Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview mcp-nmap-server is a MCP server for performing network scanning using NMAP Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the childprocess.exec function in the Nmap CLI Command...

CVE-2026-3484

A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d57ae02460022f7c78ac0893092e38. Affected by this issue is the function childprocess.exec of the file src/index.ts of the component Nmap CLI Command Handler. The manipulation results in command injection. The attack may...

MCP NMAP Server 命令注入漏洞

MCP NMAP Server is a large model context server developed by Phiality’s individual developers. The MCP NMAP Server has a command injection vulnerability, which stems from the command childprocess.exec in the nmap CLI Command Handler component’s src/index.ts file...

PT-2026-22811

Name of the Vulnerable Software and Affected Versions PhialsBasement nmap-mcp-server versions up to bee6d23547d57ae02460022f7c78ac0893092e38 Description A command injection issue exists in the child process.exec function within the Nmap CLI Command Handler component, located in the src/index.ts...

EUVD-2024-55323

reNgine 2.2.0 contains a command injection vulnerability in the nmapcmd parameter of scan engine configuration that allows authenticated attackers to execute arbitrary commands. Attackers can modify the nmapcmd parameter with malicious base64-encoded payloads to achieve remote code execution duri...

CVE-2024-58287

reNgine 2.2.0 contains a command injection vulnerability in the nmapcmd parameter of scan engine configuration that allows authenticated attackers to execute arbitrary commands. Attackers can modify the nmapcmd parameter with malicious base64-encoded payloads to achieve remote code execution duri...

CVE-2024-58287

reNgine 2.2.0 contains a command injection vulnerability in the nmapcmd parameter of scan engine configuration that allows authenticated attackers to execute arbitrary commands. Attackers can modify the nmapcmd parameter with malicious base64-encoded payloads to achieve remote code execution duri...

CVE-2024-58287

The CVE concerns reNgine 2.2.0, where a command-injection flaw exists in the nmap_cmd parameter of the scan engine configuration. The underlying issue allows authenticated attackers to modify the nmap_cmd field with malicious base64-encoded payloads, enabling remote code execution during scan eng...

CVE-2024-58287 reNgine 2.2.0 Authenticated Command Injection via Scan Engine Configuration

reNgine 2.2.0 contains a command injection vulnerability in the nmapcmd parameter of scan engine configuration that allows authenticated attackers to execute arbitrary commands. Attackers can modify the nmapcmd parameter with malicious base64-encoded payloads to achieve remote code execution duri...

CVE-2024-58287 reNgine 2.2.0 Authenticated Command Injection via Scan Engine Configuration

reNgine 2.2.0 contains a command injection vulnerability in the nmapcmd parameter of scan engine configuration that allows authenticated attackers to execute arbitrary commands. Attackers can modify the nmapcmd parameter with malicious base64-encoded payloads to achieve remote code execution duri...

PT-2025-50741

Name of the Vulnerable Software and Affected Versions reNgine version 2.2.0 Description The software contains a command injection issue in the nmap cmd parameter within the scan engine configuration. Authenticated attackers can execute arbitrary commands by modifying the nmap cmd parameter with...

EUVD-2017-6729

Malware in sbrugna...

CVE-2025-24962

reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmapcmd parameters. This issue has been addressed in commit c28e5c8d and is expected in the next versioned release. Users are advised to filter user input and monitor the...

reNgine 注入漏洞

reNgine is an automated reconnaissance framework for web applications from the individual developer Yogesh Ojha. Focused on a highly configurable streamlined scouting process supported by an engine, scouting data association and organization, continuous monitoring, supported by a database and a...

GPT_Vuln-analyzer - Uses ChatGPT API And Python-Nmap Module To Use The GPT3 Model To Create Vulnerability Reports Based On Nmap Scan Data

This is a Proof Of Concept application that demostrates how AI can be used to generate accurate results for vulnerability analysis and also allows further utilization of the already super useful ChatGPT. Requirements Python 3.10 All the packages mentioned in the requirements.txt file OpenAi api...

Exploitivator - Automate Metasploit Scanning And Exploitation

This has only been tested on Kali. It depends on the msfrpc module for Python, described in detail here: https://www.trustwave.com/Resources/SpiderLabs-Blog/Scripting-Metasploit-using-MSGRPC/ Install the necessary Kali packages and the PostgreSQL gem for Ruby: apt-get install postgresql libpq-dev...

CVE-2018-15840

TP-Link TL-WR840N devices allow remote attackers to cause a denial of service networking outage via fragmented packets, as demonstrated by an "nmap -f" command...

HDX applications fails to launch and errors out with an error message “Engine was not loaded, There is no Citrix SSL Server configured on the specified address. Error Number 183”.

HDX applications fail to launch and error out with an error message “Engine was not loaded, There is no Citrix SSL Server configured on the specified address. Error Number 183”. From the Client side trace we see that theclient is unable to make TCP connection with the Second AG Vserver on custom...

Cisco IOS <= 12.0.2 Syslog Crash

No description provided by source. source: http://www.securityfocus.com/bid/675/info Cisco devices running classic IOS are reported prone to a denial of service vulnerability. The issue occurs when a vulnerable device receives and processes a UDP packet on UDP port 514 for syslog. This issue...

Denial of Service in Lotus Domino 5.08 and earlier HTTP Server

There exists a DOS in the current version of Lotus Domino 5.08 and earlier. The DOS manifests itself on Lotus Domino servers with the http task running and ssl enabled. A connection to the victim on port 443 with the nmap '-sR' switch will target this port with SunRPC program NULL commands in an...