Arbitrary Code Injection

hot-formula-parser is vulnerable to arbitrary code injection. The vulnerability exists due to the lack of sanitization of the value of yytext, which is used in the exec command...

Command Injection

devcert-sanscache is vulnerable to OS command injection. The commonName parameter used to generate a developer SSL certificate is not validated and sanitized, allowing for command injection as the value is subsequently passed into an exec function...

Arbitrary Command Injection

aws-lambda is vulnerable to arbitrary command injection. The vulnerability exists due to the lack of sanitization on the value of config.FunctionName, allowing injection payloads to reach the exec function...

CVE-2019-10778

devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable commonName controlled by user input is used as part of the exec function without any sanitization...

CVE-2019-10778

devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable commonName controlled by user input is used as part of the exec function without any sanitization...

Unspecified Vulnerability in MojoHaus Exec Maven plugin for Maven

MojoHaus Exec Maven plugin for Maven is a use in Maven software project management and automated build tools to support the execution of Java programs in the plug-in . A security vulnerability exists in MojoHaus Exec Maven plugin for Maven version 1.1.1. The vulnerability can be exploited by an...

Command Injection

Overview aws-lambda is a command line tool deploy code to AWS Lambda. Affected versions of this package are vulnerable to Command Injection. The config.FunctioName is used to construct the argument used within the exec function without any sanitization. It is possible for a user to inject arbitra...

rConfig Remote Code Execution Vulnerability

rConfig is an open source network configuration management utility . A security vulnerability exists in rConfig version 3.9.3, which originates from the program failing to filter before passing the 'path' parameter directly to the 'exec' function. The vulnerability can be exploited by a remote...

Command injection

An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution...

CVE-2019-19509

An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution...

CVE-2019-20343

The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element within a plugin element can specify an arbitrary program in an executable element and can also specify arbitrary command-line arguments in an arguments element...

Code injection

The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element within a plugin element can specify an arbitrary program in an executable element and can also specify arbitrary command-line arguments in an arguments element...

CVE-2019-20343

The CVE-2019-20343 issue affects the MojoHaus Exec Maven plugin for Maven (version 1.1.1). A crafted XML document can trigger code execution because a configuration element (within a plugin element) can specify an arbitrary program in an executable element and may include arbitrary command-line a...

CVE-2019-20343

The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element within a plugin element can specify an arbitrary program in an executable element and can also specify arbitrary command-line arguments in an arguments element...

HomeAutomation 3.3.2 - Remote Code Execution Vulnerability

Exploit for php platform in category web applications Exploit: HomeAutomation 3.3.2 - Remote Code Execution Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on: Apache/2.4.41 centos OpenSSL/1.0.2k-fips Advisor...

CVE-2019-10758

mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the toBSON method. A misuse of the vm dependency to perform exec commands in a non-safe environment...

CVE-2019-10758

mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the toBSON method. A misuse of the vm dependency to perform exec commands in a non-safe environment...

CVE-2019-10758

MongoDB mongo-express ≤0.53.x is vulnerable to Remote Code Execution via endpoints using toBSON, due to unsafe use of the vm module to run exec commands. Affected component: mongo-express server-side routes that invoke toBSON. Root cause: misusing vm to execute commands in a non-safe environment....

Updated libvirt packages fix security vulnerabilities

Updated libvirt packages fix security vulnerabilities: An information leak which allowed to retrieve the guest hostname under readonly mode CVE-2019-3886. Wrong permissions in systemd admin-sock due to missing SocketMode parameter CVE-2019-10132. Arbitrary file read/exec via...

Cisco IOS XE Software Privileged EXEC Mode Root Shell Access (cisco-sa-20180926-privesc)

According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability in the CLI parser due to the affected software improperly sanitizing command arguments to prevent modifications to the underlying Linux file system on a device. An authenticated, local attacker who has...