Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
shell vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-5360
The Royal Elementor Addons and Templates WordPress plugin prior to 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.
Royal-elementor-addons Royal Elementor Addons
12 Github repositories
9.8
CVSSv3
CVE-2023-47104
tinyfiledialogs (aka tiny file dialogs) prior to 3.15.0 allows shell metacharacters (such as a backquote or a dollar sign) in titles, messages, and other input data. NOTE: this issue exists because of an incomplete fix for CVE-2020-36767, which only considered single and double q...
Vareille Tiny File Dialogs
9.8
CVSSv3
CVE-2023-46604
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire...
Apache Activemq
Apache Activemq Legacy Openwire Module
25 Github repositories
1 Article
9.8
CVSSv3
CVE-2023-46321
iTermSessionLauncher.m in iTerm2 prior to 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have shell metacharacters for a /usr/bin/man command line.
Iterm2 Iterm2
Iterm2 Iterm2 3.5.0
9.8
CVSSv3
CVE-2023-45852
In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated malicious user to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.
Viessmann Vitogate 300 Firmware
9.8
CVSSv3
CVE-2023-30805
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is du...
Sangfor Next-gen Application Firewall 8.0.17
9.8
CVSSv3
CVE-2023-30806
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This ...
Sangfor Next-gen Application Firewall Ngaf8.0.17
9.8
CVSSv3
CVE-2023-45239
A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tac_plus to inject shell commands and gain remote code execution on the tac_p...
Facebook Tac Plus
Fedoraproject Fedora 39
1 Github repository
9.8
CVSSv3
CVE-2023-4521
The Import XML and RSS Feeds WordPress plugin prior to 2.1.5 contains a web shell, allowing unauthenticated malicious users to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue (https://wpscan.com/vuln...
Mooveagency Import Xml And Rss Feeds
9.8
CVSSv3
CVE-2023-28614
Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command Injection via shell metacharacters to a report page.
Freewillsolutions Smart Trade 20.01.01.04
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »