14 matches found
Arbitrary Command Injection
Overview willitmerge is an A command line tool to check if pull requests are mergeable. Affected versions of this package are vulnerable to Arbitrary Command Injection due to the use of insecure child process execution API exec. An attacker can execute arbitrary system commands by supplying craft...
CVE-2019-14334
An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated Certificate and RSA Private Key extraction through an insecure sslcert-get.cgi HTTP command...
The vulnerability of the SSH and Telnet protocol implementations of the D-Link DSL6740C modem’s microprogramming software allows a intruder to execute arbitrary commands.
The vulnerability of SSH and Telnet protocols implemented by the microprogramming software of the D-Link DSL6740C modem lies in the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute...
CVE-2022-43396
In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the kylin.engine.spark-cmd parameter of conf...
CVE-2020-3600
A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient security controls on the CLI. An attacker could exploit this vulnerability by using an affected CLI...
Node.js third-party modules: [devcert] Command Injection via insecure command formatting
I would like to report a Command Injection issue in the devcert module. It allows to execute arbitrary commands on the victim's PC. Module module name: devcert version: 1.1.0 npm page: https://www.npmjs.com/package/devcert Module Description devcert - Development SSL made easy Module Stats 276,46...
Node.js third-party modules: [blamer] RCE via insecure command formatting
I would like to report a RCE issue in the blamer module. It allows to execute arbitrary commands remotely inside the victim's PC Module module name: blamer version: 0.1.13 npm page: https://www.npmjs.com/package/blamer Module Description Blamer is a tool for get information about author of code...
Node.js third-party modules: [meta-git] RCE via insecure command formatting
I would like to report a RCE issue in the meta-git module. It allows to execute arbitrary commands remotely inside the victim's PC Module module name: meta-git version: 1.1.2 npm page: https://www.npmjs.com/package/meta-git Module Description git plugin for meta Module Stats 60 downloads in the...
Node.js third-party modules: [treekill] RCE via insecure command concatenation (only Windows)
I would like to report a RCE issue in the treekill module. It allows to execute arbitrary commands remotely inside the victim's PC Module module name: treekill version: 1.0.0 npm page: https://www.npmjs.com/package/treekill Module Description treekill process and it's all children and child...
Node.js third-party modules: [node-df] RCE via insecure command concatenation
I would like to report a RCE issue in the node-df module. It allows to execute arbitrary commands remotely inside the victim's PC Module module name: node-df version: 0.1.4 npm page: https://www.npmjs.com/package/node-df Module Description node-df abbreviation of disk free is a cross-platform...
CVE-2018-7187
The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path get/vcs.go only checks for "://" anywhere in the string, which allows remote attackers to execute arbitrary OS commands via a crafted web site...
CVE-2017-14119
The CVE-2017-14119 vulnerability affects EyesOfNetwork (eonweb) 5.1-0, specifically in module/tool_all/tools/snmpwalk.php, where popen calls are not properly restricted. This allows remote attackers to execute arbitrary commands by injecting shell metacharacters into a parameter. The issue is des...
FreeBSD : a2ps -- insecure command line argument handling (4)
The following package needs to be updated: a2ps-a4 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg8091fceaf35e11d881b0000347a4fa7d.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...
a2ps -- insecure command line argument handling
Rudolf Polzer reports: a2ps builds a command line for file containing an unescaped version of the file name, thus might call external programs described by the file name. Running a cronjob over a public writable directory a2ps-ing all files in it - or simply typing "a2ps .txt" in /tmp - is...