OpenSTAManager has an OS Command Injection in P7M File Processing

Summary A critical OS Command Injection vulnerability exists in the P7M signed XML file decoding functionality. An authenticated attacker can upload a ZIP file containing a .p7m file with a malicious filename to execute arbitrary system commands on the server. Vulnerable Code File:...

CVE-2021-23376

This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

Arbitrary Command Injection

Overview ffmpegdotjs is a FFMPEG module for nodejs Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the...

Command Injection

Overview network-manager is a working with ethernet and wifi interfaces. Affected versions of this package are vulnerable to Command Injection. The runCommand function within common.js file is called by getDevices function in file linux/manager.js, which is required by the index.process.env.NMCLI...