Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection.
CWE-78
CVE-2019-10891
An issue was discovered in D-Link DIR-806 devices. There is a command injection in function hnap_main, which calls system() without checking the parameter that can be controlled by user, and finally allows remote attackers to execute arbitrary shell commands with a special HTTP header.
CVE-2019-10780
BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open.
CVE-2019-10783
All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input.
CVE-2019-10786
network-manager through 1.0.2 allows remote attackers to execute arbitrary commands via the “execSync()” argument.
CVE-2019-10787
im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the “exec” argument. The cmd argument used within index.js, can be controlled by user without any sanitization.