CVE-2026-29955

The /registercrd endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses subprocess.Popen with shell=True parameter to execute shell commands, and the user-supplied chartName parameter is directly concatenated into the command string...

PYSEC-2020-6

A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by...

phpDVD v1.0.4 (dvd_config_file) Remote File Include Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? print ' //'=============================================================================================== //'Script : phpDVD v1.0.4 //'Author : iLker Kandemir ilkerkandemiratmynet.com //'S.Page :...

Admbook <= 1.2.2 (X-Forwarded-For) Remote Command Execution Exploit

No description provided by source. !/usr/bin/perl -w use IO::Socket; print "\r\n"; print "| Admbook =1.2.2 X-Forwarded-For cmmnds xctn xploit |\r\n"; print "| By rgod rgodATautisticiDOTorg |\r\n"; print "| site: http://retrogod.altervista.org |\r\n"; print "| |\r\n"; print "| Sun-Tzu: "Rouse him,...