install-package through 1.1.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the device function.

Source

install-package through 0.4.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument.

Source

node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the ‘arrParams' argument in the ‘execute()' function.

Source

karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the config argument.

Source

op-browser through 1.0.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function.

Source

git-add-remote through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the name argument.

Source

effect through 1.0.4 is vulnerable to Command Injection. It allows execution of arbitrary command via the options argument.

Source

There is a buffer overflow vulnerability in some Huawei products. The vulnerability can be exploited by an attacker to perform remote code execution on the affected products when the affected product functions as an optical line terminal (OLT). Affected product versions include:SmartAX MA5600T versions V800R013C10, V800R015C00, V800R015C10, V800R017C00, V800R017C10, V800R018C00, V800R018C10; SmartAX MA5800 versions V100R017C00, V100R017C10, V100R018C00, V100R018C10, V100R019C10; SmartAX EA5800 versions V100R018C00, V100R018C10, V100R019C10.

Source

ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed.

Source

For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack.

Source