2694 matches found
Command Injection
Overview im-metadata is a package to retrieve image metadata as a JSON object using ImageMagick's identify command. Affected versions of this package are vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the metadata options which is given to the exec functio...
Privilege Escalation
github.com/hashicorp/nomad is vulnerable to privilege escalation. The vulnerability exists as the exec driver has improper setuid permissions...
Command Injection
Overview All versions of traceroute are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to an exec call, which may allow attackers to execute arbitrary code in the system. The trace function is vulnerable and can be abused if the host value is controlle...
CVE-2019-10783
All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input...
CVE-2019-10783
All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input...
Command injection
All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input...
CVE-2019-10783
All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input...
Command Injection
Overview lsof is a lsof processor for node. Affected versions of this package are vulnerable to Command Injection. Multiple areas of the package is vulnerable to command injection. Every exported method used by the packages uses the exec function to parse user input. PoC by JHU System Security La...
Centreon 19.10.5 Remote Command Execution
Exploit Title: Centreon 19.10.5 - Remote Command Execution Date: 2020-01-27 Exploit Author: Fabien AUNAY, Omri BASO Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested on: CentOS 7 CVE : - Centreon 19.10.5 Remote Command Execution...
Torrent 3GP Converter 1.51 - Stack Overflow (SEH) Exploit
Exploit Title: Torrent 3GP Converter 1.51 - Stack Overflow SEH Exploit Author: boku Software Vendor: torrentrockyou Vendor Homepage: http://www.torrentrockyou.com Software Link: http://www.torrentrockyou.com/download/tr3gpconverter.exe Version: Torrent 3GP Converter Version 1.51 Build 116 Tested...
Huawei EulerOS: Security Advisory for libvirt (EulerOS-SA-2019-1796)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Command Injection
Overview All versions of meta-git are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to an exec call, which may allow attackers to execute arbitrary code in the system. The clone command is vulnerable through the branch name. Recommendation No fix is...
Remote Code Execution
meta-git is vulnerable to remote code execution. User input is formatted without validation and sanitization inside a command that is subsequently executed using exec in metaGitUpdate.js...
Arbitrary Code Injection
hot-formula-parser is vulnerable to arbitrary code injection. The vulnerability exists due to the lack of sanitization of the value of yytext, which is used in the exec command...
Command Injection
devcert-sanscache is vulnerable to OS command injection. The commonName parameter used to generate a developer SSL certificate is not validated and sanitized, allowing for command injection as the value is subsequently passed into an exec function...
Arbitrary Command Injection
aws-lambda is vulnerable to arbitrary command injection. The vulnerability exists due to the lack of sanitization on the value of config.FunctionName, allowing injection payloads to reach the exec function...
CVE-2019-10778
devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable commonName controlled by user input is used as part of the exec function without any sanitization...
CVE-2019-10778
devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable commonName controlled by user input is used as part of the exec function without any sanitization...
Unspecified Vulnerability in MojoHaus Exec Maven plugin for Maven
MojoHaus Exec Maven plugin for Maven is a use in Maven software project management and automated build tools to support the execution of Java programs in the plug-in . A security vulnerability exists in MojoHaus Exec Maven plugin for Maven version 1.1.1. The vulnerability can be exploited by an...
Command Injection
Overview aws-lambda is a command line tool deploy code to AWS Lambda. Affected versions of this package are vulnerable to Command Injection. The config.FunctioName is used to construct the argument used within the exec function without any sanitization. It is possible for a user to inject arbitra...