CWE-78

This affects the package node-notifier before 9.0.0. It allows an attacker to run arbitrary commands on Linux machines due to the options params not being sanitised when being passed an array.

This affects all versions of package buns. The injection point is located in line 678 in index file lib/index.js in the exported function install(requestedModule).

ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker to execute arbitrary command via the ShellExec method.

An issue was discovered on KT Slim egg IML500 (R7283, R8112, R8424) and IML520 (R8112, R8368, R8411) wifi device. This issue is a command injection allowing attackers to execute arbitrary OS commands.

The package bestzip before 2.1.7 are vulnerable to Command Injection via the options param.

The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option.