CVE-2019-9859

Vesta Control Panel VestaCP 0.9.7 through 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. The platform works with PHP as the frontend language and uses shell scripts to execute system actions. PHP executes shell script through the...

Enpeem Command Execution Vulnerability

Enpeem is a lightweight package for programmatically accessing NPM. A security vulnerability exists in Enpeem 2.2.0 and earlier versions, which originates when the program sends the 'options.dir' parameter directly to the 'exec' function without performing any cleanup operations. The vulnerabilit...

Remote Code Execution (RCE)

enpeem is vulnerable to remote code execution. The attack is possible because the options.dir values are not escaped, allowing an attacker to inject and execute arbitrary commands via the exec function...

OS Command Injection

serial-number is vulnerable to OS command injection. The vulnerability exists as the values of cmdPrefix is improperly handled, allowing it to be passed into the exec function unsanitized...

CVE-2019-10804

serial-number through 1.3.0 allows execution of arbritary commands. The "cmdPrefix" argument in serialNumber function is used by the "exec" function without any validation...

CVE-2019-10801

enpeem through 2.2.0 allows execution of arbitrary commands. The "options.dir" argument is provided to the "exec" function without any sanitization...

Input validation

serial-number through 1.3.0 allows execution of arbritary commands. The "cmdPrefix" argument in serialNumber function is used by the "exec" function without any validation...

GHSA-5Q88-CJFQ-G2MH codecov NPM module allows remote attackers to execute arbitrary commands

codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596...

CVE-2020-7597

codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596...

CVE-2020-7597

codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596...

CVE-2019-10788

im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function...

Code injection

im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function...

CVE-2019-10788

im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function...

Command Injection

Overview im-metadata is a package to retrieve image metadata as a JSON object using ImageMagick's identify command. Affected versions of this package are vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the metadata options which is given to the exec functio...

CVE-2019-10783

All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input...

Command injection

All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input...

Command Injection

devcert-sanscache is vulnerable to OS command injection. The commonName parameter used to generate a developer SSL certificate is not validated and sanitized, allowing for command injection as the value is subsequently passed into an exec function...

Arbitrary Command Injection

aws-lambda is vulnerable to arbitrary command injection. The vulnerability exists due to the lack of sanitization on the value of config.FunctionName, allowing injection payloads to reach the exec function...

CVE-2019-10778

devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable commonName controlled by user input is used as part of the exec function without any sanitization...

CVE-2019-10778

devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable commonName controlled by user input is used as part of the exec function without any sanitization...