Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
shadow vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-12424
In shadow prior to 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege bound...
Shadow Project Shadow
Debian Debian Linux 9.0
NA
CVE-2002-0091
Multiple CGI scripts in CIDER SHADOW 1.5 and 1.6 allows remote malicious users to execute arbitrary commands via certain form fields.
Nswc Cider Shadow 1.5
Nswc Cider Shadow 1.6
NA
CVE-2000-0479
Dragon FTP server allows remote malicious users to cause a denial of service via a long USER command.
Shadow Op Software Dragon Server 1.0
Shadow Op Software Dragon Server 2.0
NA
CVE-2000-0480
Dragon telnet server allows remote malicious users to cause a denial of service via a long username.
Shadow Op Software Dragon Server 2.0
Shadow Op Software Dragon Server 1.0
1 EDB exploit
7.8
CVSSv3
CVE-2018-16588
Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package up to and including 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and up to and including 4.5-5.39 for SUSE Linux Enterprise 15 (SLE-15). Non-existing intermediate...
Suse Shadow
1 Github repository
NA
CVE-2011-0721
Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field.
Debian Shadow 1\\
NA
CVE-2008-5394
/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry.
Debian Shadow 4.0.18.1
1 EDB exploit
NA
CVE-2004-1001
Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions prior to 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled.
Debian Shadow 4.0.4.1
8.1
CVSSv3
CVE-2019-16110
The network protocol of Blade Shadow though 2.13.3 allows remote malicious users to take control of a Shadow instance and execute arbitrary code by only knowing the victim's IP address, because packet data can be injected into the unencrypted UDP packet stream.
Blade-group Shadow
5.4
CVSSv3
CVE-2023-5469
The Drop Shadow Boxes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dropshadowbox' shortcode in versions up to, and including, 1.7.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible ...
Stevenhenty Drop Shadow Boxes
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »