Arbitrary command execution in roar-pidusage

This affects all current versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without inpu...

Command Injection in ffmpegdotjs

This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

GHSA-CQ77-8JPX-892G Command Injection in killing

This affects all versions of package killing up to and including 1.0.6. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

GHSA-R6FW-8M27-43C9 Command injection in portkiller

This affects all versions of package portkiller. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

Command injection in portkiller

This affects all versions of package portkiller. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

Command Injection in psnode

This affects all current versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

GHSA-M8FM-MV5W-33PV Command Injection in psnode

This affects all current versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

DEBIAN-CVE-2020-28012

Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rdainterpret uses a privileged pipe that lacks a close-on-exec flag...

Privilege Escalation

exim4 is vulnerable to privilege escalation. The vulnerability exists when allowfilter is true, using a missing close-on-exec flag for a privileged pipe...

CVE-2020-28012

Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rdainterpret uses a privileged pipe that lacks a close-on-exec flag...

UBUNTU-CVE-2020-28012

Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rdainterpret uses a privileged pipe that lacks a close-on-exec flag...

CVE-2020-22000

HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the 'setcommandon' and 'setcommandoff' POST parameters in...

Design/Logic Flaw

HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the 'setcommandon' and 'setcommandoff' POST parameters in...

CVE-2020-22000

CVE-2020-22000 affects HomeAutomation 3.3.2. An authenticated OS command execution vulnerability exists in the customcommand v0.1 plugin, exploitable via CSRF to run arbitrary shell commands as the web user through unsanitized PHP exec() calls in /system/systemplugins/customcommand/customcommand....

CVE-2020-22000

HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the 'setcommandon' and 'setcommandoff' POST parameters in...

Arbitrary Command Execution

ffmpegdotjs is vulnerable to arbitrary command execution. Untrusted user input is passed into the trimvideo function and subsequently parsed in exec function. This allows an attacker to execute arbitrary commands on the host OS...

Arbitrary Code Execution

killing is vulnerable to arbitrary code execution. The vulnerability exists as it does not sanitize the argument that is used in childprocess.exec, allowing users to use the function outside of its intended behaviour, which was to kill processes...

CVE-2021-23376

This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

CVE-2021-23374

This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

CVE-2021-23375

This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...