Node.js third-party modules: [@knutkirkhorn/free-space] - Command Injection through Lack of Sanitization

I would like to report Command Injection in the free-space module. It allows arbitrary shell command execution on Unix-based systems Module module name: free-space version: 1.2.0 npm page: https://www.npmjs.com/package/free-space Module Description Get the amount of free space for a drive Module...

CVE-2020-8149

The CVE-2020-8149 issue affects the logkitty npm package prior to version 0.7.1. Root cause: lack of output sanitization leads to code injection where an attacker can cause arbitrary shell commands to be executed. Impact: remote code execution via logkitty when processing log output, enabling att...

CVE-2020-8149

Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1...

Opmantek Open-AudIT Injection Vulnerability

Opmantek Open-AudIT is an open source network discovery and auditing program from Opmantek USA. The program intelligently scans networks and network devices and provides status reports. Opmantek Open-AudIT suffers from an injection vulnerability. An attacker can exploit this vulnerability to inje...

CVE-2020-5868

CVE-2020-5868 is a remote command execution vulnerability in F5 BIG‑IQ Centralized Management that leverages the Grafana component. Affected versions include BIG-IQ Centralized Management 6.0.0–6.1.0 and 7.x (e.g., 7.0.x); exploitation could allow a remote attacker to run local shell commands via...

CVE-2019-20773

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. Unprivileged applications can execute shell commands via the connectivity service. The LG ID is LVE-SMP-190008 August 2019...

UBUNTU-CVE-2019-14868

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those...

CVE-2020-5722

The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions befo...

Exploit for Improper Handling of Exceptional Conditions in Openbsd Opensmtpd

cve-2020-7247 Exploit Title: OpenSMTPD 6.6.2 - Remote Code Exe...

CVE-2013-1751

TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT%' parameter value containing Perl backtick characters...

CVE-2005-3056

TWiki is affected by CVE-2005-3056 due to an arbitrary shell command execution flaw in the Include function. The vulnerability enables an attacker to execute commands on the server when TWiki processes Include, with network access, no authentication, and no user interaction required in the CVSS a...

USN-4058-1: Bash vulnerability | Cloud Foundry

Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description It was discovered that Bash incorrectly handled the restricted shell. An attacker could possibly use this issue to escape restrictions and execute any command. CVEs contained in this USN include: CVE-2019-99...

Debian: Security Advisory (DSA-4494-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-13386

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanager2.php allows attackers to execute a shell command, i.e., obtain a reverse shell with user privilege...

Debian DSA-4487-1 : neovim - security update

User 'Arminius' discovered a vulnerability in Vim, an enhanced version of the standard UNIX editor Vi Vi IMproved, which also affected the Neovim fork, an extensible editor focused on modern code and features : Editors typically provide a way to embed editor configuration commands aka modelines...

Debian: Security Advisory (DSA-4467-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-4467-1 : vim - security update

User 'Arminius' discovered a vulnerability in Vim, an enhanced version of the standard UNIX editor Vi Vi IMproved. The 'Common vulnerabilities and exposures project' identifies the following problem : Editors typically provide a way to embed editor configuration commands aka modelines which are...

CVE-2019-3464

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands...

CVE-2019-3464

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands...

Debian DSA-4379-1 : golang-1.7 - security update

A vulnerability was discovered in the implementation of the P-521 and P-384 elliptic curves, which could result in denial of service and in some cases key recovery. In addition this update fixes a vulnerability in 'go get', which could result in the execution of arbitrary shell commands. C Tenabl...