CVE-2019-10803
push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.js#L139". This could be abused by an attacker to inject arbitrary commands.
Source: CVE-2019-10803
CVE-2019-10802
giting version prior to 0.0.8 allows execution of arbritary commands. The first argument "repo" of function "pull()" is executed by the package without any validation.
Source: CVE-2019-10802
CVE-2019-10801
enpeem through 2.2.0 allows execution of arbitrary commands. The "options.dir" argument is provided to the "exec" function without any sanitization.
Source: CVE-2019-10801
CVE-2018-21035
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption).
Source: CVE-2018-21035
CVE-2020-9466
The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection.
Source: CVE-2020-9466
CVE-2020-8132
Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input.
Source: CVE-2020-8132
CVE-2019-19943
The HTTP service in quickweb.exe in Pablo Quick ‘n Easy Web Server 3.3.8 allows Remote Unauthenticated Heap Memory Corruption via a large host or domain parameter. It may be possible to achieve remote code execution because of a double free.
Source: CVE-2019-19943
CVE-2020-9465
An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the user_id field in a cookie.
Source: CVE-2020-9465
CVE-2020-8127
Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks.
Source: CVE-2020-8127
CVE-2019-15609
The kill-port-process package version < 2.2.0 is vulnerable to a Command Injection vulnerability.
Source: CVE-2019-15609