17 matches found
Arbitrary Code Injection
Overview org.webjars.npm:happy-dom is a Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. It includes many web standards from WHATWG DOM and HTML. Affected versions of this package are vulnerable to Arbitrary Code Injection due to default evaluation o...
Arbitrary Code Injection
Overview happy-dom is a Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. It includes many web standards from WHATWG DOM and HTML. Affected versions of this package are vulnerable to Arbitrary Code Injection due to default evaluation of code from...
EUVD-2020-0009
Malware in sbrugna...
CVE-2014-2686
Ansible prior to 1.5.4 mishandles the evaluation of some strings...
CVE-2024-52552
The CVE-2024-52552 issue affects the Jenkins Authorize Project Plugin (versions ≤ 1.7.2). The root cause is that the plugin evaluates a string containing the job name with JavaScript on the Authorization view, causing a stored XSS vulnerability. Exploitation requires Item/Configure permissions. T...
SUSE CVE-2016-6185
The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory...
python-reportlab security update
2.3-3.el610.1 - Do not eval strings passed to toColor - Resolves: 1788551...
DEBIAN-CVE-2014-2686
Ansible prior to 1.5.4 mishandles the evaluation of some strings...
CVE-2014-2686
Ansible prior to 1.5.4 mishandles the evaluation of some strings...
UBUNTU-CVE-2014-2686
Ansible prior to 1.5.4 mishandles the evaluation of some strings...
CVE-2014-2686
Ansible prior to 1.5.4 mishandles the evaluation of some strings...
PYSEC-2020-198
Ansible prior to 1.5.4 mishandles the evaluation of some strings...
CVE-2014-2686
Ansible prior to 1.5.4 mishandles the evaluation of some strings...
CVE-2018-7784
In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running...
UBUNTU-CVE-2016-6185
The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory...
PT-2016-6790 · Perl +2 · Xloader +2
Name of the Vulnerable Software and Affected Versions: Perl affected versions not specified Description: The XSLoader::load method in XSLoader does not properly locate .so files when called in a string eval. This might allow local users to execute arbitrary code via a Trojan horse library under t...
keystonemiddleware/keystoneclient: S3Token TLS cert verification option not honored
It was discovered that some items in the S3Token paste configuration as used by python-keystonemiddleware formerly python-keystoneclient were incorrectly evaluated as strings, an issue similar to CVE-2014-7144. If the "insecure" option were set to "false", the option would be evaluated as true,...