The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file.

CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations.

sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.

Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to “.php” after originally using the parameter “filename” for uploading a JPEG image. Exploitation requires a registered user who has access to upload functionality.

Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter “filename” properly. Exploitation requires a registered user who has access to upload functionality.