R818 代码问题漏洞

Allwinner Technology R818 is a quad-core intelligent voice with screen chip from Allwinner Technology Zhuhai, China. A security vulnerability exists in the Allwinner R818 SoC Android Q SDK V1.0, which originates from a NULL pointer dereference in the open exec function that could execute a...

GHSA-792J-9WJ3-J634 Command injection in github-todos

naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the hook subcommand is concatenated without any validation, and is directly used by the exec function...

Command injection in github-todos

naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the hook subcommand is concatenated without any validation, and is directly used by the exec function...

CVE-2021-44684

naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the hook subcommand is concatenated without any validation, and is directly used by the exec function...

CVE-2021-44684

naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the hook subcommand is concatenated without any validation, and is directly used by the exec function...

Command injection

naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the hook subcommand is concatenated without any validation, and is directly used by the exec function...

Github-Todos 操作系统命令注入漏洞

Github-Todos is used to convert Todo to Github issues by the French individual developer Nicolas Chambrier. A security vulnerability exists in naholyr github-todos 3.1.0, which stems from the range parameter of the hook subcommand being concatenated without any validation and used directly by the...

CVE-2021-44684

naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the hook subcommand is concatenated without any validation, and is directly used by the exec function...

Command injection

rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without being escaped...

PT-2021-10845 · Rconfig · Rconfig

Name of the Vulnerable Software and Affected Versions: rConfig version 3.9.5 Description: The issue allows command injection by sending a crafted GET request to "lib/ajaxHandlers/ajaxArchiveFiles.php" since the path parameter is passed directly to the exec function without being escaped...

GHSA-6M8P-4FXJ-PGC2 OS Command Injection in mversion

The issue occurs because tagName user input is formatted inside the exec function is executed without any checks...

OS Command Injection in mversion

The issue occurs because tagName user input is formatted inside the exec function is executed without any checks...

GHSA-G4HJ-R7R3-9RWV OS Command Injection in gulp-scss-lint

gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the "exec" function located in "src/command.js" via the provided options...

OS Command Injection in docker-compose-remote-api

docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within index.js of the package, the function execserviceName, cmd, fnStdout, fnStderr, fnExit uses the variable serviceName which can be controlled by users without any sanitization...

Command Injection in ps-visitor

This affects all versions up to and including version 0.0.2 of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

Command Injection in picotts

This affects all versions up to and including version 0.1.1 of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

OS Command Injection

git-parse is vulnerable to OS command injection. Untrusted input in gitDiff is passed into an exec function without validation, allowing an attacker to execute arbitrary OS commands on the host OS...

Command Injection in ffmpegdotjs

This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

Design/Logic Flaw

HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the 'setcommandon' and 'setcommandoff' POST parameters in...

CVE-2020-22000

HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the 'setcommandon' and 'setcommandoff' POST parameters in...