PT-2026-44932

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via child process.exec which runs through /bin/sh -c. User-supplied branch names, repository URLs, and Docker credentials are...

Malicious code in randomlogs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c085eee0876092131c3f909facc237674fcfb1e02bafbafcb34230c87b3a3819 The package's main module index.js lines 6-10 exports a function mal that opens a TCP socket to 223.229.156.10:5513 and pipes a spawned shell /bin/sh...

Command Injection

Arcane is vulnerable to Command Injection. The vulnerability is due to lifecycle label values such as com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update being passed directly to /bin/sh -c without sanitization, allowing authenticated users to inject...

CVE-2026-27183

OpenClaw versions prior to 2026.3.7 contain a shell approval gating bypass vulnerability in system.run dispatch-wrapper handling that allows attackers to skip shell wrapper approval requirements. The approval classifier and execution planner apply different depth-boundary rules, permitting exactl...

EUVD-2026-14555

OpenClaw versions prior to 2026.3.7 contain a shell approval gating bypass vulnerability in system.run dispatch-wrapper handling that allows attackers to skip shell wrapper approval requirements. The approval classifier and execution planner apply different depth-boundary rules, permitting exactl...

SUSE CVE-2026-23520

Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane's updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed defining a command to r...

CVE-2023-38336

netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778...

(shellcode) Linux-x64 - create a shell with execve() sending argument using XOR (/bin//sh) [55 bytes]

Exploit Title: Linux-x64 - create a shell with execve sending argument using XOR /bin//sh 55 bytes Shellcode Author: Alexys 0x177git Tested on: Linux x8664 Shellcode Description: creating a new process using execve syscall sending bin//sh as argument | encrypted using XOR operation was QWORD size...

Linux/x64 - create a shell with execve() sending argument using XOR (/bin//sh) Shellcode (55 bytes)

Exploit Title: Linux-x64 - create a shell with execve sending argument using XOR /bin//sh 55 bytes Shellcode Author: Alexys 0x177git Tested on: Linux x8664 Shellcode Description: creating a new process using execve syscall sending bin//sh as argument | encrypted using XOR operation was QWORD size...

CVE-2023-38336

netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778...

Command injection

netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778...

CVE-2023-38336

netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778...

Linux/x86 - Polymorphic linux x86 Shellcode (92 Bytes)

Exploit Title: Polymorphic linux x86 nc -lvve/bin/sh -p13377 shellcode 92 Bytes Exploit Author: Eduardo Silva Tested on: Linux x8664 SMP Debian 4.19.260-1 SLAE/Student ID: PA-31319 Webpage: https://0xnibbles.github.io/ Description: This shellcode is a polymorphic version of...

Debian: Security Advisory (DLA-217-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-2104

The www-data Apache web server account is configured to run sudo with no password for many commands including /bin/sh and /bin/bash...

Exploit for OS Command Injection in Docker

The repository is a proof-of-concept PoC exploit for CVE-2019-5736, a container escape vulnerability in Docker. The PoC is written in Go and is designed to overwrite the /bin/sh binary in a container with a malicious interpreter path, allowing for code execution on the host system. The exploit...

Linux/x86 - execve /bin/sh Shellcode (fstenv eip GetPC technique) (70 bytes, xor encoded)

Exploit Title: Linux/x86 - execve /bin/sh Shellcode fstenv eip GetPC technique 70 bytes, xor encoded Exploit Author: d7x Tested on: Ubuntu x86 / shellcode with XOR decoder stub and fstenv MMX FPU spawning a /bin/sh shell uses the fstenv GetPC technique to get the memory address dynamically...

Linux/x86 - setreuid(0) + execve(/bin/sh) Shellcode (29 bytes)

/ Author: Artur ajes Szymczak 2021 Function: Linux x86 shellcode, setreuid to 0 and then execute /bin/sh Size: 29 bytes Testing: $ gcc -fno-stack-protector -z execstack shellcodetester.c -o shellcode shellcodetester.c: In function ‘main’: shellcodetester.c:25:2: warning: incompatible implicit...

Linux/x86 - execve(/bin/sh) Shellcode (17 bytes)

Linux/x86 - execve/bin/sh Shellcode 17 bytes Author: s1ege Tested on: i686 GNU/Linux Shellcode length: 17 / ; nasm -felf32 shellcode.asm && ld -melfi386 shellcode.o -o shellcode section .text global start start: push 0x0b pop eax push 0x0068732f push 0x6e69622f mov ebx, esp int 0x80 / include...

Linux/x64 - execve(/bin/sh) Shellcode (21 bytes) (2)

Linux/x64 - execve/bin/sh Shellcode 21 bytes Author: s1ege Tested on: x8664 GNU/Linux Shellcode Length: 21 / objdump disassembly 401000: 50 push %rax 401001: 48 31 d2 xor %rdx,%rdx 401004: 48 bb 2f 62 69 6e 2f movabs $0x68732f2f6e69622f,%rbx 40100b: 2f 73 68 40100e: 53 push %rbx 40100f: 54 push...