CVE-2021-23355

This affects all versions of package ps-kill. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file. PoC provided by...

Design/Logic Flaw

This affects all versions of package ps-kill. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file. PoC provided by...

CVE-2021-23355

CVE-2021-23355 affects all versions of the npm package ps-kill . The vulnerability arises from unsafely passing attacker-controlled input to Node.js’s child_process.exec in the index.js kill function, enabling arbitrary command execution. Proof-of-concept demonstrates invoking a shell command via...

CVE-2021-23355 Arbitrary Command Injection

This affects all versions of package ps-kill. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file. PoC provided by...

CVE-2021-23356

CVE-2021-23356 affects all versions of the Node.js package kill-process-by-name. The root cause is use of child_process.exec without input sanitization in index.js, allowing attacker-controlled input to execute arbitrary commands. In practice, this enables arbitrary command execution with network...

CVE-2021-23356 Arbitrary Command Injection

This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...

CVE-2021-23356

This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...

CVE-2021-23355

This affects all versions of package ps-kill. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file. PoC provided by...

Npm ps-kill 命令注入漏洞

Npm ps-kill is an application from Npm, Inc. Npm ps-kill is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands...

Npm Kill-Process-By-Name 命令注入漏洞

Npm Kill-Process-By-Name is an application from Npm, Inc. that kills all processes of a program using the program name. It kills all processes of a program using the program name. A security vulnerability exists in kill-process-by-name, which can be exploited by an attacker to execute arbitrary...

@duetds/angular (>=5.0.2 <=5.0.3), @duetds/components (>=5.0.2 <=5.0.3) +2 more potentially affected by CVE-2021-23356 via kill-process-by-name (=1.0.5)

kill-process-by-name NPM version =1.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on kill-process-by-name and may be impacted: - @duetds/angular =5.0.2, =5.0.2, =1.7.20, =5.0.2, =5.0.3 Source cves: CVE-2021-23356 Source advisory:...

Arbitrary Command Injection

Overview kill-process-by-name is a Kills all processes by a certain program Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the...

Arbitrary Command Injection

Overview kill-by-port is a kills process by port Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given to the killByPort function, it is possible for an attacker to execute arbitrary commands. This is due to use of the...

Arbitrary Command Injection

Overview ps-kill is a Kill processes with ease Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exe...

Florida Water Plant Hack: Leaked Credentials Found in Breach Database

Researchers say they found several stolen and leaked credentials for a Florida water-treatment plant, which was hacked last week. Researchers at CyberNews said they found 11 credential pairs linked to the Oldsmar water plant, in a 2017 compilation of stolen breach credentials. Meanwhile, they als...

Credential Stuffing and Account Takeovers -- The Business View

Account takeovers ATOs, in which criminals impersonate legitimate account owners in order to take control of an account, cause tremendous pain for businesses in all industries. This pain may be monetary, such as losses from stolen accounts, but may also include a number of related problems, like...

CVE-2020-28426 Command Injection

All versions of package kill-process-on-port are vulnerable to Command Injection via a.getProcessPortId...

CVE-2020-28426

Summary: CVE-2020-28426 affects the npm package kill-process-on-port. All versions are vulnerable to Command Injection through the a.getProcessPortId function. Concrete details across sources include exploit scenario via getProcessPortId and the fact that input can be unsafely processed, enabling...

kill-process-on-port Command Injection Vulnerability

Radarsu kill-process-on-port is an Npm codebase that can be used to support aborting application processes by Radarsu individual developers. kill-process-on-port suffers from a command injection vulnerability that stems from packets being vulnerable to injection via the a.getProcessPortId command...

Stopping Active Attacks with Penalty Box

A web application firewall WAF is most often used by organizations for external security controls to detect and block individual attack attempts against target web application assets. Open Web Application Security Project OWASP risk rating methodology Unfortunately, today's sophisticated web...