CVE-2018-13797

The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec rather than execFile call...

CVE-2018-13797

The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec rather than execFile call...

CVE-2018-13797

CVE-2018-13797 (nodejs-macaddress) affects the macaddress module for Node.js prior to 0.2.9. The root cause is unsanitized input passed to an exec call (not execFile), enabling arbitrary command injection. This could lead to remote command execution, impacting confidentiality, integrity, and avai...

CVE-2018-13797

The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec rather than execFile call...

CVE-2018-13797

The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec rather than execFile call...

Command Injection

Overview All versions of macaddress are vulnerable to command injection. For this vulnerability to be exploited an attacker needs to control the iface argument to the one method. Recommendation Update to version 0.2.9 or later. References - HackerOne Report - Github PR 20 - GitHub Advisory...

Remote Code Execution (RCE)

macaddress is vulnerable to remote code execution RCE attacks. The vulnerability exists due to the lack of sanitization of the iface argument, allowing arbitrary shell commands to be injected and executed through it...

Node.js third-party modules: `macaddress` concatenates unsanitized input into exec() command

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! I would like to report code injection i...

129.217.235.39 XSS vulnerability

Vulnerable URL: http://129.217.235.39/pbio/uncfgdev.html?MACADDRESS=30055c87ec02=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknow...

Sql injection

Multiple SQL injection vulnerabilities in Dell KACE K1000 5.4.76847 and possibly earlier allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the macAddress element in a 1 getUploadPath or 2 getKBot SOAP request to service/kbotservice.php; the ID parameter to...

Dell Kace 1000 Systems Management Appliance多个SQL注入漏洞

BUGTRAQ ID: 65029 Dell Kace 1000 Systems Management Appliance是系统管理设备。 Dell Kace 1000 Systems Management Appliance 5.4.76847及其他版本没有正确过滤getUploadPath及getKBot SOAP方法的"macAddress"参数值，可导致注入任意SQL代码，从而操作SQL查询。 0 Dell Kace 1000 Systems Management Appliance 5.4.76847 厂商补丁： Dell ----...