6 matches found
CVE-2026-15428
An OS command injection vulnerability exists in Archer VX800v v1 due to insufficient input sanitization of the domain name parameter. An adjacent attacker who can access the relevant HTTP interface can modify the parameter to inject shell metacharacters, resulting in arbitrary code execution with...
CVE-2026-27602
Modoboa contains an OS command injection vulnerability (CWE-like) due to exec_cmd paths using subprocess with shell=True and unsanitized domain/input values. In modoboa/lib/sysutils.py and related sinks (DKIM domain handling, mailbox rename, sa-learn, doveadm, rrdtool, webmail operations), domain...
CVE-2026-27602 Modoboa has an OS Command Injection
Modoboa is a mail hosting and management platform. Prior to version 2.7.1, execcmd in modoboa/lib/sysutils.py always runs subprocess calls with shell=True. Since domain names flow directly into shell command strings without any sanitization, a Reseller or SuperAdmin can include shell metacharacte...
PT-2026-7940
iNetTools for iOS 8.20 contains a denial of service vulnerability in the Whois feature that allows attackers to crash the application by manipulating input. Attackers can paste a specially crafted 98-character buffer into the Domain Name field to trigger an application crash...
EUVD-2005-0696
Malware in sbrugna...
Article Factory Manager SQL Injection Vulnerability in Joomla!
Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. A SQL injection vulnerability exists in the Article Factory Manager component of Joomla! The vulnerability is caused by inserting SQL commands into the query string of a web form...