Lucene search
K

5 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/10/25 3:24 p.m.12 views

Security Bulletin: IBM Datapower Operations Dashboard could allow remote attacker to execute arbitrary commands on the system CVE-2017-16100

Summary dns-sync is used by the IBM Datapower Operations Dashboard implementation of networking operations Vulnerability Details CVEID:CVE-2017-16100 DESCRIPTION: Node.js dns-sync module could allow a remote attacker to execute arbitrary commands on the system, caused by the improper validation o...

10CVSS7.5AI score0.05132EPSS
Exploits1Affected Software1
NVD
NVD
added 2018/06/07 2:29 a.m.29 views

CVE-2017-16100

dns-sync is a sync/blocking dns resolver. If untrusted user input is allowed into the resolve method then command injection is possible...

10CVSS9.7AI score0.05132EPSS
Exploits1References2
CVE
CVE
added 2018/06/07 2:0 a.m.64 views

CVE-2017-16100

dns-sync is a Node.js library that can execute arbitrary commands when untrusted input is provided to the resolve() method, enabling remote code execution. The vulnerability is confirmed in multiple sources, notably the IBM Datapower Operations Dashboard advisory describing an impact on DataPower...

10CVSS9.6AI score0.05132EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2018/06/07 2:0 a.m.35 views

CVE-2017-16100

dns-sync is a sync/blocking dns resolver. If untrusted user input is allowed into the resolve method then command injection is possible...

9.8AI score0.05132EPSS
Exploits1References2
Veracode
Veracode
added 2015/03/02 4:29 p.m.20 views

Arbitrary Command Execution Through Shell Metacharacters In API Arguments

The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function. This vulnerability is a duplicate of CVE-2017-16100...

10CVSS9.5AI score0.05132EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder