CVE-2025-53107

@cyanheads/git-mcp-server is an MCP server designed to interact with Git repositories. Prior to version 2.1.5, there is a command injection vulnerability caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands...

CVE-2021-35062

A Shell Metacharacter Injection vulnerability in result.php in DRK Odenwaldkreis Testerfassung March-2021 allow an attacker with a valid token of a COVID-19 test result to execute shell commands with the permissions of the web server...

CVE-2021-26747

Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution...

CVE-2019-10631

Shell Metacharacter Injection in the package installer on Zyxel NAS 326 version 5.21 and below allows an authenticated attacker to execute arbitrary code via multiple different requests...

CVE-2018-16593

The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Shell Metacharacter Injection...

CVE-2017-1000203

ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution...

SUSE CVE-2017-9328

Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS before 3.0.34 leads to remote code execution as root...

Debian: Security Advisory (DSA-5139-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[slackware-security] openssl

New openssl packages are available for Slackware 14.2, 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/openssl-1.1.1o-i586-1slack15.0.txz: Upgraded. Fixed a bug in the crehash script which was not properly sanitising shell...

CVE-2022-1292 The c_rehash script allows command injection

The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the...

CVE-2021-35062

A Shell Metacharacter Injection vulnerability in result.php in DRK Odenwaldkreis Testerfassung March-2021 allow an attacker with a valid token of a COVID-19 test result to execute shell commands with the permissions of the web server...

CVE-2021-35062

A Shell Metacharacter Injection vulnerability in result.php in DRK Odenwaldkreis Testerfassung March-2021 allow an attacker with a valid token of a COVID-19 test result to execute shell commands with the permissions of the web server...

Design/Logic Flaw

A Shell Metacharacter Injection vulnerability in result.php in DRK Odenwaldkreis Testerfassung March-2021 allow an attacker with a valid token of a COVID-19 test result to execute shell commands with the permissions of the web server...

CVE-2021-35062

The CVE-2021-35062 entry describes a Shell Metacharacter Injection in the file result.php of the DRK Odenwaldkreis Testerfassung March-2021 . The flaw allows an attacker who has a valid COVID-19 test result token to trigger shell commands with the web server’s privileges, indicating a remote comm...

CVE-2021-35062

A Shell Metacharacter Injection vulnerability in result.php in DRK Odenwaldkreis Testerfassung March-2021 allow an attacker with a valid token of a COVID-19 test result to execute shell commands with the permissions of the web server...

Design/Logic Flaw

Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution...

CVE-2021-26747

The CVE-2021-26747 entry affects Netis devices: WF2780 (version 2.3.40404) and WF2411 (version 1.1.29629). The connected sources describe a vulnerability where shell metacharacters in the ping command enable remote code execution. This is the explicit attack vector and impact stated in multiple r...

CVE-2021-26747

Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution...

CVE-2020-15489

An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple shell metacharacter injection vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges...

CVE-2020-12078

An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings internally called excludeip. This excludeip value is passed to the...