Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-4256-mfgg-45jq

больше 3 лет назад

In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp could result in denial of service.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-4256-46gj-h2fm

больше 3 лет назад

The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the review objectives.

EPSS: Низкий
github логотип

GHSA-4255-c99r-j52r

больше 3 лет назад

An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. The upgrade_start function in /installer/upgrade_start allows remote authenticated users to execute arbitrary commands via the force parameter.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-4253-j7xf-mm3q

около 1 года назад

The Parsi Date plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-4253-45p9-7hm6

почти 4 года назад

Directory traversal vulnerability in btdownload.php in Blog Torrent preview 0.8 allows remote attackers to download arbitrary files via a .. (dot dot) in the file argument.

EPSS: Низкий
github логотип

GHSA-4252-qg99-p83g

почти 4 года назад

PHP remote file inclusion vulnerability in includes/usercp_viewprofile.php in Hailboards 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

EPSS: Средний
github логотип

GHSA-4252-96vf-89m5

больше 3 лет назад

Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-424x-wf7g-f967

больше 3 лет назад

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1380, CVE-2020-1570.

CVSS3: 8.8
EPSS: Средний
github логотип

GHSA-424x-pmw3-6vmm

больше 3 лет назад

The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted binary file.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-424x-cxvh-wq9p

9 месяцев назад

Mautic allows user name enumeration due to response time difference on password reset form

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-424w-j4hf-8cgp

больше 2 лет назад

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-424v-hqh5-m4mw

почти 3 года назад

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium)

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-424r-cv4h-2fmw

5 месяцев назад

A security issue exists in the protected mode of 1756-EN4TR and 1756-EN2TR communication modules, where a Concurrent Forward Close operation can trigger a Major Non-Recoverable (MNFR) fault. This condition may lead to unexpected system crashes and loss of device availability.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-424r-4x2h-9rv9

около 1 года назад

A vulnerability was found in CodeAstro Car Rental System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /bookingconfirm.php. The manipulation of the argument driver_id_from_dropdown leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

CVSS3: 6.3
EPSS: Низкий
github логотип

GHSA-424q-6vp4-f875

больше 3 лет назад

actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.

EPSS: Низкий
github логотип

GHSA-424p-2fvv-chq4

около 1 года назад

The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.3 via publicly accessible back-up files. This makes it possible for unauthenticated attackers to extract sensitive data including all information stored in the database.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-424m-x85p-3xw9

2 месяца назад

SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a GET request using the 'idmant' parameter in '/PC/frmEPIS.aspx'.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-424m-q6qv-vmpp

5 месяцев назад

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVSS3: 7
EPSS: Низкий
github логотип

GHSA-424m-fj2q-g7vg

2 месяца назад

Aimeos GrapesJS CMS extension has possible stored XSS that's exploitable by authenticated editors

CVSS3: 7.6
EPSS: Низкий
github логотип

GHSA-424j-x9c2-7hg5

больше 3 лет назад

In DecodeFrameCombinedMode of combined_decode.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-152496149

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-4256-mfgg-45jq

In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp could result in denial of service.

CVSS3: 6.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-4256-46gj-h2fm

The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the review objectives.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-4255-c99r-j52r

An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. The upgrade_start function in /installer/upgrade_start allows remote authenticated users to execute arbitrary commands via the force parameter.

CVSS3: 8.8
3%
Низкий
больше 3 лет назад
github логотип
GHSA-4253-j7xf-mm3q

The Parsi Date plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVSS3: 6.1
1%
Низкий
около 1 года назад
github логотип
GHSA-4253-45p9-7hm6

Directory traversal vulnerability in btdownload.php in Blog Torrent preview 0.8 allows remote attackers to download arbitrary files via a .. (dot dot) in the file argument.

4%
Низкий
почти 4 года назад
github логотип
GHSA-4252-qg99-p83g

PHP remote file inclusion vulnerability in includes/usercp_viewprofile.php in Hailboards 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

11%
Средний
почти 4 года назад
github логотип
GHSA-4252-96vf-89m5

Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal.

CVSS3: 7.5
3%
Низкий
больше 3 лет назад
github логотип
GHSA-424x-wf7g-f967

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1380, CVE-2020-1570.

CVSS3: 8.8
14%
Средний
больше 3 лет назад
github логотип
GHSA-424x-pmw3-6vmm

The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted binary file.

CVSS3: 5.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-424x-cxvh-wq9p

Mautic allows user name enumeration due to response time difference on password reset form

CVSS3: 5.3
0%
Низкий
9 месяцев назад
github логотип
GHSA-424w-j4hf-8cgp

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.

CVSS3: 7.8
0%
Низкий
больше 2 лет назад
github логотип
GHSA-424v-hqh5-m4mw

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium)

CVSS3: 4.3
0%
Низкий
почти 3 года назад
github логотип
GHSA-424r-cv4h-2fmw

A security issue exists in the protected mode of 1756-EN4TR and 1756-EN2TR communication modules, where a Concurrent Forward Close operation can trigger a Major Non-Recoverable (MNFR) fault. This condition may lead to unexpected system crashes and loss of device availability.

CVSS3: 6.5
0%
Низкий
5 месяцев назад
github логотип
GHSA-424r-4x2h-9rv9

A vulnerability was found in CodeAstro Car Rental System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /bookingconfirm.php. The manipulation of the argument driver_id_from_dropdown leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

CVSS3: 6.3
0%
Низкий
около 1 года назад
github логотип
GHSA-424q-6vp4-f875

actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.

5%
Низкий
больше 3 лет назад
github логотип
GHSA-424p-2fvv-chq4

The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.3 via publicly accessible back-up files. This makes it possible for unauthenticated attackers to extract sensitive data including all information stored in the database.

CVSS3: 7.5
1%
Низкий
около 1 года назад
github логотип
GHSA-424m-x85p-3xw9

SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a GET request using the 'idmant' parameter in '/PC/frmEPIS.aspx'.

CVSS3: 9.8
0%
Низкий
2 месяца назад
github логотип
GHSA-424m-q6qv-vmpp

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVSS3: 7
0%
Низкий
5 месяцев назад
github логотип
GHSA-424m-fj2q-g7vg

Aimeos GrapesJS CMS extension has possible stored XSS that's exploitable by authenticated editors

CVSS3: 7.6
0%
Низкий
2 месяца назад
github логотип
GHSA-424j-x9c2-7hg5

In DecodeFrameCombinedMode of combined_decode.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-152496149

4%
Низкий
больше 3 лет назад

Уязвимостей на страницу