Lucene search
K

2514 matches found

NVD
NVD
added 2016/07/03 1:59 a.m.25 views

CVE-2016-5734

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the pregreplace e aka eval modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table...

9.8CVSS9.7AI score0.81373EPSS
Exploits8References6
UbuntuCve
UbuntuCve
added 2016/07/03 1:59 a.m.47 views

CVE-2016-5734

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the pregreplace e aka eval modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table...

9.8CVSS7.4AI score0.81373EPSS
Exploits8References2
Packet Storm
Packet Storm
added 2016/06/30 12:0 a.m.53 views

Phoenix Exploit Kit Remote Code Execution

Exploit Title: Phoenix Exploit Kit - Remote Code Execution Exploit Author: CrashBandicot @DosPerl Date: 2016-06-30 Tested on: MSWin32 Vuln file : geoip.php 492. isset$GET'bdr' ? eval$GET'bdr' : explode'nop','nop nop nop'; PoC : http://localhost/Phoenix/includes/geoip.php?bdr=phpinfo; Screen :...

7.4AI score
Exploits0
CNVD
CNVD
added 2016/06/24 12:0 a.m.2 views

Ruby '_cancel_eval' Class Arbitrary Code Execution Vulnerability

Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Japanese software developer Yukihiro Matsumoto. An arbitrary command execution vulnerability exists in the 'canceleval' class in Ruby versions 2.2.2 Tcl/Tk8.6, 2.3.0 dev. The vulnerability can be...

9.8CVSS9.2AI score0.06204EPSS
Exploits2References1
NVD
NVD
added 2016/05/20 2:59 p.m.20 views

CVE-2016-3728

Eval injection vulnerability in tftpapi.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATHINFO to tftp/...

8.8CVSS9AI score0.02839EPSS
Exploits0References5
Prion
Prion
added 2016/05/20 2:59 p.m.17 views

Sql injection

Eval injection vulnerability in tftpapi.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATHINFO to tftp/...

6.8CVSS8.4AI score0.02839EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2016/05/20 2:0 p.m.78 views

CVE-2016-3728

Summary: CVE-2016-3728 describes an eval-injection in Foreman’s Smart-Proxy TFTP module (tftp_api.rb) that allows an attacker to execute arbitrary code via the PATH_INFO PXE template type. Affected: Foreman/Smart-Proxy prior to 1.10.4 and 1.11.x prior to 1.11.2. Impact: remote code execution with...

8.8CVSS9AI score0.02839EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2016/05/20 2:0 p.m.27 views

CVE-2016-3728

Eval injection vulnerability in tftpapi.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATHINFO to tftp/...

9AI score0.02839EPSS
Exploits0References5
myhack58
myhack58
added 2016/04/13 12:0 a.m.23 views

PHP Utility Belt remote code execution vulnerability verification and analysis-vulnerability warning-the black bar safety net

! PHP Utility Belt is a tool for PHP application developers use a set of tools that can be used to test regular expressions and observed with pregmatch and pregmatchall function to match the observed pregreplate the result of the function; contains two words, two numbers with a capital letter and...

1.5AI score
Exploits0
exploitpack
exploitpack
added 2016/03/05 12:0 a.m.34 views

PHPLib 7.4 - SQL Injection

PHPLib 7.4 - SQL Injection PHPLib SQL Injection Vendor: PHPLib Product: PHPLib Version: newid=true; $this-name = $this-cookiename==""?$this-classname:$this-cookiename; if "" == $id $this-newid=false; switch $this-mode case "get": $id = isset$HTTPGETVARS$this-name ?...

7.5CVSS0.3AI score0.03462EPSS
Exploits3
NVD
NVD
added 2015/11/16 7:59 p.m.17 views

CVE-2015-7712

Multiple eval injection vulnerabilities in mods/standard/gradebook/editmarks.php in ATutor 2.2 and earlier allow remote authenticated users with the ATPRIVGRADEBOOK privilege to execute arbitrary PHP code via the 1 asc or 2 desc parameter...

6.5CVSS7.6AI score0.02059EPSS
Exploits3References4
Prion
Prion
added 2015/11/16 7:59 p.m.17 views

Sql injection

Multiple eval injection vulnerabilities in mods/standard/gradebook/editmarks.php in ATutor 2.2 and earlier allow remote authenticated users with the ATPRIVGRADEBOOK privilege to execute arbitrary PHP code via the 1 asc or 2 desc parameter...

6.5CVSS8.1AI score0.02059EPSS
Exploits3References4Affected Software1
Cvelist
Cvelist
added 2015/11/16 7:0 p.m.22 views

CVE-2015-7712

Multiple eval injection vulnerabilities in mods/standard/gradebook/editmarks.php in ATutor 2.2 and earlier allow remote authenticated users with the ATPRIVGRADEBOOK privilege to execute arbitrary PHP code via the 1 asc or 2 desc parameter...

7.6AI score0.02059EPSS
Exploits3References4
CVE
CVE
added 2015/11/16 7:0 p.m.51 views

CVE-2015-7712

ATutor 2.2 and earlier contains a PHP code injection vulnerability in mods/_standard/gradebook/edit_marks.php that allows remote authenticated users with AT_PRIV_GRADEBOOK privilege to execute arbitrary PHP code via the asc or desc parameters. This is a classic eval/ injection flaw in the gradebo...

6.5CVSS7.8AI score0.02059EPSS
Exploits3References4Affected Software1
NVD
NVD
added 2015/10/15 8:59 p.m.12 views

CVE-2015-7729

Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors, aka SAP Security Note 2153892...

6.5CVSS7.4AI score0.0148EPSS
Exploits0References4
Prion
Prion
added 2015/10/15 8:59 p.m.16 views

Sql injection

Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors, aka SAP Security Note 2153892...

6.5CVSS7.8AI score0.0148EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2015/10/15 8:0 p.m.22 views

CVE-2015-7729

Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors, aka SAP Security Note 2153892...

7.4AI score0.0148EPSS
Exploits0References4
CVE
CVE
added 2015/10/15 8:0 p.m.45 views

CVE-2015-7729

CVE-2015-7729 affects SAP HANA Developer Edition DB Web-based Development Workbench, specifically the file test-net.xsjs . The vulnerability is an eval injection that allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors. This is associated with SAP Security Not...

6.5CVSS7.6AI score0.0148EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2015/09/17 11:12 p.m.5 views

CVE-2014-3700

eDeploy through at least 2014-10-14 has remote code execution due to eval of untrusted data...

9.8CVSS6.5AI score0.0284EPSS
Exploits1References1
exploitpack
exploitpack
added 2015/08/31 12:0 a.m.25 views

Ganglia Web Frontend 3.5.1 - PHP Code Execution

Ganglia Web Frontend 3.5.1 - PHP Code Execution...

7.5CVSS0.6AI score0.09944EPSS
Exploits5
Rows per page
Query Builder