CVE-2020-8797

Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to the Linux subsystem via an unsanitized exec call aka Command Line Injection, if the undocumented telnetd service is enabled and the attacker can authenticate as admin from the local network...

CVE-2020-8797

Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to the Linux subsystem via an unsanitized exec call aka Command Line Injection, if the undocumented telnetd service is enabled and the attacker can authenticate as admin from the local network...

OS Command Injection in devcert-sanscache

devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable commonName controlled by user input is used as part of the exec function without any sanitization...

B64dec 1.1.2 - Buffer Overflow (SEH Overflow + Egg Hunter) Exploit

Exploit Title: B64dec 1.1.2 - Buffer Overflow SEH Overflow + Egg Hunter Exploit Author: Andy Bowden Vendor Homepage: http://4mhz.de/b64dec.html Software Link: http://4mhz.de/download.php?file=b64dec-1-1-2.zip Version: Base64 Decoder 1.1.2 Tested on: Windows 10 x86 Instructions: Run the script to...

Code Injection in heroku/heroku-exec-util

Description The heroku-exec-util module is vulnerable against RCE since a command is crafted using user inputs not validated and then executed, leading to arbitrary command injection POC 1. Create the following PoC file: js // poc.js var heu = require'heroku-exec-util'; heu.sshargs:,'test; touch...

Command Injection

Overview All versions of umount are vulnerable to Command Injection. The package fails to sanitize input rules and passes it directly to an exec call on the umount function . This may allow attackers to execute arbitrary code in the system if the device value passed to the function is...

CVE-2020-7614

npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly...

CVE-2020-7614

npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly...

Command injection

npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly...

CVE-2020-7614

npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly...

OS Command Injection

diskusage-ng is vulnerable to OS Command Injection. The vulnerability exists as the value of path is not sanitized, and is used in exec...

CVE-2020-11581

An issue was discovered in Pulse Secure Pulse Connect Secure PCS through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, allows a man-in-the-middle attacker to perform OS command injection attacks against a client via shell...

OS Command Injection

node-key-sender is vulnerable to OS command injection. The vulnerability exists through the unsanitized value of arrParams used in exec...

OS Command Injection

effect is vulnerable to OS command injection. The vulnerability exists as it does not sanitize the value of cmd that used by exec...

OS Command Injection

install-package and umount are vulnerable to OS command injection. The vulnerabilities exists as the values of args were not sanitized when used in exec...

Command Injection

Overview npm-programmatic is a library that allows you to access npm commands programmatically from javascript. Affected versions of this package are vulnerable to Command Injection. The packages and option properties are concatenated together without any validation and are used by the exec...

Command injection

rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped...

CVE-2020-10879

rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped...

Cisco IOS XE Software for Cisco 4000 Series Integrated Services Routers Privileged EXEC Mode Root Shell Access (cisco-sa-20180328-privesc3)

According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability in the CLI parser due to improperly sanitizing command arguments to prevent access to internal data structures on a device. An authenticated, local attacker with privileged EXEC mode privilege level 15...

OS Command Injection

closure-compiler-stream is vulnerable to OS command injection. The args options are passed to the exec function without any validation and sanitization, allowing an attacker to inject and execute arbitrary OS commands...