18 matches found
EUVD-2026-40459
Storage Concentrator SC & SCVM is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie value is incorporated directly into database queries without adequate sanitization, allowing an unauthenticated remote attacker to manipulate those querie...
EUVD-2025-210390
picklescan before 0.0.30 fails to detect the doctest.debugscript function when analyzing pickle files, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files embedding doctest.debugscript calls that bypass picklescan detection and execute arbitrary command...
CVE-2026-56415
Storage Concentrator SC & SCVM contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A remote attacker can submit a specially crafted HTTP request containing a malicious payload that is processed without adequate input sanitization,...
CVE-2025-71368
picklescan before 0.0.30 fails to detect the doctest.debugscript function when analyzing pickle files, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files embedding doctest.debugscript calls that bypass picklescan detection and execute arbitrary command...
CVE-2026-56415
The vulnerability CVE-2026-56415 affects the Storage Concentrator (SC & SCVM). The issue is a command injection in the debug.pl script that is reachable without authentication. A remote attacker can send a crafted HTTP request containing a malicious payload which is processed without proper input...
CVE-2025-71368 picklescan - Arbitrary Code Execution via Undetected doctest.debug_script
picklescan before 0.0.30 fails to detect the doctest.debugscript function when analyzing pickle files, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files embedding doctest.debugscript calls that bypass picklescan detection and execute arbitrary command...
CVE-2025-71368
Summary: CVE-2025-71368 affects picklescan prior to 0.0.30, which fails to detect the doctest.debug_script function when analyzing pickle files. This allows remote attackers to craft malicious pickle payloads embedding doctest.debug_script that bypass picklescan detection and trigger arbitrary co...
PT-2026-54436
Name of the Vulnerable Software and Affected Versions Storage Concentrator SC & SCVM affected versions not specified Description An issue exists where cookie values processed by the login.pl and debug.pl scripts are incorporated directly into database queries without adequate sanitization. This...
EUVD-2025-29478
Malicious code in bioql PyPI...
EUVD-2025-22092
Malicious code in bioql PyPI...
Arbitrary Code Execution (ACE)
picklescan is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to the use of doctest.debugscript to execute remote pickle files, which allows an attacker to execute arbitrary code on the target system...
GHSA-FQQ6-7VQF-W3FG Picklescan is missing detection when calling built-in python doctest.debug_script
Summary Using doctest.debugscript function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to doctest.debugscript function in reduce method Then when the victim...
CVE-2025-46117
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where a hidden debug script .apdebug.sh invoked from the restricted CLI does not properly sanitize its input, allowing an authenticated attacker to...
CVE-2025-46117
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where a hidden debug script .apdebug.sh invoked from the restricted CLI does not properly sanitize its input, allowing an authenticated attacker to...
CVE-2025-46117
CVE-2025-46117 affects CommScope Ruckus Unleashed (versions prior to 200.15.6.212.14 and 200.17.7.0.139) and Ruckus ZoneDirector (prior to 10.5.1.0.279). The root cause is improper sanitization of inputs to a hidden debug script (.ap_debug.sh) invoked from the restricted CLI, allowing an authenti...
PT-2023-4940 · Cacti +1 · Cacti +1
Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.25 Description: The issue exists due to inadequate protection of the web page structure in the data debug.php script of the Cacti network monitoring tool. This allows a remote attacker to conduct cross-site scripti...
Revize CMS Query_results.JSP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15481/info Revize CMS is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could...
TYPO3 Security Bulletin
A debug script exposes system information provided by phpinfo. By default, the script can be executed by a remote user. Component Type: Core Affected Component: Debug Script Version: 3.8.0 and earlier Vulnerability Type: Information Disclosure Severity: Low Problem Description: A debug script...