CVE-2026-34977

Aperi'Solve is an open-source steganalysis web platform. Prior to 3.2.1, when uploading a JPEG, a user can specify an optional password to accompany the JPEG. This password is then directly passed into an expect command, which is then subsequently passed into a bash -c command, without any form o...

Exploit for OS Command Injection in Std42 Elfinder

CVE-2019-9194 — elFinder Command Injection PoC Command in...

EUVD-2020-5136

Malware in sbrugna...

Rukovoditel 3.3.1 - Remote Code Execution Vulnerability

Exploit Title: Rukovoditel 3.3.1 - Remote Code Execution RCE Version: 3.3.1 Bugs: rce via jpeg file upload Technology: PHP Vendor URL: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Date of found: 12-03-2023 Author: Mirabbas Ağalarov Tested on: Linux 2...

CVE-2020-12854

A remote code execution vulnerability was identified in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can invoke code execution upon uploading a carefully crafted JPEG file as part of the profile avatar...

Coppermine Photo Gallery 1.0 PHP Code Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7300/info Coppermine Photo Gallery has been reported prone to PHP code injection attacks. Due to a lack of sufficient sanitization performed on user-supplied filenames that are uploaded into the Photo Gallery, an attacker...