CVE-2018-16255

There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=evaluate. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in...

PT-2019-9287 · WordPress · Wp All Import

Name of the Vulnerable Software and Affected Versions: WP All Import plugin version 3.4.9 Description: The issue concerns an XSS vulnerability via the action=evaluate endpoint. It is noted that the vendor does not consider this a vulnerability, as the plugin can only be used by a logged-in...

FTW - Framework For Testing WAFs

This project was created by researchers from ModSecurity and Fastly to help provide rigorous tests for WAF rules. It uses the OWASP Core Ruleset V3 as a baseline to test rules on a WAF. Each rule from the ruleset is loaded into a YAML file that issues HTTP requests that will trigger these rules...

Olli Parviainen SoundTouch Denial of Service Vulnerability (CNVD-2018-20560)

Olli Parviainen SoundTouch is an open source audio processing library that is used to configure the speed, pitch, and playback rate of an audio stream or audio file, among other things. A security flaw exists in the 'FIRFilter::evaluateFilterMulti' function of the RateTransposer.cpp file of the...

NodeJS Debugger Command Injection Exploit

This Metasploit module uses the "evaluate" request type of the NodeJS V8 debugger protocol version 1 to evaluate arbitrary JS and call out to other system commands. The port default 5858 is not exposed non-locally in default configurations, but may be exposed either intentionally or via...

PT-2017-13024 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.12.9 Linux kernel versions prior to 4.9 Description: The issue is related to the acpi ns evaluate function in the Linux kernel, which does not properly flush the operand cache. This can cause a kernel stack...

The vulnerability of the Firefox ESR browser allows a malicious attacker to execute arbitrary code.

Mozilla Firefox ESR software contains a vulnerability in the nsJSThunk::EvaluateScript function. Exploiting this vulnerability allows an attacker to execute arbitrary code by manipulating the web notification API component...

emacs -- remote code execution vulnerability

Chong Yidong reports: Paul Ling has found a security flaw in the file-local variables code in GNU Emacs. When the Emacs user option enable-local-variables' is set to :safe' the default value is t, Emacs should automatically refuse to evaluate eval' forms in file-local variable sections. Due to th...

Ani Shell v1.3 Released -- Mail Bomber (with less spam detection) & PHP Decoder

Ani Shell v1.3 Released -- Mail Bomber with less spam detection & PHP Decoder Introduction Ani-Shell is a simple PHP shell with some unique features like Mass Mailer , A simple Web-Server Fuzzer , DDoser, Back Connect , Bind Shell etc etc ! This shell has immense capabilities and have been writte...

Microsoft Office Web Components OWC.Spreadsheet Evaluate method vulnerability

Added: 07/14/2009 CVE: CVE-2009-1136 BID: 35642 OSVDB: 55806 Background Microsoft Office Web Components OWC are a group of OLE classes implemented as ActiveX controls. Problem A memory corruption vulnerability allows command execution when a web page passes a specially crafted parameter to the...

PHP mb_ereg(i)_replace() Evaluate Replacement String Vulnerability

Exploit for multiple platform in category local exploits ================================================================== PHP mberegireplace Evaluate Replacement String Vulnerability ================================================================== mberegireplace evaluate replacement string...

SupportSoft DNA Editor Module (dnaedit.dll v6.9.2205) remote code execution exploit (IE6/7)

!-- SupportSoft DNA Editor Module dnaedit.dll v6.9.2205 remote code execution exploit IE6/7 by Nine:Situations:Group::bruiser vendor url: http://www.supportsoft.com/ our site: http://retrogod.altervista.org/ details: CLSID: 01110800-3E00-11D2-8470-0060089874ED Progid: Tioga.Editor.1 Binary Path:...

Design/Logic Flaw

The Evaluate LotusScript method in IBM Lotus Domino before 7.0.3 uses an incorrect security context for @ formula commands in some circumstances, which might allow remote authenticated users to gain privileges and obtain sensitive information...

CVE-2007-5700

The vulnerability (CVE-2007-5700) affects IBM Lotus Domino prior to 7.0.3. The Evaluate LotusScript method uses an incorrect security context for @ formula commands in some circumstances, which might allow remote authenticated users to gain privileges and obtain sensitive information. Affected co...