CVE-2020-7688

The issue occurs because tagName user input is formatted inside the exec function is executed without any checks...

Design/Logic Flaw

The issue occurs because tagName user input is formatted inside the exec function is executed without any checks...

CVE-2020-7688 Command Injection

The issue occurs because tagName user input is formatted inside the exec function is executed without any checks...

CVE-2020-7688

The CVE-2020-7688 issue affects the npm package mversion . The vulnerability arises because the value of the input field tagName is formatted into a call to exec() without validation, enabling potential command injection. A proof-of-concept demonstrates injecting shell commands via tagName, illus...

Design/Logic Flaw

An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings internally called excludeip. This excludeip value is passed to the...

CVE-2020-12078

An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings internally called excludeip. This excludeip value is passed to the...

CVE-2020-12078

CVE-2020-12078 - Open-AudIT 3.3.1 : A shell metacharacter injection flaw exists in the open-audit/configuration/ URI. The exclude_ip value from global discovery settings is passed to an unfiltered exec in discoveries_helper.php (inside all_ip_list), allowing a payload to execute commands. Connect...

OS Command Injection

npm-programmatic is vulnerable to OS command injection. The packages and option properties are concatenated and directly passed to an exec function...

OS Command Injection in devcert-sanscache

devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable commonName controlled by user input is used as part of the exec function without any sanitization...

CVE-2020-7614

npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly...

Command injection

npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly...

CVE-2020-7614

npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly...

Command injection

rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped...

CVE-2020-10879

rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped...

OS Command Injection

closure-compiler-stream is vulnerable to OS command injection. The args options are passed to the exec function without any validation and sanitization, allowing an attacker to inject and execute arbitrary OS commands...

OS Command Injection

docker-compose-remote-api is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands via the serviceName parameter due to lack of validation before passing to the exec function...

CVE-2020-7601

gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the "exec" function located in "src/command.js" via the provided options...

Command Injection

Overview gulp-scss-lint is a Lint your .scss files. Affected versions of this package are vulnerable to Command Injection. It is possible to inject arbitrary commands to the exec function located in src/command.js via the provided options. PoC by JHU System Security Lab var root =...

CVE-2019-9859

Vesta Control Panel VestaCP 0.9.7 through 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. The platform works with PHP as the frontend language and uses shell scripts to execute system actions. PHP executes shell script through the...

CVE-2019-9859

Vesta Control Panel VestaCP 0.9.7 through 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. The platform works with PHP as the frontend language and uses shell scripts to execute system actions. PHP executes shell script through the...