25 matches found
CVE-2021-23374
This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...
CVE-2021-23359
This affects all versions of package port-killer. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...
CVE-2021-23352
This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image, .svg or .dot functions are called, is executed by the childprocess.exec function...
Sandbox Escape
Overview safe-eval is a Safer version of eval Affected versions of this package are vulnerable to Sandbox Escape. It is possible for an attacker to run an arbitrary command on the host machine. POC by Anirudh Anand for node 12.13.0 const safeEval = require'safe-eval'; const theFunction = function...
CVE-2004-2504
The CVE affects Alt-N Technologies MDaemon (7.2 and earlier, including 6.8). The GUI creates new files by launching child processes (e.g., NOTEPAD.EXE) with SYSTEM privileges, enabling local users with physical access to escalate privileges. Root cause is the GUI spawning and executing external e...