7633 matches found
CVE-2021-23381
CVE-2021-23381 affects all versions of the npm package killing. The root cause is use of child_process.exec without input sanitization, enabling an attacker-controlled input to execute arbitrary commands. Public advisories (GHSA-CQ77-8JPX-892G, OSV entry) describe command injection impacting vers...
CVE-2021-23381
This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...
CVE-2021-23379
This affects all versions of package portkiller. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...
CVE-2021-23375
CVE-2021-23375 affects all versions of the npm package psnode. The vulnerability is a command injection in the kill function: attacker-controlled input passed to child_process.exec without input sanitization, enabling arbitrary commands. Multiple sources (NVD, GHSA, OSV, Veracode, CVE listings) c...
CVE-2021-23376
CVE-2021-23376 affects all versions of ffmpegdotjs. The root cause is the use of Node.js child_process.exec in the trimvideo function without input sanitization, enabling attacker-controlled input to execute arbitrary commands. Documented impact is arbitrary command execution with network access,...
CVE-2021-23378
The CVE-2021-23378 issue affects all versions of the picotts package. The root cause is unsanitized attacker-controlled input in the say function, which allows execution of arbitrary commands via child_process.exec. Multiple sources (NVD, OSV, GHSA, CVE list) confirm a command-injection vulnerabi...
CVE-2021-23378
This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...
CVE-2021-23374
This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...
ps-visitor 命令注入漏洞
npm ps-visitor is an application from npm, Inc. node.js access commands ps aux and kill. ps-visitor has a security vulnerability that can be exploited by an attacker to potentially execute arbitrary commands. This is due to the use of child processes to execute functions without input validation...
npm psnode 命令注入漏洞
npm psnode is an application from the American company npm. A Node.js KISS module for listing and terminating processes on OSX and Windows. A security vulnerability exists in psnode, which can be exploited by an attacker to potentially execute arbitrary commands...
npm ffmpegdotjs 命令注入漏洞
npm ffmpegdotjs is an application from the American company npm. It is used for image creation. A security vulnerability exists in ffmpegdotjs, which can be exploited by an attacker to potentially execute arbitrary commands...
GO-2021-0073 Arbitrary command execution in github.com/git-lfs/git-lfs
Arbitrary command execution can be triggered by improperly sanitized SSH URLs in LFS configuration files. This can be triggered by cloning a malicious repository...
CVE-2021-28157
An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete...
JVN#29739718: Multiple vulnerabilities in Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, and Aterm WX3000HP
Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, and Aterm WX3000HP provided by NEC Corporation contain multiple vulnerabilities listed below. Aterm WF1200CR, Aterm WG1200CR, and Aterm WG2600HS OS Command Injection CWE-78 - CVE-2021-20708 Version| Vector| Score ---|---|--- CVSS v3|...
The vulnerability of the CLI component in Cisco IOS XE routers for Cisco IOS XE SD-WAN allows a attacker to execute arbitrary commands with superuser privileges.
The vulnerability of Cisco IOS XE operating system-based routers in Cisco IOS XE SD-WAN solutions exists due to insufficient validation of input data. Exploiting this vulnerability can allow attackers to execute arbitrary commands with superuser privileges...
CVE-2021-29996
Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote Code Execution RCE by opening .md files containing a mutation Cross Site Scripting XSS payload...
CVE-2021-29996
Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote Code Execution RCE by opening .md files containing a mutation Cross Site Scripting XSS payload...
PT-2021-7653 · Qnap · Qts +1
Name of the Vulnerable Software and Affected Versions: QTS versions prior to 4.5.2.1566 Build 20210202 QTS versions prior to 4.5.1.1495 Build 20201123 QTS versions prior to 4.3.6.1620 Build 20210322 QTS versions prior to 4.3.4.1632 Build 20210324 QTS versions prior to 4.3.3.1624 Build 20210416 QT...
MagpieRSS 安全漏洞
A security vulnerability exists in MagpieRSS in 0.72, which originates from a command escape error in /extlib/Snoopy.class.inc and can be exploited by an attacker to execute arbitrary commands...
PT-2021-17994 · Magpierss · Magpierss
Name of the Vulnerable Software and Affected Versions: MagpieRSS version 0.72 Description: The issue arises from an incorrectly escaped exec command in the /extlib/Snoopy.class.inc file. This allows an attacker to add an extra command to the curl binary, creating a problem on the /scripts/magpie...