CVE-2026-4408

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...

Samba 操作系统命令注入漏洞

Samba is an open-source suite of standard Windows interoperability programs for Linux and Unix systems. Samba has a vulnerability related to operating system command injection, which stems from the incorrect escaping of shell metacharacters when the “check password” script uses the %u character...

PT-2026-43438

Name of the Vulnerable Software and Affected Versions Samba affected versions not specified Description A flaw exists in the handling of certificate auto-enrollment Group Policy. When this feature is enabled, Samba may retrieve a CA certificate via an unencrypted HTTP connection and install it in...

CVE-2022-50994

DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands by injecting shell metacharacters into the formpassword parameter. Attackers can exploit...

CVE-2022-50994 DrayTek Vigor 2960 < 1.5.1.4 OS Command Injection via mainfunction.cgi

DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands by injecting shell metacharacters into the formpassword parameter. Attackers can exploit...

DrayTek Vigor 2960 操作系统命令注入漏洞

The DrayTek Vigor 2960 is a router product developed by DrayTek Corporation. Versions prior to 1.5.1.4 of the DrayTek Vigor 2960 contained an operating system command injection vulnerability. This vulnerability stemmed from issues with OS command injection in the CGI login processing mechanism. I...

EUVD-2025-203278

A vulnerability was found in code-projects Simple Attendance Record System 2.0. The affected element is an unknown function of the file /check.php. Performing manipulation of the argument student results in sql injection. Remote exploitation of the attack is possible. The exploit has been made...

CVE-2025-14643

A vulnerability was found in code-projects Simple Attendance Record System 2.0. The affected element is an unknown function of the file /check.php. Performing manipulation of the argument student results in sql injection. Remote exploitation of the attack is possible. The exploit has been made...

EUVD-2021-32563

Malicious code in bioql PyPI...

Linksys E5600 安全漏洞

Linksys E5600 is a powerful, compact and reliable WiFi 5 router from Linksys, Inc. A security vulnerability exists in Linksys E5600 version 1.1.0.26, which originates from the presence of a risky encryption algorithm in the file checkFw.sh in the component Firmware Handler...

Exploit for File Descriptor Leak in Linuxfoundation Runc

PoC of CVE-2024-21626 Read my full article for detailed explan...

Updated haproxy packages fix security vulnerability

Haproxy has fixed security and other issues in last upstream version 2.8.3 of branch 2.8 Default user access are now commented out to prevent local action possible exploit and prevent further rpmnew on future updates. Use a check script to have config check result in error log on failure. Fix...

SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2019:2866-1)

This update for provides the following fixes : Following security issues were fixed : CVE-2019-14847: User with 'get changes' permission could have crashed AD DC LDAP server via dirsync bsc1154598. CVE-2019-10218: Client code could have returned filenames containing path separators bsc1144902...

The vulnerability of the disk-check.sh and harcap.sh scripts within the Cisco Wide Area Application Services Software package allows a hacker to elevate their privileges to the root level and gain full control over the device.

The vulnerability of the disk-check.sh and harcap.sh scripts within the Cisco Wide Area Application Services Software package is related to errors in the script validation process. Exploiting this vulnerability can allow an attacker to elevate their privileges to the root level and gain full...

DEBIAN-CVE-2004-0372

xine allows local users to overwrite arbitrary files via a symlink attack on a bug report email that is generated by the 1 xine-bugreport or 2 xine-check scripts...

CVE-2004-0372

xine allows local users to overwrite arbitrary files via a symlink attack on a bug report email that is generated by the 1 xine-bugreport or 2 xine-check scripts...