Command injection in kill-process-on-port

All versions of package kill-process-on-port are vulnerable to Command Injection via a.getProcessPortId...

Command Injection in ps-kill

This affects all versions of package ps-kill. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file. PoC provided by...

GHSA-7QMM-Q394-FMCH Command Injection in ps-kill

This affects all versions of package ps-kill. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file. PoC provided by...

@duetds/angular (>=5.0.2 <=5.0.3), @duetds/components (>=5.0.2 <=5.0.3) +2 more potentially affected by CVE-2021-23356 via kill-process-by-name (=1.0.5)

kill-process-by-name NPM version =1.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on kill-process-by-name and may be impacted: - @duetds/angular =5.0.2, =5.0.2, =1.7.20, =5.0.2, =5.0.3 Source cves: CVE-2021-23356 Source advisory:...

Code injection in kill-process-by-name

This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...

GHSA-QC65-CGVR-93P6 Code injection in kill-process-by-name

This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...

Npm ps-kill command injection vulnerability

Npm ps-kill is an application from Npm, Inc. Npm ps-kill is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands...

Remote Code Execution (RCE)

ps-kill is vulnerable to remote code execution. The childprocess exec function in index.js file does not sanitize the user-provided data to the kill function, allowing to execute malicious code via var pskill = require'ps-kill'; pskill.kill'$touch success',function;...

USN-4808-1 tinyproxy vulnerability

It was discovered that Tinyproxy created its pid file with insecure permissions. An attacker could use the vulnerability to cause arbitrary processes to be killed, resulting in a denial of service...

CVE-2021-23356

This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...

CVE-2021-23355

This affects all versions of package ps-kill. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file. PoC provided by...

Design/Logic Flaw

This affects all versions of package ps-kill. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file. PoC provided by...

CVE-2021-23355

CVE-2021-23355 affects all versions of the npm package ps-kill . The vulnerability arises from unsafely passing attacker-controlled input to Node.js’s child_process.exec in the index.js kill function, enabling arbitrary command execution. Proof-of-concept demonstrates invoking a shell command via...

CVE-2021-23355 Arbitrary Command Injection

This affects all versions of package ps-kill. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file. PoC provided by...

CVE-2021-23356

CVE-2021-23356 affects all versions of the Node.js package kill-process-by-name. The root cause is use of child_process.exec without input sanitization in index.js, allowing attacker-controlled input to execute arbitrary commands. In practice, this enables arbitrary command execution with network...

CVE-2021-23356 Arbitrary Command Injection

This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...

CVE-2021-23356

This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...

CVE-2021-23355

This affects all versions of package ps-kill. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file. PoC provided by...

Npm ps-kill 命令注入漏洞

Npm ps-kill is an application from Npm, Inc. Npm ps-kill is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands...

Npm Kill-Process-By-Name 命令注入漏洞

Npm Kill-Process-By-Name is an application from Npm, Inc. that kills all processes of a program using the program name. It kills all processes of a program using the program name. A security vulnerability exists in kill-process-by-name, which can be exploited by an attacker to execute arbitrary...