27 matches found
EUVD-2018-8589
Malware in sbrugna...
EUVD-2025-28445
Malicious code in bioql PyPI...
CVE-2025-52548
E3 Site Supervisor Control firmware version 2.31F01 contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the...
CVE-2025-52548
E3 Site Supervisor Control firmware version 2.31F01 contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the...
CVE-2025-52548
E3 Site Supervisor Control firmware version 2.31F01 contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the...
CVE-2025-52548
The CVE-2025-52548 entry concerns Copeland E3 Supervisory Control firmware versions older than 2.31F01. A hidden API call in the application services exists (enabled by default disabled) that, if accessed by an admin, can enable SSH and Shellinabox, granting remote access to the underlying operat...
PT-2025-35557
Name of the Vulnerable Software and Affected Versions: E3 Site Supervisor Control versions prior to 2.31F01 Description: E3 Site Supervisor Control firmware version prior to 2.31F01 contains a hidden API call within the application services that enables SSH and Shellinabox. These services exist b...
Linux Distros Unpatched Vulnerability : CVE-2018-16789
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, a...
CVE-2018-16789
libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down...
DEBIAN-CVE-2018-16789
libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down...
CVE-2018-16789
libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down...
UBUNTU-CVE-2018-16789
libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down...
Design/Logic Flaw
libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down...
CVE-2018-16789
CVE-2018-16789 affects shellinabox up to version 2.20, where libhttp/url.c contains a flaw in HTTP request parsing. A crafted multipart/form-data request can cause shellinaboxd to enter an infinite loop, exhausting CPU resources and potentially taking the service down. The available documents des...
CVE-2018-16789
libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down...
CVE-2018-16789
libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down...
PT-2019-9371 · Shellinabox +1 · Shellinabox +1
Name of the Vulnerable Software and Affected Versions: shellinabox versions prior to 2.20 Description: The issue is related to an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force the service into ...
Fedora 27 : shellinabox (2017-a95dd74301)
Disable SSHv1 options. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenab...
Fedora Update for shellinabox FEDORA-2017-1dc71e1acd
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for shellinabox FEDORA-2017-a95dd74301
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...