CVE-2022-29592

Tenda TX9 Pro 22.03.02.10 devices allow OS command injection via setroute called by doSystemCmdroute...

CVE-2019-19383

freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a crafted SIZE command this is exploitable even if logging is disabled...

CVE-2010-4711

Double free vulnerability in the IMAP server component in GroupWise Internet Agent GWIA in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a large parameter in a LIST command...

CVE-2001-1587

NWFTPD.nlm before 5.01w in the FTP server in Novell NetWare allows remote attackers to cause a denial of service abend via an anonymous STOU command...

CVE-2025-48280

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ruben Garcia AutomatorWP automatorwp allows Blind SQL Injection.This issue affects AutomatorWP: from n/a through = 5.2.1.3...

CVE-2025-4848 FreeFloat FTP Server RECV Command buffer overflow

A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component RECV Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may...

CVE-2025-4254 PCMan FTP Server LIST Command buffer overflow

A vulnerability was found in PCMan FTP Server 2.0.7. It has been rated as critical. Affected by this issue is some unknown functionality of the component LIST Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the...

PT-2025-15242 · Unknown · Pcman Ftp Server

Name of the Vulnerable Software and Affected Versions: PCMan FTP Server version 2.0.7 Description: A critical issue was found in the MKDIR Command Handler component, affecting an unknown function, which leads to a buffer overflow. This issue can be exploited remotely. Recommendations: For PCMan F...

CVE-2025-31135 Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times

Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. Prior to 1.6.7, when ProxyOn is enabled, the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything after that is...

CVE-2025-24380

Dell Unity, versions 5.4 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privilege...

AquilaCMS 缓冲区错误漏洞

AquilaCMS is a complete multipurpose open source CMS from the AquilaCMS team. A security vulnerability exists in AquilaCMS that stems from the fact that sending a malicious remote command can result in a segmentation error...

CVE-2024-52961

An improper neutralization of special elements used in an OS Command vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 5.0.0, FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2.1 through 4.2.7, FortiSandbox 4.0.0 through 4.0.5, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all version...

CVE-2024-52961

An improper neutralization of special elements used in an OS Command vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 5.0.0, FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2.1 through 4.2.7, FortiSandbox 4.0.0 through 4.0.5, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all version...

CVE-2024-52961

An improper neutralization of special elements used in an OS Command vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 5.0.0, FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2.1 through 4.2.7, FortiSandbox 4.0.0 through 4.0.5, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all version...

CVE-2024-52961

CVE-2024-52961 affects Fortinet FortiSandbox OS command handling. Affected are FortiSandbox versions 3.0–5.0.0 (various 3.x and 4.x releases; 5.0.0 cited). The vulnerability is due to improper neutralization of specific elements used in an OS command, allowing an authenticated attacker with read-...

CVE-2025-25150

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stylemix uListing ulisting allows Blind SQL Injection.This issue affects uListing: from n/a through = 2.1.6...

CVE-2025-26974

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPExperts.io WP Multistore Locator wp-multi-store-locator allows Blind SQL Injection.This issue affects WP Multistore Locator: from n/a through = 2.5.1...

CVE-2025-22630

CVE-2025-22630 concerns the WordPress plugin Widget Options. The vulnerability is a Command Injection (improper neutralization of special elements) that allows OS Command Injection and potentially Arbitrary Code Execution. Affected software: Widget Options versions

CVE-2022-22301

An improper neutralization of special elements used in an OS Command vulnerability CWE-78 in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an authenticated attacker to execute unauthorized commands by running CLI commands with specifically crafted arguments...

CVE-2022-39321

GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands wa...