Command Injection in bestzip

Versions of bestzip prior to 2.1.7 are vulnerable to Command Injection. The package fails to sanitize input rules and passes it directly to an exec call on the zip function . This may allow attackers to execute arbitrary code in the system as long as the values of destination is user-controlled...

OS Command Injection in adrieankhisbe/bundle-phobia-cli

Description BundlePhobia is a tool to help you find the cost of adding a npm package to your bundle. It enables you to query package sizes. The npm-utils.js has a unsanitized exec function which leads to Arbitrary code execution Proof-of-concept const util = require'./npm-utils.js'; let a =...

ASX To MP3 Converter 3.1.3.7.2010.11.05 Buffer Overflow

Exploit Title: ASX to MP3 converter 3.1.3.7.2010.11.05 - '.wax' Local Buffer Overflow DEP,ASLR Bypass PoC Software Link Download: https://github.com/x00x00x00x00/ASXtoMP3Converter3.1.3.7.2010.11.05/blob/master/ASXtoMP3Converter3.1.3.7.2010.11.05.exe?raw=true Exploit Author: Paras Bhatia Discovery...

Arbitrary Code Execution

windows-edge is vulnerable to arbitrary code execution. The vulnerability exists as the value of opts.uri is passed into exec without sanitization...

ALPINE-CVE-2020-24361

SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknowntrapexec...

UBUNTU-CVE-2020-24361

SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknowntrapexec...

Code injection

SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknowntrapexec...

CVE-2020-24361

SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknowntrapexec...

OS Command Injection

git-tags-remote is vulnerable to OS command injection. The vulnerability exists as it does not sanitize the value of repo in index.js, whose value is subsequently passed to an exec call...

Kubebox - Terminal And Web Console For Kubernetes

Terminal and Web console for Kubernetes Features Configuration from kubeconfig files KUBECONFIG environment variable or $HOME/.kube Switch contexts interactively Authentication support bearer token, basic auth, private key / cert, OAuth, OpenID Connect, Amazon EKS, Google Kubernetes Engine, Digit...

Command Injection in git-tags-remote

All versions of git-tags-remote are vulnerable to Command Injection. The package fails to sanitize the repository input and passes it directly to an exec call on the get function . This may allow attackers to execute arbitrary code in the system if the repo value passed to the function is...

GHSA-GM9X-Q798-HMR4 Command Injection in git-tags-remote

All versions of git-tags-remote are vulnerable to Command Injection. The package fails to sanitize the repository input and passes it directly to an exec call on the get function . This may allow attackers to execute arbitrary code in the system if the repo value passed to the function is...

Remote code execution

The WebControl in RaspberryTortoise through 2012-10-28 is vulnerable to remote code execution via shell metacharacters in a URI. The file nodejs/raspberryTortoise.js has no validation on the parameter incomingString before passing it to the childprocess.exec function...

OS Command Injection

standard-version is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands on the system due to passing of untrusted user input without validation through the exec function...

kernel: perf_event_open() and execve() race in setuid programs allows a data leak

A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held during the ptracemayaccess call, it is possible for the specified target task to perform an execve syscall with setuid execution...

CVE-2020-7688

The issue occurs because tagName user input is formatted inside the exec function is executed without any checks...

CVE-2020-7688

The issue occurs because tagName user input is formatted inside the exec function is executed without any checks...

Code injection

php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an attacker to achieve code execution...

Design/Logic Flaw

The issue occurs because tagName user input is formatted inside the exec function is executed without any checks...

CVE-2020-13619

CVE-2020-13619 affects Locutus PHP before or through 2.0.11, where the php/exec/escapeshellarg call can be abused to achieve code execution. The vulnerability impacts Locutus PHP 2.0.11 and earlier. Root cause is improper handling of shell arguments in escapeshellarg within Locutus. Documents ide...