15 matches found
Kopia: RCE via SSH ProxyCommand Injection
Summary Kopia's HTTP server, when started with --without-password , accepts unauthenticated requests to /api/v1/repo/exists. The handler forwards an attacker-supplied storage configuration to blob.NewStorage. For SFTP backends with externalSSH: true, that path constructs a process command line by...
Astra Linux - уязвимость в libnbd
A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier URI. This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell SSH process,...
SUSE CVE-2025-14946
A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier URI. This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell SSH process,...
CVE-2025-14946
A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier URI. This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell SSH process,...
UBUNTU-CVE-2025-14946
A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier URI. This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell SSH process,...
Remote Code Execution (RCE).
drupal/core is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsanitized shell arguments in DefaultMailSystem::mail, which could be exploited to execute arbitrary code...
GHSA-26HP-CGJJ-M2J3 fuel/core ImageMagick driver does not escape all shell arguments.
This vulnerability may cause OS commands to be executed when you pass unvalidated image filenames containing specially crafted strings to the ImageMagick driver...
fuel/core ImageMagick driver does not escape all shell arguments.
This vulnerability may cause OS commands to be executed when you pass unvalidated image filenames containing specially crafted strings to the ImageMagick driver...
Drupal core Remote Code Execution
In Drupal core, when sending email some variables were not being sanitized for shell arguments in DefaultMailSystem::mail, which could lead to remote code execution...
PT-2024-40130 · Drupal · Drupal Core
Name of the Vulnerable Software and Affected Versions: Drupal core affected versions not specified Description: The issue is related to the sanitization of variables for shell arguments in the DefaultMailSystem::mail function when sending email, which could potentially lead to remote code...
PT-2023-3530 · Mediawiki · Mediawiki Pandocupload Extension
Name of the Vulnerable Software and Affected Versions: MediaWiki PandocUpload Extension affected versions not specified Description: The issue is related to insufficient input validation when processing shell arguments in the MediaWiki PandocUpload extension. This can be exploited by a remote...
CVE-2022-22992
A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. The vulnerability was addressed by escaping individual arguments to shell functions coming from user input...
OS Command Injection
locutus is vulnerable to arbitrary code execution. The PHP function escapeshellarg can be bypassed when used in Locutus, which would allow an attacker to inject and execute arbitrary commands via shell arguments...
drupal -- Drupal Core - Multiple Vulnerabilities
Drupal Security Team reports: he path module allows users with the 'administer paths' to create pretty URLs for content. In certain circumstances the user can enter a particular path that triggers an open redirect to a malicious url.The issue is mitigated by the fact that the user needs the...
ImageMagick driver does not escape all shell arguments.
More info at https://fuelphp.com/security-advisories...