2 matches found
openssl npm package vulnerable to command execution
The openssl aka node-openssl NPM package through 2.0.0 was characterized as "a nonsense wrapper with no real purpose" by its author, and accepts an opts argument that contains a verb field used for command execution. NOTE: This vulnerability only affects products that are no longer supported by t...
CVE-2023-36089
Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgimain in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...