Veritas Backup Exec is vulnerable to privilege escalation due to OPENSSLDIR location

Overview Veritas Backup Exec contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user can create files. Description CVE-2019-1552 Veritas Backup Exec includes an OpenSSL component that specifies an OPENSSLD...

Exploit for Command Injection in Saltstack Salt

CVE-2020-28243 A command injection vulnerability in SaltStack...

CVE-2020-26284

CVE-2020-26284 affects Hugo (Go-based SSG) where, before v0.79.1, Hugo uses Go’s os/exec and will invoke a malicious executable if a file named after a common Windows binary (exe or bat) exists in the current working directory when Hugo runs. This can allow an attacker to execute arbitrary code o...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection. The injection point is located in line 45 in main entry of package in lib/process-promises.js. PoC var a =require"ts-process-promises"; a.exec"touch JHU",; Remediation There is no fixed version for ts-process-promises...

CVE-2020-7777 Arbitrary Code Execution

This affects all versions of package jsen. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is no mention about the risks of untrusted schema files, so I assume that this is applicable. In...

OS Command Injection

gfc is vulnerable to OS command injection. The vulnerability exists through the lack of sanitization of the options argument which leads to passing of untrusted user input to an exec function call...

glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries

A vulnerability was discovered in glibc where the LDPREFERMAP32BITEXEC environment variable is not ignored when running binaries with the setuid flag on x8664 architectures. This allows an attacker to force system to utilize only half of the memory making the system think the software is 32-bit...

OS Command Injection

@knutkirkhorn/free-space is vulnerable to OS command injection. The vulnerability exists as command injection is possible through the usage of the user controlled variable, $disk, which is passed into the exec function without validation...

Command Injection in entitlements

Versions of entitlements prior to 1.3.0 are vulnerable to Command Injection. The package does not validate input on the entitlements function and concatenates it to an exec call, allowing attackers to run arbitrary commands in the system. Recommendation Upgrade to version 1.3.0 or later...

GHSA-WGW3-GF4P-62XC Command Injection in wizard-syncronizer

All versions of wizard-syncronizer are vulnerable to Command Injection. The package does not validate input on the cloneAndSync function and concatenates it to an exec call. This can be abused through a malicious widget containing the payload in the gitURL value or through a MITM attack since the...

GHSA-J6V9-XGVH-F796 Command Injection in wxchangba

All versions of wxchangba are vulnerable to Command Injection. The package does not validate user input on the reqPostMaterial function, passing contents of the file parameter to an exec call. This may allow attackers to run arbitrary commands in the system. Recommendation No fix is currently...

Command Injection in wxchangba

All versions of wxchangba are vulnerable to Command Injection. The package does not validate user input on the reqPostMaterial function, passing contents of the file parameter to an exec call. This may allow attackers to run arbitrary commands in the system. Recommendation No fix is currently...

GHSA-8MGG-5X65-M4M4 Command Injection in soletta-dev-app

All versions of soletta-dev-app are vulnerable to Command Injection. The package does not validate user input on the /api/service/status API endpoint, passing contents of the service query parameter to an exec call. This may allow attackers to run arbitrary commands in the system. Recommendation ...

Command Injection in soletta-dev-app

All versions of soletta-dev-app are vulnerable to Command Injection. The package does not validate user input on the /api/service/status API endpoint, passing contents of the service query parameter to an exec call. This may allow attackers to run arbitrary commands in the system. Recommendation ...

Remote Code Execution (RCE)

bunyan is vulnerable to remote code execution. The vulnerability exists the argument from the -p option reaches the exec call without any sanitization...

GHSA-RJVJ-673Q-4HFW Command Injection in traceroute

All versions of traceroute are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to an exec call, which may allow attackers to execute arbitrary code in the system. The trace function is vulnerable and can be abused if the host value is controlled by an...

Command Injection in traceroute

All versions of traceroute are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to an exec call, which may allow attackers to execute arbitrary code in the system. The trace function is vulnerable and can be abused if the host value is controlled by an...

Command Injection in meta-git

All versions of meta-git are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to an exec call, which may allow attackers to execute arbitrary code in the system. The clone command is vulnerable through the branch name. Recommendation No fix is currently...

GHSA-7R9X-HR76-JR96 Command Injection in giting

All versions of gitting are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to an exec call, which may allow attackers to execute arbitrary code in the system. The pull function is vulnerable through the branch variable. Recommendation No fix is current...

OS Command Injection

node-wifi is vulnerable to OS command injection. The vulnerability exists through the unsanitized value of ssid used in exec...