAL parameter to the default URI, allowing remote attackers to exhaust the service. The issue is demonstrated by public PoCs/exploits targeting the 7078 port and sending oversized payloads, as reported across multipl...

7.5CVSS7.5AI score0.07365EPSS
Exploits6References6Affected Software1
seebug.org
seebug.org
added 2017/03/06 12:0 a.m.49 views

seacms search.php code execution vulnerability

function parseIf$content if strpos$content,'if:'=== false return $content; else $labelRule = buildregx"if:.? .? end if","is"; $labelRule2="elseif"; $labelRule3="else"; pregmatchall$labelRule,$content,$iar; $arlen=count$iar0; $elseIfFlag=false; for$m=0;$mparseStrIf$strIf; $strThen=$iar2$m;...

7.3AI score
Exploits0
Rows per page
Query Builder