CVE-2021-23363

This affects the package kill-by-port before 0.0.2. If attacker-controlled user input is given to the killByPort function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

CVE-2021-23363

This affects the package kill-by-port before 0.0.2. If attacker-controlled user input is given to the killByPort function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

Design/Logic Flaw

This affects the package kill-by-port before 0.0.2. If attacker-controlled user input is given to the killByPort function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

CVE-2021-23363 Arbitrary Command Injection

This affects the package kill-by-port before 0.0.2. If attacker-controlled user input is given to the killByPort function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

CVE-2021-23363

The CVE affects the npm package kill-by-port (before v0.0.2). The root cause is unsanitized attacker-controlled input passed to child_process.exec, enabling Arbitrary Command Injection. Documented impact is arbitrary command execution via input to killByPort, with examples and a PoC in Snyk data ...

CVE-2021-23363

This affects the package kill-by-port before 0.0.2. If attacker-controlled user input is given to the killByPort function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

Guy Mograbi kill-by-port 命令注入漏洞

Guy Mograbi kill-by-port is a Guy Mograbi open source application. It is used to kill processes. A security vulnerability exists in kill-by-port before 0.0.2, which can be exploited by attackers to execute arbitrary commands...

CVE-2020-25581

In FreeBSD 12.2-STABLE before r369312, 11.4-STABLE before r369313, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 due to a race condition in the jailremove2 implementation, it may fail to kill some of the processes...

4 Techniques for Early Ransomware Detection

If you receive a ransom note, it’s already too late. Detect and stop ransomware attacks early in the kill chain with these 4 techniques...

Command injection in kill-process-on-port

All versions of package kill-process-on-port are vulnerable to Command Injection via a.getProcessPortId...

GHSA-5WQJ-F379-6JH4 Command injection in kill-process-on-port

All versions of package kill-process-on-port are vulnerable to Command Injection via a.getProcessPortId...

GHSA-7QMM-Q394-FMCH Command Injection in ps-kill

This affects all versions of package ps-kill. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file. PoC provided by...

Command Injection in ps-kill

This affects all versions of package ps-kill. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file. PoC provided by...

@duetds/angular (>=5.0.2 <=5.0.3), @duetds/components (>=5.0.2 <=5.0.3) +2 more potentially affected by CVE-2021-23356 via kill-process-by-name (=1.0.5)

kill-process-by-name NPM version =1.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on kill-process-by-name and may be impacted: - @duetds/angular =5.0.2, =5.0.2, =1.7.20, =5.0.2, =5.0.3 Source cves: CVE-2021-23356 Source advisory:...

GHSA-QC65-CGVR-93P6 Code injection in kill-process-by-name

This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...

Code injection in kill-process-by-name

This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...

Npm ps-kill command injection vulnerability

Npm ps-kill is an application from Npm, Inc. Npm ps-kill is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands...

Remote Code Execution (RCE)

ps-kill is vulnerable to remote code execution. The childprocess exec function in index.js file does not sanitize the user-provided data to the kill function, allowing to execute malicious code via var pskill = require'ps-kill'; pskill.kill'$touch success',function;...

USN-4808-1 tinyproxy vulnerability

It was discovered that Tinyproxy created its pid file with insecure permissions. An attacker could use the vulnerability to cause arbitrary processes to be killed, resulting in a denial of service...

CVE-2021-23356

This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...