5 matches found
Security Bulletin: IBM Datapower Operations Dashboard could allow remote attacker to execute arbitrary commands on the system CVE-2017-16100
Summary dns-sync is used by the IBM Datapower Operations Dashboard implementation of networking operations Vulnerability Details CVEID:CVE-2017-16100 DESCRIPTION: Node.js dns-sync module could allow a remote attacker to execute arbitrary commands on the system, caused by the improper validation o...
CVE-2017-16100
dns-sync is a sync/blocking dns resolver. If untrusted user input is allowed into the resolve method then command injection is possible...
CVE-2017-16100
dns-sync is a Node.js library that can execute arbitrary commands when untrusted input is provided to the resolve() method, enabling remote code execution. The vulnerability is confirmed in multiple sources, notably the IBM Datapower Operations Dashboard advisory describing an impact on DataPower...
CVE-2017-16100
dns-sync is a sync/blocking dns resolver. If untrusted user input is allowed into the resolve method then command injection is possible...
Arbitrary Command Execution Through Shell Metacharacters In API Arguments
The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function. This vulnerability is a duplicate of CVE-2017-16100...