GHSA-78H3-63C4-5FQC WeKnora has Command Injection in MCP stdio test

Vulnerability Description --- Vulnerability Overview This issue is a command injection vulnerability CWE-78 that allows authenticated users to inject stdioconfig.command/args into MCP stdio settings, causing the server to execute subprocesses using these injected values. The root causes are as...

VulnCheck KEV: CVE-2022-31161

Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocessexecute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch...

Groups not dropped before running subprocess when using empty 'extra_groups' parameter

...

Exploit for OS Command Injection in Zyxel Nas326_Firmware

CVE-2024-29973 !image-20240619220245325README.assets/Snipa...

Gopherus

This is a Python script for a tool called Gopherus, which is used to exploit Server-Side Request Forgery SSRF vulnerabilities in various services. The tool can generate payloads for different services, including MySQL, PostgreSQL, FastCGI, Memcached, Redis, Zabbix, and SMTP. The script uses a...

Npm port-killer 操作系统命令注入漏洞

Npm port-killer is an application from Npm. It provides a function to terminate a process running on a given port. An operating system command injection vulnerability exists in Npm port-killer, which uses sub-processes to execute functions without input checking...