CVE-2020-6811

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command...

CVE-2020-6811

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command...

CVE-2020-6811

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command...

PT-2020-10038 · Zoho +1 · Zoho Manageengine Assetexplorer +1

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Asset Explorer version 6.5 Description: The issue arises from the lack of validation of the System Center Configuration Manager SCCM database username when dynamically generating a command to schedule scans for SCCM. This...

CVE-2019-12767

An issue was discovered on D-Link DAP-1650 devices before 1.04B02J65H Hot Fix. Attackers can execute arbitrary commands...

CVE-2019-12767

CVE-2019-12767 affects the D-Link DAP-1650 prior to version 1.04B02_J65H Hot Fix. Multiple connected sources confirm a vulnerability that allows attackers to execute arbitrary commands on affected devices. The exact root cause is not detailed in the provided documents, but the impact is described...

The vulnerability of the commands.inc.php component of the rConfig configuration management tool for network devices stems from a lack of security measures in the SQL query structure. This allows attackers to execute arbitrary commands.

The vulnerability of the commands.inc.php component of the rConfig network device configuration management tool is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands via a specially crafted GET...

ONAP SDNC Operating System Command Injection Vulnerability (CNVD-2020-28055)

The ONAP SDNC is a network-defined network controller from the ONAP program. An operating system command injection vulnerability exists in ONAP SDNC Dublin. An attacker can exploit this vulnerability to execute arbitrary commands with the help of a specially crafted 'filename' parameter...

CVE-2020-10674

PerlSpeak through 2.01 allows attackers to execute arbitrary OS commands, as demonstrated by use of system and 2-argument open...

CVE-2019-12132

An issue was discovered in ONAP SDNC before Dublin. By executing sla/dgUpload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected...

CVE-2019-12132

An issue was discovered in ONAP SDNC before Dublin. By executing sla/dgUpload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected...

gulp-tape injection vulnerability

gulp-tape is a package that supports running Tape tests in Gulp. An injection vulnerability exists in gulp-tape 1.0.0 and earlier versions, which can be exploited by an attacker to execute arbitrary commands...

gulp-scss-lint injection vulnerability

gulp-scss-lint is a configurable package of code cleaning tools. A security vulnerability exists in gulp-scss-lint 1.0.0 and earlier versions. An attacker can exploit the vulnerability to inject and execute arbitrary commands...

docker-compose-remote-api injection vulnerability

docker-compose-remote-api is a connection interface between Docker-Compose and the Docker Remote API. An injection vulnerability exists in docker-compose-remote-api 0.1.4 and earlier versions, which stems from the 'execserviceName, cmd, fnStdout, fnStderr, fnExit' function failing to clean up. Th...

node-prompt-here injection vulnerability

node-prompt-here is a package for opening a console window in a given directory. A security vulnerability exists in node-prompt-here 1.0.1 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary commands...

closure-compiler-stream injection vulnerability

closure-compiler-stream is a stream interface to a closure compiler. A security vulnerability exists in closure-compiler-stream version 0.1.15 and earlier, which stems from the program failing to perform any cleanup operations on the user-controllable 'options' parameter. An attacker could use th...

Pulverizr Injection Vulnerability

pulverizr is an image compressor. A security vulnerability exists in pulverizr 0.7.0 and earlier versions, which stems from a failure to perform any cleanup on the 'filename' parameter, which is directly used by the function. The vulnerability can be exploited to execute arbitrary commands...

Mozilla: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection

The Mozilla Foundation Security Advisory describes this flaw as: The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it...

GLSA-202003-27 : libssh: Arbitrary command execution

The remote host is affected by the vulnerability described in GLSA-202003-27 libssh: Arbitrary command execution It was discovered that libssh incorrectly handled certain scp commands. Impact : A remote attacker could trick a victim into using a specially crafted scp command, possibly resulting i...

CVE-2020-7603

closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. The argument "options" of the exports function in "index.js" can be controlled by users without any sanitization...