29 matches found
PT-2026-31666
Summary basic-ftp version 5.2.0 allows FTP command injection via CRLF sequences r in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handles leading spaces and returns other...
EUVD-2014-3599
Malware in sbrugna...
GHSA-X485-RHG3-CQR4 Spree Commerce is vulnerable to RCE through Search API
Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...
Arbitrary Code Injection
Overview rdsearchlogic is a Searchlogic makes using ActiveRecord named scopes easier and less repetitive. Affected versions of this package are vulnerable to Arbitrary Code Injection via the searchinstanceeval parameter, which is dynamically invoked using the send method. An attacker can execute...
CVE-2011-10026 Spreecommerce < 0.50.x API RCE
Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...
Spree Commerce is vulnerable to RCE through Search API
Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...
Spree Commerce is vulnerable to RCE through Search API
Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...
CVE-2011-10019
Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the searchsend parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute...
CVE-2011-10019 Spreecommerce < 0.60.2 Search Parameter RCE
Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the searchsend parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute...
CVE-2011-10019
Spreecommerce before 0.60.2 is vulnerable to remote command execution via the search[send][] input, which is dynamically invoked using Ruby’s send method and not properly sanitized. This allows an unauthenticated attacker to execute arbitrary shell commands on the server. Affected component: sear...
CVE-2011-10019 Spreecommerce < 0.60.2 Search Parameter RCE
Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the searchsend parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute...
SUSE CVE-2025-38458
In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix NULL pointer dereference in vccsendmsg atmarpddevops does not implement the send method, which may cause crash as bellow. BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: Oops: 0010...
Whoogle Search Cross-site Scripting vulnerability
Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the element method in app/routes.py does not validate the user-controlled srctype and elementurl variables and passes them to the send method which sends a GET request on lines 339-343 in requests.py. The returned...
GHSA-3Q6G-QMPX-RQW4 Whoogle Search Server-Side Request Forgery vulnerability
Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the window endpoint does not sanitize user-supplied input from the location variable and passes it to the send method which sends a GET request on lines 339-343 in request.py, which leads to a server-side request...
Zeta Components Mail 1.8.1 - Remote Code Execution
Zeta Components Mail 1.8.1 - Remote Code Execution Vendor: Zeta Components module: Mail, returnPath-email”; If attacker assign email address like: '[email protected] -X/var/www/html/cache/exploit.php' and inject payload in mail body, sendmail will transfer log-X into...
Zeta Components Mail 1.8.1 - Remote Code Execution
Vendor: Zeta Components module: Mail, returnPath-email”; If attacker assign email address like: '[email protected] -X/var/www/html/cache/exploit.php' and inject payload in mail body, sendmail will transfer log-X into /var/www/html/cache/exploit.php. The resulting file will contain t...
Design/Logic Flaw
vmdb/app/controllers/applicationcontroller/performance.rb in Red Hat CloudForms 3.1 Management Engine CFME before 5.3 allows remote authenticated users to gain privileges via unspecified vectors, related to an "insecure send method."...
CVE-2014-3642
vmdb/app/controllers/applicationcontroller/performance.rb in Red Hat CloudForms 3.1 Management Engine CFME before 5.3 allows remote authenticated users to gain privileges via unspecified vectors, related to an "insecure send method."...
PT-2014-5433 · Red Hat · Red Hat Cloudforms
Name of the Vulnerable Software and Affected Versions: Red Hat CloudForms versions prior to 5.3 Description: The issue allows remote authenticated users to gain privileges via unspecified vectors, related to an "insecure send method" in the vmdb/app/controllers/application controller/performance....
CFME: dangerous send method in performance.rb
It was found that Red Hat CloudForms contained an insecure send method that accepted user-supplied arguments. An authenticated user could use this flaw to modify the program flow in a way that could result in privilege escalation...