GHSA-GGMW-MJHV-75RM NietThijmen ShoppingCart: Command injection in the connect function

Command injection in the connect function in NietThijmen ShoppingCart 0.0.2 allows an attacker to execute arbitrary shell commands and achieve remote code execution via injection of malicious payloads into the Port field...

EUVD-2024-55543

Command injection in the connect function in NietThijmen ShoppingCart 0.0.2 allows an attacker to execute arbitrary shell commands and achieve remote code execution via injection of malicious payloads into the Port field...

NietThijmen ShoppingCart: Command injection in the connect function

Command injection in the connect function in NietThijmen ShoppingCart 0.0.2 allows an attacker to execute arbitrary shell commands and achieve remote code execution via injection of malicious payloads into the Port field...

CVE-2024-53412

Command injection in the connect function in NietThijmen ShoppingCart 0.0.2 allows an attacker to execute arbitrary shell commands and achieve remote code execution via injection of malicious payloads into the Port field...

CVE-2024-53412

CVE-2024-53412 describes a command injection in the i/o of NietThijmen ShoppingCart 0.0.2, specifically in the connect function where user-supplied input in the Port field enables arbitrary shell commands and potential remote code execution. The public documentation identifies the vulnerability a...

CVE-2026-4281

The FormLift for Infusionsoft Web Forms plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 7.5.21. This is due to missing capability checks on the connect and listenfortokens methods of the FormLiftInfusionsoftManager class, both of which are hooked ...

CVE-2026-4281 FormLift for Infusionsoft Web Forms <= 7.5.21 - Missing Authorization to Unauthenticated Infusionsoft Connection Hijack via OAuth Connection Flow

The FormLift for Infusionsoft Web Forms plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 7.5.21. This is due to missing capability checks on the connect and listenfortokens methods of the FormLiftInfusionsoftManager class, both of which are hooked ...

VulnCheck KEV: CVE-2025-64328

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated known user via the...

EUVD-2022-4863

Malicious code in bioql PyPI...

CVE-2022-25890

All versions of the package wifey are vulnerable to Command Injection via the connect function due to improper input sanitization...

CVE-2024-27053 wifi: wilc1000: fix RCU usage in connect path

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix RCU usage in connect path With lockdep enabled, calls to the connect function from cfg802.11 layer lead to the following warning: ============================= WARNING: suspicious RCU usage 6.7.0-rc1-wt+ 333 N...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a competition between the garbage collector and the connect function previously...

kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c

A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol L2CAP, part of the Bluetooth stack in the l2capconnect and l2capleconnectreq functions. An attacker with physical access within the range of standard Bluetooth transmission could...

CVE-2023-1342

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ucssconnect function. This makes it possible for unauthenticated attackers to connect the si...

SUSE CVE-2011-1938

Stack-based buffer overflow in the socketconnect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket...

Command Injection

wifey is vulnerable to command injection. The vulnerability exists due to improper input sanitization in the connect function, which allows an attacker to inject maliciously crafted commands into the system...

GHSA-XJ9V-6Q2F-VQHX wifey vulnerable to Command Injection due to improper input sanitization

All versions of the package wifey are vulnerable to Command Injection via the connect function due to improper input sanitization...

Command injection

All versions of the package wifey are vulnerable to Command Injection via the connect function due to improper input sanitization...

CVE-2022-25890

The CVE-2022-25890 entry affects the Node.js package wifey , with a vulnerability in the connect() function that allows Command Injection due to improper input sanitization. Public references (e.g., Snyk, GitHub advisory) show a PoC exploit and indicate a lack of a fixed version, underscoring rea...

PT-2023-12829 · Wifey · Wifey

Name of the Vulnerable Software and Affected Versions: wifey affected versions not specified Description: The issue is related to Command Injection via the connect function due to improper input sanitization. This allows for potential exploitation. No information is provided about the estimated...