Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
shadow vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-1174
useradd in shadow-utils prior to 4.0.3, and possibly other versions prior to 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows malicious user...
Debian Shadow 4.0.6
Debian Shadow
Debian Shadow 4.0.0
Debian Shadow 4.0.1
Debian Shadow 4.0.4.1
Debian Shadow 4.0.5
Debian Shadow 4.0.2
Debian Shadow 4.0.4
NA
CVE-2005-2963
The mod_auth_shadow module 1.0 up to and including 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated use...
Mod Auth Shadow Mod Auth Shadow 1.3
Mod Auth Shadow Mod Auth Shadow 1.4
Mod Auth Shadow Mod Auth Shadow 1.1
Mod Auth Shadow Mod Auth Shadow 1.2
Mod Auth Shadow Mod Auth Shadow 1.5
Mod Auth Shadow Mod Auth Shadow 2.0
Mod Auth Shadow Mod Auth Shadow 1.0
NA
CVE-2004-0041
The mod_auth_shadow module 1.4 and previous versions does not properly enforce the expiration of a user account and password, which could allow remote authenticated users to bypass intended access restrictions.
Mod Auth Shadow Mod Auth Shadow 1.1
Mod Auth Shadow Mod Auth Shadow 1.3
Mod Auth Shadow Mod Auth Shadow 1.4
Mod Auth Shadow Mod Auth Shadow 1.0
Mod Auth Shadow Mod Auth Shadow 1.2
7.8
CVSSv3
CVE-2016-6252
Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.
Shadow Project Shadow 4.2.1
3.3
CVSSv3
CVE-2023-29383
In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc...
Shadow Project Shadow 4.13
7.8
CVSSv3
CVE-2019-19882
shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing -...
Shadow Project Shadow 4.8
NA
CVE-2006-4664
PHP remote file inclusion vulnerability in includes/functions_portal.php in Premod Shadow 2.7.1 and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
Premod Shadow Premod Shadow
1 EDB exploit
5.3
CVSSv3
CVE-2018-7169
An issue exists in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an malicious user to remove themselves from a supplementary group, which may allow access to certain ...
Shadow Project Shadow 4.5
5.5
CVSSv3
CVE-2016-15024
A vulnerability was found in doomsider shadow. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is told to be dif...
Doomsider Shadow Project Doomsider Shadow
5.4
CVSSv3
CVE-2023-23833
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Steven Henty Drop Shadow Boxes plugin <= 1.7.10 versions.
Drop Shadow Boxes Project Drop Shadow Boxes
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »