Lucene search
K

185 matches found

Cvelist
Cvelist
added 2021/03/31 2:25 p.m.19 views

CVE-2021-23348 Arbitrary Command Injection

This affects the package portprocesses before 1.0.5. If attacker-controlled user input is given to the killProcess function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

6.3CVSS9.2AI score0.0182EPSS
Exploits1References4
NVD
NVD
added 2021/03/21 4:15 p.m.23 views

CVE-2021-23360

This affects the package killport before 1.0.2. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...

8.8CVSS0.0234EPSS
Exploits1References3
Cvelist
Cvelist
added 2021/03/21 3:45 p.m.30 views

CVE-2021-23360 Arbitrary Command Injection

This affects the package killport before 1.0.2. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...

7.5CVSS9.2AI score0.0234EPSS
Exploits1References3
Prion
Prion
added 2021/03/18 1:15 p.m.18 views

Input validation

This affects all versions of package port-killer. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...

6.5CVSS9AI score0.01654EPSS
Exploits1References2
NVD
NVD
added 2021/03/15 5:15 p.m.36 views

CVE-2021-23356

This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...

9.8CVSS0.01146EPSS
Exploits1References1
Prion
Prion
added 2021/03/15 5:15 p.m.20 views

Input validation

This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...

7.5CVSS9.6AI score0.01146EPSS
Exploits1References1
Prion
Prion
added 2021/03/15 5:15 p.m.20 views

Design/Logic Flaw

This affects all versions of package ps-kill. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file. PoC provided by...

7.5CVSS9.6AI score0.01201EPSS
Exploits1References1
Veracode
Veracode
added 2021/02/24 2:3 a.m.13 views

Command Injection

theme-core is vulnerable to command injection. An attacker may inject malicious command via the lib/utils.js. The vulnerability exists due to the insecure usage of the exec function with unsanitized values...

4.1AI score
Exploits0References1Affected Software1
Veracode
Veracode
added 2020/10/28 4:15 a.m.10 views

OS Command Injection

gfc is vulnerable to OS command injection. The vulnerability exists through the lack of sanitization of the options argument which leads to passing of untrusted user input to an exec function call...

2.5AI score
Exploits0
Veracode
Veracode
added 2020/09/21 1:22 a.m.8 views

OS Command Injection

@knutkirkhorn/free-space is vulnerable to OS command injection. The vulnerability exists as command injection is possible through the usage of the user controlled variable, $disk, which is passed into the exec function without validation...

4AI score
Exploits0
Veracode
Veracode
added 2020/07/15 5:52 a.m.14 views

OS Command Injection

standard-version is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands on the system due to passing of untrusted user input without validation through the exec function...

4.5AI score
Exploits0
NVD
NVD
added 2020/07/01 5:15 p.m.24 views

CVE-2020-7688

The issue occurs because tagName user input is formatted inside the exec function is executed without any checks...

8.4CVSS0.0055EPSS
Exploits1References3
OSV
OSV
added 2020/07/01 5:15 p.m.21 views

CVE-2020-7688

The issue occurs because tagName user input is formatted inside the exec function is executed without any checks...

7.8CVSS6.9AI score
Exploits0References3
Prion
Prion
added 2020/07/01 5:15 p.m.18 views

Design/Logic Flaw

The issue occurs because tagName user input is formatted inside the exec function is executed without any checks...

4.6CVSS7.6AI score0.0055EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/07/01 4:15 p.m.30 views

CVE-2020-7688 Command Injection

The issue occurs because tagName user input is formatted inside the exec function is executed without any checks...

8.4CVSS8.4AI score0.0055EPSS
Exploits1References3
CVE
CVE
added 2020/07/01 4:15 p.m.63 views

CVE-2020-7688

The CVE-2020-7688 issue affects the npm package mversion . The vulnerability arises because the value of the input field tagName is formatted into a call to exec() without validation, enabling potential command injection. A proof-of-concept demonstrates injecting shell commands via tagName, illus...

8.4CVSS7.8AI score0.0055EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/06/26 12:0 a.m.5 views

The vulnerability of the exec function in the npm-programmatic package manager NPM allows a hacker to execute arbitrary code.

The vulnerability of the exec function in the npm-programmatic package manager NPM is related to the lack of security measures for handling web page structures. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted malicious package...

3.6CVSS8.2AI score0.03516EPSS
Exploits1References6Affected Software1
Prion
Prion
added 2020/04/28 2:15 p.m.22 views

Design/Logic Flaw

An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings internally called excludeip. This excludeip value is passed to the...

9CVSS8.7AI score0.09999EPSS
Exploits3References4Affected Software1
Cvelist
Cvelist
added 2020/04/28 1:26 p.m.60 views

CVE-2020-12078

An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings internally called excludeip. This excludeip value is passed to the...

8.7AI score0.09999EPSS
Exploits3References4
CVE
CVE
added 2020/04/28 1:26 p.m.68 views

CVE-2020-12078

CVE-2020-12078 - Open-AudIT 3.3.1 : A shell metacharacter injection flaw exists in the open-audit/configuration/ URI. The exclude_ip value from global discovery settings is passed to an unfiltered exec in discoveries_helper.php (inside all_ip_list), allowing a payload to execute commands. Connect...

9CVSS8.7AI score0.09999EPSS
Exploits3References4Affected Software1
Rows per page
Query Builder