EUVD-2007-2494

Malware in sbrugna...

Rego Code Injection

github.com/open-policy-agent/opa is vulnerable to Rego code injection. The vulnerability is due to unsanitized HTTP request paths being used to construct Rego queries during policy evaluation, allowing attackers to inject Rego code...

CVE-2023-22320

OpenAM Web Policy Agent OpenAM Consortium Edition provided by OpenAM Consortium parses URLs improperly, leading to a path traversal vulnerabilityCWE-22. Furthermore, a crafted URL may be evaluated incorrectly...

CVE-2022-29255 Multiple evaluation of contract address in call in vyper

Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions prior to 0.3.4 when a calling an external contract with no return value, the contract address including side effects could be evaluated twice. This may result in incorrect outcomes for contracts. This issue...

Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2022-1549)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for Expression Language Injection in Apache Struts

CVE-2021-31805 PoC for CVE-2021-31805 Apache Struts2 CVE-20...

The vulnerability of the eval function in the Python library for secure private machine learning, PySyft, allows a hacker to execute arbitrary code.

The vulnerability of the eval function in the Python library for secure private machine learning, PySyft, is related to insufficient validation of the data provided by users. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by sending a specially crafted...

eFront 3.6.15: Steal your professors password

RIPS Analysis Our SAST tool RIPS analyzed the whole application in only 1m 32s and uncovered many severe security issues. Most of them are straight-forward SQL Injections that can be used to extract confidential user data, such as passwords, private messages, course results, and personal...

PHPMoAdmin 1.1.2 Remote Code Execution Exploit

This Metasploit module exploits an arbitrary PHP command execution vulnerability due to a dangerous use of eval in PHPMoAdmin. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4...

Fedora 17 : emacs-24.1-4.fc17 (2012-11876)

CVE-2012-3479 emacs: Evaluation of 'eval' forms in file-local variable sections, when 'enable-local-variables' set to ':safe' Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean a...