CVE-2021-23360 Arbitrary Command Injection

This affects the package killport before 1.0.2. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...

CVE-2021-23360

This affects the package killport before 1.0.2. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...

GHSA-7QMM-Q394-FMCH Command Injection in ps-kill

This affects all versions of package ps-kill. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file. PoC provided by...

Command Injection in ps-kill

This affects all versions of package ps-kill. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file. PoC provided by...

GHSA-QC65-CGVR-93P6 Code injection in kill-process-by-name

This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...

CVE-2021-28110

/exec in TranzWare e-Commerce Payment Gateway TWEC PG before 3.1.27.5 had a vulnerability in its XML parser...

Input validation

This affects all versions of package port-killer. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...

CVE-2021-23359 Arbitrary Command Injection

This affects all versions of package port-killer. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...

Arbitrary Command Injection

kill-process-by-name is vulnerable to arbitrary command injection. The vulnerability exists due to the use of the childprocess exec function without input sanitization in the index.js file...

Remote Code Execution (RCE)

ps-kill is vulnerable to remote code execution. The childprocess exec function in index.js file does not sanitize the user-provided data to the kill function, allowing to execute malicious code via var pskill = require'ps-kill'; pskill.kill'$touch success',function;...

CVE-2021-23356

This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...

Input validation

This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...

Design/Logic Flaw

This affects all versions of package ps-kill. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file. PoC provided by...

CVE-2021-23355

CVE-2021-23355 affects all versions of the npm package ps-kill . The vulnerability arises from unsafely passing attacker-controlled input to Node.js’s child_process.exec in the index.js kill function, enabling arbitrary command execution. Proof-of-concept demonstrates invoking a shell command via...

CVE-2021-23356 Arbitrary Command Injection

This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...

CVE-2021-23356

This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...

OS Command Injection

portkiller is vulnerable to OS command injection. An attacker is able to inject and execute malicious command via the use of the childprocess exec function as it does not sanitize the input...

Amazon ECS Exec Now Works with Containers in AWS Fargate

Building in containers offers amazing benefits for development teams – speed, agility, flexibility, scalability, etc...

DEBIAN-CVE-2021-21381

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the "file forwarding" feature which can be used by an attacker to gain access to files that would not ordinarily be...

UBUNTU-CVE-2021-21381

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the "file forwarding" feature which can be used by an attacker to gain access to files that would not ordinarily be...