CVE-2023-7311

CVE-2023-7311 affects the BYTEVALUE Intelligent Flow Control Router. A command-injection flaw exists in the /goform/webRead/open endpoint where the unvalidated path parameter is echoed into a shell, enabling arbitrary shell command execution. This can lead to writing backdoors, host privilege esc...

PT-2025-42220

BYTEVALUE Intelligent Flow Control Router contains a command injection vulnerability via the /goform/webRead/open endpoint. The path parameter is not properly validated and is echoed into a shell context, allowing an attacker to inject and execute arbitrary shell commands on the device. Successfu...

PT-2025-41471

Name of the Vulnerable Software and Affected Versions Newforma Info Exchange NIX versions prior to 2023.1 Description Newforma Info Exchange NIX contains a flaw in the /UserWeb/Common/UploadBlueimp.ashx API endpoint that allows an authenticated attacker to upload arbitrary files to any location...

EUVD-2018-1006

Malware in sbrugna...

EUVD-2020-26478

Malware in sbrugna...

EUVD-2012-6587

Malware in sbrugna...

EUVD-2017-12006

Malware in sbrugna...

EUVD-2021-25190

Malware in sbrugna...

EUVD-2024-54950

Malicious code in bioql PyPI...

EUVD-2022-6740

Malicious code in bioql PyPI...

EUVD-2025-23537

Malicious code in bioql PyPI...

EUVD-2025-25196

Malicious code in bioql PyPI...

CVE-2009-20010

Dogfood CRM version 2.0.10 contains a remote command execution vulnerability in the spell.php script used by its mail subsystem. The vulnerability arises from unsanitized user input passed via a POST request to the data parameter, which is processed by the underlying shell without adequate...

CVE-2025-30056

The RunCommand function accepts any parameter, which is then passed for execution in the shell. This allows an attacker to execute arbitrary code on the system...

CVE-2025-30056

The RunCommand function accepts any parameter, which is then passed for execution in the shell. This allows an attacker to execute arbitrary code on the system...

CVE-2025-30056

Technical details about CVE-2025-30056 are not provided in the connected documents. Monitor for updates to identify affected products, root cause, impact, and remediation.

CGM CLININET 代码注入漏洞

CGM CLININET is a hospital information management system from German company CGM. CGM CLININET suffers from a code injection vulnerability that originates when the RunCommand function accepts arbitrary parameters and passes them to the shell for execution, which could lead to the execution of...

CVE-2025-55294 Command Injection via `format` option in screenshot-desktop

screenshot-desktop allows capturing a screenshot of your local machine. This vulnerability is a command injection issue. When user-controlled input is passed into the format option of the screenshot function, it is interpolated into a shell command without sanitization. This results in arbitrary...

CVE-2012-10041

WAN Emulator v2.3 contains two unauthenticated command execution vulnerabilities. The result.php script calls shellexec with unsanitized input from the pc POST parameter, allowing remote attackers to execute arbitrary commands as the www-data user. The system also includes a SUID-root binary name...

CVE-2012-10041 WAN Emulator v2.3 Command Execution

WAN Emulator v2.3 contains two unauthenticated command execution vulnerabilities. The result.php script calls shellexec with unsanitized input from the pc POST parameter, allowing remote attackers to execute arbitrary commands as the www-data user. The system also includes a SUID-root binary name...