Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
shell vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2020-36079
Zenphoto up to and including 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the Files(elFinder) portion of the UI. This can, f...
Zenphoto Zenphoto
1 Github repository
8.8
CVSSv3
CVE-2020-28687
The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote malicious users to upload arbitrary files.
Artworks Gallery In Php\\, Css\\, Javascript\\, And Mysql Project Artworks Gallery In Php\\, Css\\, Javascript\\, And Mysql 1.0
7.2
CVSSv3
CVE-2022-26965
In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution.
Pluck-cms Pluck 4.7.16
3 Github repositories
7.2
CVSSv3
CVE-2023-33440
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user.
Faculty Evaluation System Project Faculty Evaluation System 1.0
1 Github repository
9.8
CVSSv3
CVE-2017-5215
The Codextrous B2J Contact (aka b2j_contact) extension prior to 2.1.13 for Joomla! allows a rename attack that bypasses a "safe file extension" protection mechanism, leading to remote code execution.
Codextrous B2j Contact
9.9
CVSSv3
CVE-2018-20162
Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root.
Digi Transport Lr54 Firmware
1 Github repository
7.2
CVSSv3
CVE-2021-24155
The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin prior to 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.
Backup-guard Backup Guard
7.5
CVSSv3
CVE-2017-5214
The Codextrous B2J Contact (aka b2j_contact) extension prior to 2.1.13 for Joomla! allows prediction of a uniqid value based on knowledge of a time value. This makes it easier to read arbitrary uploaded files.
Codextrous B2j Contact
7.2
CVSSv3
CVE-2020-28072
A Remote Code Execution vulnerability exists in DourceCodester Alumni Management System 1.0. An authenticated attacker can upload arbitrary file in the gallery.php page and executing it on the server reaching the RCE.
Alumni Management System Project Alumni Management System 1.0
NA
CVE-2001-0307
Bajie HTTP JServer 0.78, and other versions prior to 0.80, allows remote malicious users to execute arbitrary commands via shell metacharacters in an HTTP request for a CGI program that does not exist.
Bajie Java Http Server
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »