Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe execution/deserialization due to runcommand executing untrusted input e.g., data from malicious pickle files or injected code in the interpreter context, allowing arbitrary code execution...

CGM CLININET Code Injection Vulnerability (CNVD-2025-19812)

CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a code injection vulnerability that stems from the RunCommand function failing to properly filter the special elements of the constructor code segment. An attacker can exploit this vulnerability t...

CVE-2025-30056

The RunCommand function accepts any parameter, which is then passed for execution in the shell. This allows an attacker to execute arbitrary code on the system...

CVE-2025-30056 Calling system commands via RunCommand

The RunCommand function accepts any parameter, which is then passed for execution in the shell. This allows an attacker to execute arbitrary code on the system...

PT-2025-34851 · Unknown · Runcommand

Name of the Vulnerable Software and Affected Versions: versions prior to 2025-30056 Description: The RunCommand function accepts any parameter, which is then passed for execution in the shell, allowing an attacker to execute arbitrary code on the system. Recommendations: At the moment, there is n...

Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcommand

Summary Using idlelib.pyshell.ModifiedInterpreter.runcommand function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...

Command Injection

p4 is vulnerable to command injection. The vulnerability exists due to improper input sanitization in the runCommand function, which allows an attacker to inject maliciously crafted commands into the system...

CVE-2022-29496

A stack-based buffer overflow vulnerability exists in the BlynkConsole.h runCommand functionality of Blynk -Library v1.0.1. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability...

Blynk 缓冲区错误漏洞

Blynk is a set of Internet of Things IoT platform from Blynk Inc. in the United States. A security vulnerability exists in Blynk v1.0.1, which stems from a stack-based buffer overflow vulnerability in the BlynkConsole.h runCommand function, which allows an attacker to send a network request to...

CVE-2021-26616

An OS command injection was found in SecuwaySSL, when special characters injection on execute command with runCommand arguments...

CVE-2021-3122

CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter within an XML document sent to port 8089 that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021. NOTE: th...

CVE-2020-7602

node-prompt-here through 1.0.1 allows execution of arbitrary commands. The "runCommand" is called by "getDevices" function in file "linux/manager.js", which is required by the "index. process.env.NMCLI" in the file "linux/manager.js". This function is used to construct the argument of function...

OS Command Injection

network-manager is vulnerable to OS command injection. The vulnerability exists as the unsanitized value of index.process.env.NMCLI in linux/manager.js, used by getDevices in linux/manager.js, reaches childprocess.execSync through runCommand...