726 matches found
EUVD-2020-0299
Malware in sbrugna...
EUVD-2017-1488
Malware in sbrugna...
EUVD-2024-2640
Malicious code in bioql PyPI...
EUVD-2025-25810
Malicious code in bioql PyPI...
EUVD-2023-31711
Malicious code in bioql PyPI...
EUVD-2023-32478
Malicious code in bioql PyPI...
EUVD-2023-30292
Malicious code in bioql PyPI...
EUVD-2024-44345
Malicious code in bioql PyPI...
EUVD-2025-13911
Malicious code in bioql PyPI...
EUVD-2023-38253
Malicious code in bioql PyPI...
MCIR
The Magical Code Injection Rainbow! MCIR is a framework for building configurable vulnerability testbeds. It is a collection of tools designed to demonstrate various types of code injection vulnerabilities, including SQL injection, XML/XPath/XSL injection, Cross-Site Scripting XSS, and shell...
Linux Distros Unpatched Vulnerability : CVE-2008-7319
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments e.g., invalid hostnames containing shell metacharacters before use ...
Linux Distros Unpatched Vulnerability : CVE-2019-8427
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters. CVE-2019-8427 Note that Nessus relies on...
CVE-2025-50974
The Calamaris log exporter CGI /cgi-bin/logs.cgi/calamaris.dat in IPFire 2.29 does not properly sanitize user-supplied input before incorporating parameter values into a shell command. An unauthenticated remote attacker can inject arbitrary OS commands by embedding shell metacharacters in any of...
CVE-2025-50974
The Calamaris log exporter CGI /cgi-bin/logs.cgi/calamaris.dat in IPFire 2.29 does not properly sanitize user-supplied input before incorporating parameter values into a shell command. An unauthenticated remote attacker can inject arbitrary OS commands by embedding shell metacharacters in any of...
Spree Commerce is vulnerable to RCE through Search API
Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...
Linux Distros Unpatched Vulnerability : CVE-2017-14100
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5,...
CVE-2025-20265
A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center FMC Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device. This vulnerability is due to a lack of proper handling of user input...
CVE-2012-10037
PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez GET parameter is unsafely passed to the exec function without sanitization. A remote attacker can inject arbitrary shell commands, leading to code execution under the web server's context. No...
CVE-2025-2611
The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling. Versions 7.4 and below are know...