Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
shell vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2018-201622019
Digi TransPort LR54 suffers from a restricted shell bypass vulnerability that gets a root shell.
NA
CVE-2006-6979
The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows malicious users to execute arbitrary commands via shell metacharacters.
Amarok Amarok
NA
CVE-2002-0070
Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote malicious users to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled.
Microsoft Windows 2000
Microsoft Windows 98
Microsoft Windows 98se
Microsoft Windows Nt 4.0
NA
CVE-2006-2548
Prodder prior to 0.5, and perlpodder prior to 0.5, allows remote malicious users to execute arbitrary code via shell metacharacters in the URL of a podcast (url attribute of an enclosure tag, or $enc_url variable), which is executed when running wget.
Perlpodder Perlpodder 0.3
Prodder Prodder 0.3
Perlpodder Perlpodder 0.2
Prodder Prodder
Perlpodder Perlpodder
1 EDB exploit
NA
CVE-2006-2667
Direct static code injection vulnerability in WordPress 2.0.2 and previous versions allows remote malicious users to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1...
Wordpress Wordpress
1 EDB exploit
NA
CVE-2006-6980
The magnatune.com album browser in Amarok allows malicious users to cause a denial of service (application crash) via unspecified vectors.
Magnatune.com Album Browser
7.5
CVSSv3
CVE-2017-9030
The Codextrous B2J Contact (aka b2j_contact) extension prior to 2.1.13 for Joomla! allows a directory traversal attack that bypasses a uniqid protection mechanism, and makes it easier to read arbitrary uploaded files.
Codextrous B2j Contact
9.9
CVSSv3
CVE-2018-18556
A privilege escalation issue exists in VyOS 1.1.8. The default configuration also allows operator users to execute the pppd binary with elevated (sudo) permissions. Certain input parameters are not properly validated. A malicious operator user can run the binary with elevated per...
Vyos Vyos 1.1.8
7.2
CVSSv3
CVE-2020-29607
A file upload restriction bypass vulnerability in Pluck CMS prior to 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.
Pluck-cms Pluck
3 Github repositories
NA
CVE-2008-4164
cron.php in MemHT Portal 3.9.0 and previous versions allows remote malicious users to obtain sensitive information via a direct request, which reveals the installation path in an error message.
Memht Memht Portal
Memht Memht Portal 3.8.5
Memht Memht Portal 3.6.0
Memht Memht Portal 3.1
Memht Memht Portal 3.4.5
Memht Memht Portal 3.4
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »