CVE-2026-29516

Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file permissions vulnerability that allows authenticated attackers to read the /etc/shadow file by uploading and executing a PHP file through the webserver. Attackers can exploit world-readable permissions o...

EUVD-2019-19961

NetNumber Titan Master 7.9.1 contains a path traversal vulnerability in the drp endpoint that allows authenticated users to download arbitrary files by injecting directory traversal sequences. Attackers can manipulate the path parameter with base64-encoded payloads containing ../ sequences to...

EulerOS Virtualization 2.12.0 : systemd (EulerOS-SA-2026-1523)

According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a...

CVE-2026-29122

International Data Casting IDC SFX2100 satellite receiver comes with the /bin/date utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...

CVE-2025-9576

A vulnerability was identified in seeedstudio ReSpeaker LinkIt7688. Impacted is an unknown function of the file /etc/shadow of the component Administrative Interface. The manipulation leads to use of default credentials. An attack has to be approached locally. A high degree of complexity is neede...

Linux Distros Unpatched Vulnerability : CVE-2025-4598

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the...

SUSE-SU-2025:1505-1 Security update for apparmor

This update for apparmor fixes the following issues: - Add dacreadsearch capability for unixchkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. bsc1241678...

PT-2024-36411 · Wavlink · Wavlink Wn531P3

Name of the Vulnerable Software and Affected Versions: WAVLINK WN531P3 version 202383 Description: A hardcoded password vulnerability was discovered in /etc/shadow, allowing attackers to log in as root. This issue enables unauthorized access to the system with elevated privileges. Recommendations...

Malicious code in faest (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f66b290465d72fc55bce4fef4200ebea68c430be84cdcbbabec5263958041781 When using this library to do any request, a "validateorigin" function is called L1320 in client.py. This method, located in utils.py, collects all request dat...

Exploit for Out-of-bounds Write in Linux Linux_Kernel

CVE-2022-1015 id uid=1000d gid=1000d groups=1000d...

CVE-2020-29669

In the Macally WIFISD2-2A82 Media and Travel Router 2.000.010, the Guest user is able to reset its own password. This process has a vulnerability which can be used to take over the administrator account and results in shell access. As the admin user may read the /etc/shadow file, the password...

PT-2020-3006

Name of the Vulnerable Software and Affected Versions ActiveMQ Artemis versions 2.7.0 through 2.12.0 Description A flaw in the ActiveMQ Artemis management API allows a user to inadvertently store passwords in plaintext in the Artemis shadow file etc/artemis-users.properties file when executing th...

PT-2019-11721 · Jenkins · Jenkins Pam Authentication Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins PAM Authentication Plugin versions 1.5 and earlier, except version 1.4.1 Description: A missing permission check in the PamSecurityRealm.DescriptorImpldoTest function allowed users with Overall/Read permission to obtain limited...

CVE-2016-3151

Directory traversal vulnerability in the wallpaper parsing functionality in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to read /etc/shadow via unspecified...

DreamBox DM800 Arbitrary File Download Vulnerability

Exploit for hardware platform in category remote exploits Exploit Title: title Date: date Author: ShellVision Version: dm800 / !CDATA / functiontryvar...

Linux Kernel 2.6.x chown() Group Ownership Alteration Exploit

Exploit for linux platform in category local exploits ============================================================= Linux Kernel 2.6.x chown Group Ownership Alteration Exploit ============================================================= / $Id: raptorchown.c,v 1.1 2004/12/04 14:44:38 raptor Exp $...

[SECURITY] New version of xlockmore/xlockmore-gl released

------------------------------------------------------------------------ Debian Security Advisory [email protected] http://www.debian.org/security/ Michael Stone August 16, 2000 - ------------------------------------------------------------------------ Package: xlockmore, xlockmore-gl...