The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec() method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character.
View Full Alert
Related Posts
CVE-2018-21268The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec() method, which is considered to be not entirely…
CVE-2018-17792MDaemon Webmail (formerly WorldClient) has CSRF. View Full Alert
CVE-2018-14919LOYTEC LGATE-902 6.3.2 devices allow XSS. View Full Alert
