42 matches found
EUVD-2019-19740
NetGain EM Plus 10.1.68 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious parameters to the scripttest.jsp endpoint. Attackers can send POST requests with shell commands embedded in the 'content'...
CVE-2026-28269
Kiteworks is a private data network PDN. Prior to version 9.2.0, avulnerability in Kiteworks command execution functionality allows authenticated users to redirect command output to arbitrary file locations. This could be exploited to overwrite critical system files and gain elevated access...
Output Injection
Badkeys is vulnerable to output injection. The vulnerability is due to improper handling and sanitization of control characters in input, which allows an attacker to inject malicious content that produces misleading or manipulated command-line output when scanning DKIM keys, SSH keys, or filename...
EUVD-2022-38393
Malicious code in bioql PyPI...
Exploit for Code Injection in Langflow
mitsec - CVE-2025-3248 Langflow RCE Exploit Remote Code Execu...
CVE-2025-49141
HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.3, the gitImportSite functionality obtains a URL string from a POST request and insufficiently validates user input. The setremote function later passes this input into procopen, yielding OS...
CVE-2022-35505
A segmentation fault in TripleCross v0.1.0 occurs when sending a control command from the client to the server. This occurs because there is no limit to the length of the output of the executed command...
CVE-2025-2157 Foreman: disclosure of executed commands and outputs in foreman / red hat satellite
A flaw was found in Foreman/Red Hat Satellite. Improper file permissions allow low-privileged OS users to monitor and access temporary files under /var/tmp, exposing sensitive command outputs, such as /etc/shadow. This issue can lead to information disclosure and privilege escalation if exploited...
Exploit for Unrestricted Upload of File with Dangerous Type in Avaya Aura_Device_Services
CVE-2023-3722 Python POC for CVE-2023-3722 Avaya Aura Device S...
RUSTSEC-2024-0364 gitoxide-core does not neutralize special characters for terminals
Summary The gix and ein commands write pathnames and other metadata literally to terminals, even if they contain characters terminals treat specially, including ANSI escape sequences. This sometimes allows an untrusted repository to misrepresent its contents and to alter or concoct error messages...
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability.
...
Exploit for Improper Neutralization of Escape, Meta, or Control Sequences in Kernel Util-Linux
Wall-Escape CVE-2024-28085 The util-linux wall command does...
cri-o: memory exhaustion on the node when access to the kube api
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a...
cri-o: memory exhaustion on the node when access to the kube api
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a...
CVE-2022-35505
A segmentation fault in TripleCross v0.1.0 occurs when sending a control command from the client to the server. This occurs because there is no limit to the length of the output of the executed command...
CVE-2022-35505
A segmentation fault in TripleCross v0.1.0 occurs when sending a control command from the client to the server. This occurs because there is no limit to the length of the output of the executed command...
CVE-2022-35505
A segmentation fault in TripleCross v0.1.0 occurs when sending a control command from the client to the server. This occurs because there is no limit to the length of the output of the executed command...
PT-2022-22872 · Unknown · Triplecross
Name of the Vulnerable Software and Affected Versions: TripleCross version 0.1.0 Description: A segmentation fault occurs when sending a control command from the client to the server. This issue arises because there is no limit to the length of the output of the executed command. Recommendations:...
cri-o: memory exhaustion on the node when access to the kube api
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a...
cri-o: memory exhaustion on the node when access to the kube api
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a...