Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-3wg4-9v5r-3g2h

больше 2 лет назад

HTTP.sys Denial of Service Vulnerability

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3wg4-74hw-hxr7

больше 3 лет назад

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-2481.

EPSS: Низкий
github логотип

GHSA-3wg4-69x5-5r76

почти 3 года назад

A stack-based buffer overflow vulnerability [CWE-121] in the CA sign functionality of FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted password.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3wg3-6wwv-v265

больше 1 года назад

A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the KeBugCheckEx function.

EPSS: Средний
github логотип

GHSA-3wg2-8vcr-5m74

около 3 лет назад

The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs.

CVSS3: 5.3
EPSS: Средний
github логотип

GHSA-3wg2-72jm-537j

почти 3 года назад

In SAP BusinessObjects Business Intelligence Platform - version 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own CMS, leading to a high impact on availability.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3wg2-58mc-3xgh

3 месяца назад

Sensitive information uncleared in resource before release for reuse for some Intel(R) NPU Drivers for Windows before version 32.0.100.4023 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

CVSS3: 3.8
EPSS: Низкий
github логотип

GHSA-3wfx-w72c-xg7v

8 месяцев назад

Cross-Site Request Forgery (CSRF) vulnerability in mangup Personal Favicon allows Stored XSS. This issue affects Personal Favicon: from n/a through 2.0.

CVSS3: 7.1
EPSS: Низкий
github логотип

GHSA-3wfx-mj93-vf8v

больше 1 года назад

Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3wfw-cf7h-38c7

больше 1 года назад

A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials. This vulnerability is due to improper storage of the unencrypted database credentials on the device that is running Cisco IOS XR Software. An attacker could exploit this vulnerability by accessing the configuration files on an affected system. A successful exploit could allow the attacker to view MongoDB credentials.

CVSS3: 8.4
EPSS: Низкий
github логотип

GHSA-3wfv-3cfc-9mjc

почти 3 года назад

In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-3wfr-9gjx-63gf

больше 3 лет назад

iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by (1) configure or (2) examples/dhcp-client-script.

EPSS: Низкий
github логотип

GHSA-3wfq-h43q-w8hw

больше 3 лет назад

IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow an authenticated user to obtain sensitive information due to easy to guess session identifier names. IBM X-Force ID: 162658.

EPSS: Низкий
github логотип

GHSA-3wfq-4hqg-3c4g

больше 3 лет назад

In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112890242

EPSS: Низкий
github логотип

GHSA-3wfp-9jx5-5xmc

около 3 лет назад

The Fancier Author Box by ThematoSoup WordPress plugin through 1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVSS3: 4.8
EPSS: Низкий
github логотип

GHSA-3wfp-98cg-vgm9

больше 3 лет назад

Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact.

CVSS3: 9.8
EPSS: Средний
github логотип

GHSA-3wfp-4xf2-2wr9

11 месяцев назад

A vulnerability was found in Beijing Zhide Intelligent Internet Technology Modern Farm Digital Integrated Management System 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints are affected. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-3wfp-4rwx-xmxg

около 2 лет назад

A vulnerability was found in SourceCodester Simple Image Stack Website 1.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument search with the input sy2ap%22%3e%3cscript%3ealert(1)%3c%2fscript%3etkxh1 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248255.

CVSS3: 3.5
EPSS: Низкий
github логотип

GHSA-3wfp-253j-5jxv

около 2 лет назад

SSRF & Credentials Leak

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3wfm-93m9-mc3c

больше 3 лет назад

An issue was discovered in gpac before 1.0.1. A NULL pointer dereference exists in the function dump_isom_sdp located in filedump.c. It allows an attacker to cause Denial of Service.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3wg4-9v5r-3g2h

HTTP.sys Denial of Service Vulnerability

CVSS3: 7.5
1%
Низкий
больше 2 лет назад
github логотип
GHSA-3wg4-74hw-hxr7

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-2481.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3wg4-69x5-5r76

A stack-based buffer overflow vulnerability [CWE-121] in the CA sign functionality of FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted password.

CVSS3: 8.8
0%
Низкий
почти 3 года назад
github логотип
GHSA-3wg3-6wwv-v265

A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the KeBugCheckEx function.

19%
Средний
больше 1 года назад
github логотип
GHSA-3wg2-8vcr-5m74

The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs.

CVSS3: 5.3
59%
Средний
около 3 лет назад
github логотип
GHSA-3wg2-72jm-537j

In SAP BusinessObjects Business Intelligence Platform - version 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own CMS, leading to a high impact on availability.

CVSS3: 7.5
0%
Низкий
почти 3 года назад
github логотип
GHSA-3wg2-58mc-3xgh

Sensitive information uncleared in resource before release for reuse for some Intel(R) NPU Drivers for Windows before version 32.0.100.4023 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

CVSS3: 3.8
0%
Низкий
3 месяца назад
github логотип
GHSA-3wfx-w72c-xg7v

Cross-Site Request Forgery (CSRF) vulnerability in mangup Personal Favicon allows Stored XSS. This issue affects Personal Favicon: from n/a through 2.0.

CVSS3: 7.1
0%
Низкий
8 месяцев назад
github логотип
GHSA-3wfx-mj93-vf8v

Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS3: 8.8
0%
Низкий
больше 1 года назад
github логотип
GHSA-3wfw-cf7h-38c7

A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials. This vulnerability is due to improper storage of the unencrypted database credentials on the device that is running Cisco IOS XR Software. An attacker could exploit this vulnerability by accessing the configuration files on an affected system. A successful exploit could allow the attacker to view MongoDB credentials.

CVSS3: 8.4
0%
Низкий
больше 1 года назад
github логотип
GHSA-3wfv-3cfc-9mjc

In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.

CVSS3: 6.1
5%
Низкий
почти 3 года назад
github логотип
GHSA-3wfr-9gjx-63gf

iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by (1) configure or (2) examples/dhcp-client-script.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3wfq-h43q-w8hw

IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow an authenticated user to obtain sensitive information due to easy to guess session identifier names. IBM X-Force ID: 162658.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3wfq-4hqg-3c4g

In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112890242

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3wfp-9jx5-5xmc

The Fancier Author Box by ThematoSoup WordPress plugin through 1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVSS3: 4.8
0%
Низкий
около 3 лет назад
github логотип
GHSA-3wfp-98cg-vgm9

Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact.

CVSS3: 9.8
26%
Средний
больше 3 лет назад
github логотип
GHSA-3wfp-4xf2-2wr9

A vulnerability was found in Beijing Zhide Intelligent Internet Technology Modern Farm Digital Integrated Management System 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints are affected. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS3: 5.3
0%
Низкий
11 месяцев назад
github логотип
GHSA-3wfp-4rwx-xmxg

A vulnerability was found in SourceCodester Simple Image Stack Website 1.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument search with the input sy2ap%22%3e%3cscript%3ealert(1)%3c%2fscript%3etkxh1 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248255.

CVSS3: 3.5
0%
Низкий
около 2 лет назад
github логотип
GHSA-3wfp-253j-5jxv

SSRF & Credentials Leak

CVSS3: 7.5
2%
Низкий
около 2 лет назад
github логотип
GHSA-3wfm-93m9-mc3c

An issue was discovered in gpac before 1.0.1. A NULL pointer dereference exists in the function dump_isom_sdp located in filedump.c. It allows an attacker to cause Denial of Service.

0%
Низкий
больше 3 лет назад

Уязвимостей на страницу