Code injection

SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknowntrapexec...

UBUNTU-CVE-2020-24361

SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknowntrapexec...

CVE-2020-24361

SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknowntrapexec...

OS Command Injection

git-tags-remote is vulnerable to OS command injection. The vulnerability exists as it does not sanitize the value of repo in index.js, whose value is subsequently passed to an exec call...

Kubebox - Terminal And Web Console For Kubernetes

Terminal and Web console for Kubernetes Features Configuration from kubeconfig files KUBECONFIG environment variable or $HOME/.kube Switch contexts interactively Authentication support bearer token, basic auth, private key / cert, OAuth, OpenID Connect, Amazon EKS, Google Kubernetes Engine, Digit...

GHSA-GM9X-Q798-HMR4 Command Injection in git-tags-remote

All versions of git-tags-remote are vulnerable to Command Injection. The package fails to sanitize the repository input and passes it directly to an exec call on the get function . This may allow attackers to execute arbitrary code in the system if the repo value passed to the function is...

Command Injection in git-tags-remote

All versions of git-tags-remote are vulnerable to Command Injection. The package fails to sanitize the repository input and passes it directly to an exec call on the get function . This may allow attackers to execute arbitrary code in the system if the repo value passed to the function is...

Remote code execution

The WebControl in RaspberryTortoise through 2012-10-28 is vulnerable to remote code execution via shell metacharacters in a URI. The file nodejs/raspberryTortoise.js has no validation on the parameter incomingString before passing it to the childprocess.exec function...

OS Command Injection

standard-version is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands on the system due to passing of untrusted user input without validation through the exec function...

kernel: perf_event_open() and execve() race in setuid programs allows a data leak

A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held during the ptracemayaccess call, it is possible for the specified target task to perform an execve syscall with setuid execution...

CVE-2020-7688

The issue occurs because tagName user input is formatted inside the exec function is executed without any checks...

CVE-2020-7688

The issue occurs because tagName user input is formatted inside the exec function is executed without any checks...

Code injection

php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an attacker to achieve code execution...

Design/Logic Flaw

The issue occurs because tagName user input is formatted inside the exec function is executed without any checks...

CVE-2020-13619

CVE-2020-13619 affects Locutus PHP before or through 2.0.11, where the php/exec/escapeshellarg call can be abused to achieve code execution. The vulnerability impacts Locutus PHP 2.0.11 and earlier. Root cause is improper handling of shell arguments in escapeshellarg within Locutus. Documents ide...

CVE-2020-7688

The CVE-2020-7688 issue affects the npm package mversion . The vulnerability arises because the value of the input field tagName is formatted into a call to exec() without validation, enabling potential command injection. A proof-of-concept demonstrates injecting shell commands via tagName, illus...

CVE-2020-7688 Command Injection

The issue occurs because tagName user input is formatted inside the exec function is executed without any checks...

The vulnerability of the exec function in the npm-programmatic package manager NPM allows a hacker to execute arbitrary code.

The vulnerability of the exec function in the npm-programmatic package manager NPM is related to the lack of security measures for handling web page structures. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted malicious package...

CVE-2020-9656

CVE-2020-9656 affects Adobe Premiere Rush

Command Injection

Overview mversion is a cross packaging manager module version handler/bumper. Affected versions of this package are vulnerable to Command Injection. The issue occurs because tagName user input is formatted inside the exec function is executed without any checks. PoC: var mversion =...