6 matches found
CVE-2026-60121
CVE-2026-60121 affects Vitec Flamingo 4.12.2. An unauthenticated OS command injection exists in admin/ajax/ping.php due to a double-evaluation flaw in shell argument handling: user-supplied host POST parameter is escaped with escapeshellarg() for a system wrapper, but the decoded value is taken f...
EUVD-2018-4522
Malware in sbrugna...
Privilege Escalation
glibc is vulnerable to privilege escalation. It was discovered that the locale command did not produce properly escaped output as required by the POSIX specification. If an attacker were able to set the locale environment variables in the environment of a script that performed shell evaluation on...
CVE-2018-12562
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards such as in an injected string:/home/../tmp/ string...
CVE-2018-12562
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards such as in an injected string:/home/../tmp/ string...
CVE-2018-12562
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards such as in an injected string:/home/../tmp/ string...