Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
shadow vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-5457
QNAP TS-469U with firmware 4.0.7 Build 20140410, TS-459U, TS-EC1679U-RP, and SS-839 use world-readable permissions for /etc/config/shadow, which allows local users to obtain usernames and hashed passwords by reading the password.
Qnap Ts-469u Firmware 4.0.7
Qnap Ts-469u -
Qnap Ts-ec1679u-rp Firmware 4.0.7
Qnap Ts-ec1679u-rp -
Qnap Ts-459u Firmware 4.0.7
Qnap Ts-459u -
Qnap Ss-839 Firmware 4.0.7
Qnap Ss-839 -
NA
CVE-2014-2534
/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading "bad parameter" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow.
Blackberry Qnx Neutrino Rtos 6.5.0
Blackberry Qnx Neutrino Rtos 6.4.1
1 EDB exploit
NA
CVE-2006-6683
Pedro Lineu Orso chetcpasswd 2.4.1 and previous versions verifies and updates user accounts via custom code that processes /etc/shadow and does not follow the PAM configuration, which might allow remote malicious users to bypass intended restrictions implemented through PAM.
Pedro Lineu Orso Chetcpasswd
Pedro Lineu Orso Chetcpasswd 2.1
Pedro Lineu Orso Chetcpasswd 2.3.1
Pedro Lineu Orso Chetcpasswd 2.3.3
Pedro Lineu Orso Chetcpasswd 1.12
Pedro Lineu Orso Chetcpasswd 2.2.1
4.3
CVSSv3
CVE-2019-10319
A missing permission check in Jenkins PAM Authentication Plugin 1.5 and previous versions, except 1.4.1 in PamSecurityRealm.DescriptorImpl#doTest allowed users with Overall/Read permission to obtain limited information about the file /etc/shadow and the user Jenkins is running as...
Jenkins Pluggable Authentication Module 1.2
Jenkins Pluggable Authentication Module 1.1
Jenkins Pluggable Authentication Module 1.0
Jenkins Pluggable Authentication Module 1.4
Jenkins Pluggable Authentication Module 1.5
Jenkins Pluggable Authentication Module 1.3
NA
CVE-2008-6705
The MultipacketReciever::RecievePacket function in S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and previous versions allows remote malicious users to cause a denial of service (server termination) via a crafted packet without an expected 0xe0 or 0xe1 value, which triggers the INT3...
Stalker-game S.t.a.l.k.e.r.\\ Shadow Of Chernobyl
7.5
CVSSv3
CVE-2020-12447
A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal, as demonstrated by reading /etc/shadow.
Onkyo Tx-nr585 Firmware 1000-0000-000-0008-0000
8.8
CVSSv3
CVE-2018-19966
An issue exists in Xen up to and including 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exist...
Xen Xen
Debian Debian Linux 9.0
NA
CVE-2010-4303
Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses world-readable permissions for the /etc/shadow file, which allows local users to discover encrypted passwords by reading this file, aka Bug ID CSCti54043.
Cisco Unified Videoconferencing System 5115 Firmware 7.0.1.13.3
Cisco Unified Videoconferencing System 5110 Firmware 7.0.1.13.3
Cisco Unified Videoconferencing System 5110
Cisco Unified Videoconferencing System 5115
7.5
CVSSv3
CVE-2016-3151
Directory traversal vulnerability in the wallpaper parsing functionality in Barco ClickShare CSC-1 devices with firmware prior to 01.09.03, CSM-1 devices with firmware prior to 01.06.02, and CSE-200 devices with firmware prior to 01.03.02 allows remote malicious users to read /et...
Barco Clickshare Csc-1 Firmware
Barco Clickshare Csm-1 Firmware
Barco Clickshare Cse-200 Firmware
7.5
CVSSv3
CVE-2022-47188
There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path.
Generex Cs141 Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »