Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-3w26-jr83-3cgw

больше 3 лет назад

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3w26-g558-6q3x

больше 1 года назад

The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-3w26-g2pv-c7hf

около 2 месяцев назад

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Cerebrum cerebrum allows PHP Local File Inclusion.This issue affects Cerebrum: from n/a through <= 1.12.

CVSS3: 8.1
EPSS: Низкий
github логотип

GHSA-3w26-8cj3-33ww

почти 4 года назад

Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-2983.

EPSS: Низкий
github логотип

GHSA-3w26-3x62-f3gq

около 2 лет назад

A vulnerability has been identified in COMOS (All versions). The affected application lacks proper access controls in making the SQLServer connection. This could allow an attacker to query the database directly to access information that the user should not have access to.

CVSS3: 9.6
EPSS: Низкий
github логотип

GHSA-3w25-pmhx-r58j

почти 4 года назад

Cross-site scripting (XSS) vulnerability in fileview.asp in C2 WebResource allows remote attackers to inject arbitrary web script or HTML via the File parameter.

EPSS: Низкий
github логотип

GHSA-3w24-3vx9-wgrg

больше 2 лет назад

A vulnerability classified as problematic was found in SimplePHPscripts Photo Gallery PHP 2.0. This vulnerability affects unknown code of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. VDB-233290 is the identifier assigned to this vulnerability.

CVSS3: 3.5
EPSS: Низкий
github логотип

GHSA-3w23-97r5-6593

3 месяца назад

A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function formSysRunCmd of the file /goform/SysRunCmd. This manipulation of the argument getui causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3w23-96r5-5vc2

больше 2 лет назад

Authentication Bypass by Spoofing vulnerability in Neutron Neutron Smart VMS allows Authentication Bypass.This issue affects Neutron Smart VMS: before b1130.1.0.1.

CVSS3: 8.2
EPSS: Низкий
github логотип

GHSA-3w22-wrwx-2r75

больше 3 лет назад

Typo3 XSS Vulnerability

CVSS3: 4.8
EPSS: Низкий
github логотип

GHSA-3w22-q3jv-89jw

больше 1 года назад

A file access issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to access user-sensitive data.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3w22-9vmr-qv96

больше 3 лет назад

IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 135519.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3vxx-8f6w-cpxp

больше 3 лет назад

The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance.

EPSS: Низкий
github логотип

GHSA-3vxw-2q8f-4h9h

больше 3 лет назад

A memory initialization issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to disclose kernel memory.

EPSS: Низкий
github логотип

GHSA-3vxv-r339-pjwj

больше 2 лет назад

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Visual Analyzer). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-3vxv-22wh-25v4

6 месяцев назад

A vulnerability has been found in Campcodes Online Loan Management System 1.0. This affects an unknown part of the file /ajax.php?action=delete_plan. Such manipulation of the argument ID leads to sql injection. The attack may be performed from a remote location. The exploit has been disclosed to the public and may be used.

CVSS3: 7.3
EPSS: Низкий
github логотип

GHSA-3vxr-5m43-ff4h

больше 1 года назад

Broken Access Control vulnerability in Samuel Marshall JCH Optimize.This issue affects JCH Optimize: from n/a through 4.0.0.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3vxq-cppx-jr4w

больше 3 лет назад

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3vxq-839x-9f98

больше 2 лет назад

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).

CVSS3: 2.7
EPSS: Низкий
github логотип

GHSA-3vxq-68fw-q4hj

почти 2 года назад

IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic. IBM X-Force ID: 281279.

CVSS3: 7.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3w26-jr83-3cgw

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS3: 8.8
3%
Низкий
больше 3 лет назад
github логотип
GHSA-3w26-g558-6q3x

The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing.

CVSS3: 6.1
1%
Низкий
больше 1 года назад
github логотип
GHSA-3w26-g2pv-c7hf

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Cerebrum cerebrum allows PHP Local File Inclusion.This issue affects Cerebrum: from n/a through <= 1.12.

CVSS3: 8.1
0%
Низкий
около 2 месяцев назад
github логотип
GHSA-3w26-8cj3-33ww

Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-2983.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3w26-3x62-f3gq

A vulnerability has been identified in COMOS (All versions). The affected application lacks proper access controls in making the SQLServer connection. This could allow an attacker to query the database directly to access information that the user should not have access to.

CVSS3: 9.6
0%
Низкий
около 2 лет назад
github логотип
GHSA-3w25-pmhx-r58j

Cross-site scripting (XSS) vulnerability in fileview.asp in C2 WebResource allows remote attackers to inject arbitrary web script or HTML via the File parameter.

2%
Низкий
почти 4 года назад
github логотип
GHSA-3w24-3vx9-wgrg

A vulnerability classified as problematic was found in SimplePHPscripts Photo Gallery PHP 2.0. This vulnerability affects unknown code of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. VDB-233290 is the identifier assigned to this vulnerability.

CVSS3: 3.5
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3w23-97r5-6593

A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function formSysRunCmd of the file /goform/SysRunCmd. This manipulation of the argument getui causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

CVSS3: 8.8
0%
Низкий
3 месяца назад
github логотип
GHSA-3w23-96r5-5vc2

Authentication Bypass by Spoofing vulnerability in Neutron Neutron Smart VMS allows Authentication Bypass.This issue affects Neutron Smart VMS: before b1130.1.0.1.

CVSS3: 8.2
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3w22-wrwx-2r75

Typo3 XSS Vulnerability

CVSS3: 4.8
2%
Низкий
больше 3 лет назад
github логотип
GHSA-3w22-q3jv-89jw

A file access issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to access user-sensitive data.

CVSS3: 5.5
0%
Низкий
больше 1 года назад
github логотип
GHSA-3w22-9vmr-qv96

IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 135519.

CVSS3: 8.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3vxx-8f6w-cpxp

The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3vxw-2q8f-4h9h

A memory initialization issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to disclose kernel memory.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3vxv-r339-pjwj

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Visual Analyzer). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).

CVSS3: 5.4
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3vxv-22wh-25v4

A vulnerability has been found in Campcodes Online Loan Management System 1.0. This affects an unknown part of the file /ajax.php?action=delete_plan. Such manipulation of the argument ID leads to sql injection. The attack may be performed from a remote location. The exploit has been disclosed to the public and may be used.

CVSS3: 7.3
0%
Низкий
6 месяцев назад
github логотип
GHSA-3vxr-5m43-ff4h

Broken Access Control vulnerability in Samuel Marshall JCH Optimize.This issue affects JCH Optimize: from n/a through 4.0.0.

CVSS3: 6.5
0%
Низкий
больше 1 года назад
github логотип
GHSA-3vxq-cppx-jr4w

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.

CVSS3: 8.8
8%
Низкий
больше 3 лет назад
github логотип
GHSA-3vxq-839x-9f98

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).

CVSS3: 2.7
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3vxq-68fw-q4hj

IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic. IBM X-Force ID: 281279.

CVSS3: 7.5
0%
Низкий
почти 2 года назад

Уязвимостей на страницу