OS Command Injection in im-metadata

im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function...

OS Command Injection in im-resize

im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization...

GHSA-R9VM-RHMF-7HXX OS Command Injection in im-resize

im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization...

Command Injection in killport

This affects the package killport before 1.0.2. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...

Microsoft Exchange Server Remote Code Execution Vulnerability

...

Amazon Linux 2 : flatpak (ALAS-2021-1625)

The version of flatpak installed on the remote host is prior to 1.0.9-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1625 advisory. A sandbox escape flaw was found in the way flatpak handled special tokens in .desktop files. This flaw allows an attacker to gain...

CVE-2021-23348

This affects the package portprocesses before 1.0.5. If attacker-controlled user input is given to the killProcess function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

CVE-2021-23348 Arbitrary Command Injection

This affects the package portprocesses before 1.0.5. If attacker-controlled user input is given to the killProcess function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

Design/Logic Flaw

This affects the package kill-by-port before 0.0.2. If attacker-controlled user input is given to the killByPort function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

SyncBreeze 10.1.16 Buffer Overflow

Exploit Title: SyncBreeze 10.1.16 - XML Parsing Stack-based Buffer Overflow Date: 03/27/2021 Author: Filipe Oliveira - filipecenturiaoathotmail.com Rafael Machado - nnszsatprotonmail.com Vendor: https://www.syncbreeze.com/ Software Link:...

PT-2021-2729 · Microsoft · Ms-Rest-Nodeauth

Name of the Vulnerable Software and Affected Versions: ms-rest-nodeauth library affected versions not specified Description: The issue is related to the implementation of the execAz function in the authentication library for Azure services, which fails to neutralize special elements used in...

CVE-2021-23360

This affects the package killport before 1.0.2. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...

CVE-2021-23360 Arbitrary Command Injection

This affects the package killport before 1.0.2. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...

CVE-2021-23360

This affects the package killport before 1.0.2. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...

GHSA-7QMM-Q394-FMCH Command Injection in ps-kill

This affects all versions of package ps-kill. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file. PoC provided by...

Command Injection in ps-kill

This affects all versions of package ps-kill. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file. PoC provided by...

GHSA-QC65-CGVR-93P6 Code injection in kill-process-by-name

This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...

CVE-2021-28110

/exec in TranzWare e-Commerce Payment Gateway TWEC PG before 3.1.27.5 had a vulnerability in its XML parser...

Input validation

This affects all versions of package port-killer. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...

CVE-2021-23359 Arbitrary Command Injection

This affects all versions of package port-killer. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...