185 matches found
CVE-2021-23348 Arbitrary Command Injection
This affects the package portprocesses before 1.0.5. If attacker-controlled user input is given to the killProcess function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...
CVE-2021-23360
This affects the package killport before 1.0.2. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...
CVE-2021-23360 Arbitrary Command Injection
This affects the package killport before 1.0.2. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...
Input validation
This affects all versions of package port-killer. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...
CVE-2021-23356
This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...
Input validation
This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...
Design/Logic Flaw
This affects all versions of package ps-kill. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file. PoC provided by...
Command Injection
theme-core is vulnerable to command injection. An attacker may inject malicious command via the lib/utils.js. The vulnerability exists due to the insecure usage of the exec function with unsanitized values...
OS Command Injection
gfc is vulnerable to OS command injection. The vulnerability exists through the lack of sanitization of the options argument which leads to passing of untrusted user input to an exec function call...
OS Command Injection
@knutkirkhorn/free-space is vulnerable to OS command injection. The vulnerability exists as command injection is possible through the usage of the user controlled variable, $disk, which is passed into the exec function without validation...
OS Command Injection
standard-version is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands on the system due to passing of untrusted user input without validation through the exec function...
CVE-2020-7688
The issue occurs because tagName user input is formatted inside the exec function is executed without any checks...
CVE-2020-7688
The issue occurs because tagName user input is formatted inside the exec function is executed without any checks...
Design/Logic Flaw
The issue occurs because tagName user input is formatted inside the exec function is executed without any checks...
CVE-2020-7688 Command Injection
The issue occurs because tagName user input is formatted inside the exec function is executed without any checks...
CVE-2020-7688
The CVE-2020-7688 issue affects the npm package mversion . The vulnerability arises because the value of the input field tagName is formatted into a call to exec() without validation, enabling potential command injection. A proof-of-concept demonstrates injecting shell commands via tagName, illus...
The vulnerability of the exec function in the npm-programmatic package manager NPM allows a hacker to execute arbitrary code.
The vulnerability of the exec function in the npm-programmatic package manager NPM is related to the lack of security measures for handling web page structures. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted malicious package...
Design/Logic Flaw
An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings internally called excludeip. This excludeip value is passed to the...
CVE-2020-12078
An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings internally called excludeip. This excludeip value is passed to the...
CVE-2020-12078
CVE-2020-12078 - Open-AudIT 3.3.1 : A shell metacharacter injection flaw exists in the open-audit/configuration/ URI. The exclude_ip value from global discovery settings is passed to an unfiltered exec in discoveries_helper.php (inside all_ip_list), allowing a payload to execute commands. Connect...