Lucene search
K

185 matches found

Github Security Blog
Github Security Blog
added 2021/05/07 4:6 p.m.78 views

Command Injection in ps-visitor

This affects all versions up to and including version 0.0.2 of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

9.8CVSS5.8AI score0.01336EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/07 4:6 p.m.85 views

Command Injection in picotts

This affects all versions up to and including version 0.1.1 of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

9.8CVSS5.8AI score0.01943EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2021/05/07 5:15 a.m.19 views

OS Command Injection

git-parse is vulnerable to OS command injection. Untrusted input in gitDiff is passed into an exec function without validation, allowing an attacker to execute arbitrary OS commands on the host OS...

8.8CVSS4.4AI score0.02462EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/06 3:55 p.m.44 views

Command Injection in ffmpegdotjs

This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

9.8CVSS6.7AI score0.01943EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2021/04/27 6:15 p.m.9 views

Design/Logic Flaw

HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the 'setcommandon' and 'setcommandoff' POST parameters in...

8.5CVSS8.2AI score0.01059EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2021/04/27 5:51 p.m.20 views

CVE-2020-22000

HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the 'setcommandon' and 'setcommandoff' POST parameters in...

8.3AI score0.01059EPSS
Exploits2References2
CVE
CVE
added 2021/04/27 5:51 p.m.54 views

CVE-2020-22000

CVE-2020-22000 affects HomeAutomation 3.3.2. An authenticated OS command execution vulnerability exists in the customcommand v0.1 plugin, exploitable via CSRF to run arbitrary shell commands as the web user through unsanitized PHP exec() calls in /system/systemplugins/customcommand/customcommand....

8.5CVSS8.2AI score0.01059EPSS
Exploits2References2Affected Software1
Veracode
Veracode
added 2021/04/19 5:31 a.m.19 views

Arbitrary Command Execution

ffmpegdotjs is vulnerable to arbitrary command execution. Untrusted user input is passed into the trimvideo function and subsequently parsed in exec function. This allows an attacker to execute arbitrary commands on the host OS...

9.8CVSS6.2AI score0.01943EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2021/04/18 7:15 p.m.46 views

CVE-2021-23374

This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

9.8CVSS0.01336EPSS
Exploits1References2
Prion
Prion
added 2021/04/18 7:15 p.m.16 views

Input validation

This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

7.5CVSS9.7AI score0.01336EPSS
Exploits1References2
Prion
Prion
added 2021/04/18 7:15 p.m.29 views

Design/Logic Flaw

This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input...

7.5CVSS7.4AI score0.01151EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/04/18 6:40 p.m.36 views

CVE-2021-23376 Arbitrary Command Injection

This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

9.8CVSS9.9AI score0.01943EPSS
Exploits1References2
OSV
OSV
added 2021/04/13 3:32 p.m.29 views

GHSA-MM4F-47CH-F7HX Arbitrary code execution in kill-by-port

This affects the package kill-by-port before 0.0.2. If attacker-controlled user input is given to the killByPort function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

6.3CVSS8.9AI score0.01765EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2021/04/13 3:23 p.m.50 views

OS Command Injection in rpi

rpi through 0.0.3 allows execution of arbritary commands. The variable pinNumbver in function GPIO within src/lib/gpio.js is used as part of the arguement of exec function without any sanitization...

9.8CVSS4AI score0.02688EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2021/04/13 3:20 p.m.18 views

GHSA-2548-Q746-X5X6 Code injection in port-killer

This affects all versions of package port-killer. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...

7.5CVSS9AI score0.01654EPSS
Exploits1References3
OSV
OSV
added 2021/04/13 3:17 p.m.74 views

GHSA-WHQ6-MJ2R-MJQC OS Command Injection in lsof

All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input...

9.8CVSS9.6AI score0.02642EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2021/04/13 3:17 p.m.45 views

OS Command Injection in lsof

All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input...

9.8CVSS4AI score0.02642EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/13 3:17 p.m.35 views

OS Command Injection in im-metadata

im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function...

9.8CVSS8.3AI score0.02415EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/13 3:16 p.m.26 views

Command Injection in killport

This affects the package killport before 1.0.2. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...

8.8CVSS3AI score0.0234EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2021/03/31 3:15 p.m.11 views

CVE-2021-23348

This affects the package portprocesses before 1.0.5. If attacker-controlled user input is given to the killProcess function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

8.8CVSS7.5AI score
Exploits0References4
Rows per page
Query Builder