Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
shell vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2017-5206
Firejail prior to 0.9.44.4, when running on a Linux kernel prior to 4.8, allows context-dependent malicious users to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument.
Firejail Project Firejail
7.2
CVSSv2
CVE-2017-5207
Firejail prior to 0.9.44.4, when running a bandwidth command, allows local users to gain root privileges via the --shell argument.
Firejail Project Firejail
6.5
CVSSv2
CVE-2017-11321
The restricted shell interface in UCOPIA Wireless Appliance prior to 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command.
Ucopia Wireless Appliance
1 EDB exploit
NA
CVE-2024-25830
F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the maliciou...
1 Github repository
NA
CVE-2024-25832
F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to upload a file of dangerous type by manipulating the filename extension.
1 Github repository
9
CVSSv2
CVE-2022-27249
An unrestricted file upload vulnerability in IdeaRE RefTree prior to 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web root, and then visiting the URL for this aspx resource.
Idearespa Reftree
NA
CVE-2022-34128
The Cartography (aka positions) plugin prior to 6.0.1 for GLPI allows remote code execution via PHP code in the POST data to front/upload.php.
Glpi-project Positions
6.5
CVSSv2
CVE-2018-19423
Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file.
Codiad Codiad 2.8.4
6.5
CVSSv2
CVE-2015-0258
Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive prior to 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension.
O-dyn Collabtive
Debian Debian Linux 8.0
Canonical Ubuntu Linux 16.04
7.5
CVSSv2
CVE-2005-0439
Buffer overflow in the decode_post function in ELOG prior to 2.5.7 allows remote malicious users to execute arbitrary code via attachments with long file names.
Stefan Ritt Elog Web Logbook 2.0.2
Stefan Ritt Elog Web Logbook 2.0.3
Stefan Ritt Elog Web Logbook 2.2.0
Stefan Ritt Elog Web Logbook 2.2.1
Stefan Ritt Elog Web Logbook 2.2.2
Stefan Ritt Elog Web Logbook 2.0.0
Stefan Ritt Elog Web Logbook 2.0.1
Stefan Ritt Elog Web Logbook 2.1.2
Stefan Ritt Elog Web Logbook 2.1.3
Stefan Ritt Elog Web Logbook 2.5.6
Stefan Ritt Elog Web Logbook 2.0.4
Stefan Ritt Elog Web Logbook 2.0.5
Stefan Ritt Elog Web Logbook 2.2.3
Stefan Ritt Elog Web Logbook 2.2.4
Stefan Ritt Elog Web Logbook 2.1.0
Stefan Ritt Elog Web Logbook 2.1.1
Stefan Ritt Elog Web Logbook 2.4
Stefan Ritt Elog Web Logbook 2.5
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »