CVE-2014-8313

Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors...

Sql injection

Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors...

CVE-2014-8313

Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors...

CVE-2014-8313

The CVE-2014-8313 entry describes an evaluation (XSJX eval) injection flaw in SAP HANA’s Developer Workbench, specifically in ide/core/base/server/net.xsjs, enabling remote code execution through unspecified vectors. The vulnerability affects the Developer Workbench component of SAP HANA and is t...

Design/Logic Flaw

Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration...

CVE-2014-3593

Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration...

CVE-2014-3593

The CVE-2014-3593 entry concerns luci, affected up to version 0.26.0, where an eval() on cluster configuration inputs could be exploited by remote authenticated users with certain permissions to execute arbitrary Python code. Multiple trusted sources (Red Hat RHSA-2014:1390, CentOS/OSS advisories...

PT-2014-5409 · Google +2 · Luci +2

Name of the Vulnerable Software and Affected Versions: luci version 0.26.0 Description: The issue allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration. Recommendations: For luci version 0.26.0, update to a version that fix...

Twiki Perl 4.x, 5.x, 6.x Upload Bypass / Code Execution Vulnerabilities

The debugenableplugins request parameter in Twiki versions 4.x, 5.x, and 6.0.0 allows arbitrary Perl code execution and suffer from a file upload bypass vulnerability. This is an advisory for TWiki administrators: The debugenableplugins request parameter allows arbitrary Perl code execution...

Design/Logic Flaw

Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors...

CVE-2014-7205

Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors...

CVE-2014-7205

The Bassmaster Node.js plugin for the Hapi server contains CVE-2014-7205: an eval-based injection in the internals.batch function (lib/batch.js) before version 1.5.2, enabling remote arbitrary JavaScript execution. Documents show affected version range is bassmaster

Foreman: app/controllers/bookmarks_controller.rb remote code execution

Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute...

ActualAnalyzer Lite 2.81 - Command Execution

ActualAnalyzer Lite 2.81 - Command Execution ActualAnalyzer exploit. Tested on Lite version We load command into a dummy variable as we only have 6 characters to own the eval but load more as first 2 characters get rm'd. We then execute the eval with backticks. 11/05/2011 import urllib import...

ActualAnalyzer Lite 2.81 - Unauthenticated Command Execution Exploit

ActualAnalyzer remote command execution exploit that leverages an eval. ActualAnalyzer exploit. Tested on Lite version We load command into a dummy variable as we only have 6 characters to own the eval but load more as first 2 characters get rm'd. We then execute the eval with backticks. 11/05/20...

XSS when adding Stash Linked Repositories

Stash server title in the "Stash server" dropdown is not being escaped and if it contains a script tag that script will be eval'd. Our Stash QA test data has the server title "Welcome to alert666 Long Ståш Title with ..." which causes the "666" to alert when the "Add repository" button is clicked...

LoveCMS 1.6.2 - CSRF Code Injection Vulnerability

No description provided by source. Exploit Title : LoveCMS 1.6.2 - CSRF Code Injection Vulnerability Script : LoveCMS 1.6.2 Language : PHP Download : http://sourceforge.net/project/showfiles.php?groupid=168535 Date : 2010/12/27 Dork : Powered by LoveCMS Found : by hiphop contact me...

123 Flash Chat 5.0 - Remote Code Injection Weakness

No description provided by source. source: http://www.securityfocus.com/bid/16360/info 123 Flash Chat is prone to an arbitrary code injection weakness. An attacker can influence the value of a variable that is insecurely passed to an 'eval' call. Successful exploitation may allow attackers to tak...

phpFox <= 3.0.1 (ajax.php) Remote Command Execution Exploit

No description provided by source. ?php / ----------------------------------------------------------- phpFox = 3.0.1 ajax.php Remote Command Execution Exploit ----------------------------------------------------------- author.............: Egidio Romano aka EgiX mail...............:...

Dolphin <= 7.0.7 (member_menu_queries.php) Remote PHP Code Injection

No description provided by source. ?php / ---------------------------------------------------------------------------- Dolphin = 7.0.7 membermenuqueries.php Remote PHP Code Injection Exploit ---------------------------------------------------------------------------- author...............: EgiX...