22 matches found
CVE-2026-45406
Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filenames, unescaped, into a single-quoted shell string that is later parsed by eval. A filename...
📄 thumbler 1.1.2 Command Injection
thumbler through version 1.1.2 allows OS command injection in thumbnail in lib/thumbler.js. The package concatenates the input, output, time, and size values into a single ffmpeg command string and executes that string with childprocess.exec. An attacker who controls one of those values can injec...
EUVD-2020-1428
Malware in sbrugna...
EUVD-2020-1498
Malware in sbrugna...
CVE-2023-28102
discordrb is an implementation of the Discord API using Ruby. In discordrb before commit 91e13043ffa the encoder.rb file unsafely constructs a shell string using the file parameter, which can potentially leave clients of discordrb vulnerable to command injection. The library is not directly...
CVE-2020-26300
systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation before version 4.26.2 there is a command injection vulnerability. Problem was fixed in version 4.26.2 with a shell string sanitation fix...
CVE-2020-26274
In systeminformation npm package before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix...
discordrb OS Command Injection vulnerability
discordrb is an implementation of the Discord API using Ruby. In discordrb before commit 91e13043ffa the encoder.rb file unsafely constructs a shell string using the file parameter, which can potentially leave clients of discordrb vulnerable to command injection. The library is not directly...
CVE-2023-28102
discordrb is an implementation of the Discord API using Ruby. In discordrb before commit 91e13043ffa the encoder.rb file unsafely constructs a shell string using the file parameter, which can potentially leave clients of discordrb vulnerable to command injection. The library is not directly...
CVE-2023-28102
The CVE-2023-28102 issue affects the discordrb Ruby library, where the encoder.rb code path before commit 91e13043ffa unsafely constructs a shell command using a file parameter. This can allow an attacker-controlled input to reach the vulnerable method and execute arbitrary shell commands on the ...
CVE-2020-26300
systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation before version 4.26.2 there is a command injection vulnerability. Problem was fixed in version 4.26.2 with a shell string sanitation fix...
CVE-2020-26300
systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation before version 4.26.2 there is a command injection vulnerability. Problem was fixed in version 4.26.2 with a shell string sanitation fix...
Command injection
systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation before version 4.26.2 there is a command injection vulnerability. Problem was fixed in version 4.26.2 with a shell string sanitation fix...
CVE-2020-26274
In systeminformation npm package before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix...
CVE-2020-26274
In systeminformation npm package before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix...
Command injection
In systeminformation npm package before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix...
Command Injection
Overview There is a command injection vulnerability in systeminformation which allows for injection of commands to the command line of your machine. Affected commands: inetLatency. The problem was fixed by sanitizing the shell string. Recommendation Upgrade to version 4.31.1 or later. References ...
CVE-2020-26274 Command Injection Vulnerability in systeminformation
In systeminformation npm package before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix...
Command Injection in systeminformation
Impact command injection vulnerability Patches Problem was fixed with a shell string sanitation fix. Please upgrade to version = 4.26.2 Workarounds If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to is.services, is.inetChecksite, si.inetLatency,...
GHSA-94XH-2FMC-XF5J systeminformation command injection vulnerability
Impact command injection vulnerability Patches Problem was fixed with a shell string sanitation fix. Please upgrade to version = 4.27.11 Workarounds If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetChecksite References Are there any links use...