Lucene search
K

2745 matches found

OSV
OSV
added 2020/02/28 9:15 p.m.18 views

CVE-2019-10801

enpeem through 2.2.0 allows execution of arbitrary commands. The "options.dir" argument is provided to the "exec" function without any sanitization...

9.8CVSS7AI score
Exploits0References2
Prion
Prion
added 2020/02/28 9:15 p.m.20 views

Input validation

serial-number through 1.3.0 allows execution of arbritary commands. The "cmdPrefix" argument in serialNumber function is used by the "exec" function without any validation...

7.5CVSS9.5AI score0.02767EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2020/02/27 12:0 a.m.130 views

CVE-2020-6418

Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Recent assessments: J3rryBl4nks at March 04, 2020 4:42pm UTC reported: You would have to chain this vulnerability with a working sandbox escape in...

8.8CVSS0.3AI score0.78808EPSS
In wildExploits6References9
OSV
OSV
added 2020/02/20 11:15 p.m.13 views

CVE-2020-5242

openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user running openHAB. Starting with version 2.5.2 all commands need to be whitelisted in a local file...

8.8CVSS7.6AI score
Exploits0References2
CVE
CVE
added 2020/02/20 10:55 p.m.93 views

CVE-2020-5242

openHAB prior to 2.5.2 is affected. A remote attacker can use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands with the privileges of the openHAB user. The root cause is lack of proper enforcement of command installation via REST until 2.5.2. Fi...

9.3CVSS8.5AI score0.01973EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/02/19 5:29 p.m.13 views

GHSA-5Q88-CJFQ-G2MH codecov NPM module allows remote attackers to execute arbitrary commands

codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596...

8.8CVSS8.8AI score0.03805EPSS
Exploits2References3
NVD
NVD
added 2020/02/17 7:15 p.m.29 views

CVE-2020-7597

codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596...

8.8CVSS9.3AI score0.02918EPSS
Exploits1References2
OSV
OSV
added 2020/02/17 7:15 p.m.22 views

CVE-2020-7597

codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596...

8.8CVSS9.5AI score
Exploits0References2
OSV
OSV
added 2020/02/04 9:15 p.m.23 views

CVE-2019-10788

im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function...

9.8CVSS7.8AI score
Exploits0References2
Prion
Prion
added 2020/02/04 9:15 p.m.20 views

Code injection

im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function...

7.5CVSS9.8AI score0.02415EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/02/04 8:6 p.m.46 views

CVE-2019-10788

im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function...

9.9AI score0.02415EPSS
Exploits1References2
Snyk
Snyk
added 2020/02/04 2:15 p.m.2 views

Command Injection

Overview im-metadata is a package to retrieve image metadata as a JSON object using ImageMagick's identify command. Affected versions of this package are vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the metadata options which is given to the exec functio...

9.8CVSS5.7AI score0.02415EPSS
Exploits1References2
Veracode
Veracode
added 2020/02/03 6:17 a.m.14 views

Privilege Escalation

github.com/hashicorp/nomad is vulnerable to privilege escalation. The vulnerability exists as the exec driver has improper setuid permissions...

4.1AI score
Exploits0
Node.js
Node.js
added 2020/01/30 8:25 p.m.17 views

Command Injection

Overview All versions of traceroute are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to an exec call, which may allow attackers to execute arbitrary code in the system. The trace function is vulnerable and can be abused if the host value is controlle...

7.8AI score
Exploits0Affected Software1
OSV
OSV
added 2020/01/29 10:15 p.m.4 views

CVE-2019-10783

All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input...

9.8CVSS5.8AI score0.02642EPSS
Exploits1References1
NVD
NVD
added 2020/01/29 10:15 p.m.31 views

CVE-2019-10783

All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input...

9.8CVSS9.6AI score0.02642EPSS
Exploits1References1
Prion
Prion
added 2020/01/29 10:15 p.m.24 views

Command injection

All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input...

7.5CVSS9.5AI score0.02642EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/01/29 9:7 p.m.38 views

CVE-2019-10783

All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input...

9.7AI score0.02642EPSS
Exploits1References1
Snyk
Snyk
added 2020/01/29 1:19 p.m.5 views

Command Injection

Overview lsof is a lsof processor for node. Affected versions of this package are vulnerable to Command Injection. Multiple areas of the package is vulnerable to command injection. Every exported method used by the packages uses the exec function to parse user input. PoC by JHU System Security La...

9.8CVSS7.2AI score0.02642EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2020/01/28 12:0 a.m.162 views

Centreon 19.10.5 Remote Command Execution

Exploit Title: Centreon 19.10.5 - Remote Command Execution Date: 2020-01-27 Exploit Author: Fabien AUNAY, Omri BASO Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested on: CentOS 7 CVE : - Centreon 19.10.5 Remote Command Execution...

0.1AI score
Exploits0
Rows per page
Query Builder