Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-4244-mrv4-7597

больше 3 лет назад

Multiple cross-site request forgery (CSRF) vulnerabilities in password.php in PHPmotion 2.1 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that modify an account via the (1) password or (2) email_address parameter.

EPSS: Низкий
github логотип

GHSA-4244-48rc-52q9

больше 3 лет назад

Stack-based buffer overflow in an ActiveX control in najdisitoolbar.dll in Najdi.si Toolbar 2.0.4.1 allows remote attackers to cause a denial of service (browser crash) or execute arbitrary code via a long Document.Location property value.

EPSS: Низкий
github логотип

GHSA-4243-9jgj-pmh6

больше 3 лет назад

In Jiangmin Antivirus 16.0.13.129, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220440.

EPSS: Низкий
github логотип

GHSA-4243-7hwp-6php

9 месяцев назад

Memory corruption during concurrent SSR execution due to race condition on the global maps list.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-423x-f92f-r5fm

больше 3 лет назад

Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1. Freeing such pages requires that the hypervisor enforce that no parallel request can result in the addition of a mapping of such a page to a guest. That enforcement was missing, allowing guests to retain access to pages that were freed and perhaps re-used for other purposes. Unfortunately, when XSA-379 was being prepared, this similar issue was not noticed.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-423x-7gwr-q727

больше 3 лет назад

Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue.

EPSS: Низкий
github логотип

GHSA-423w-pcwr-hw6q

больше 3 лет назад

EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contains an Improper Authentication vulnerability that could potentially be exploited by malicious users to compromise the affected system.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-423w-p2w9-r7vq

больше 2 лет назад

AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure

CVSS3: 4.7
EPSS: Низкий
github логотип

GHSA-423w-7xwv-vwqw

больше 3 лет назад

An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-423w-5759-v9fv

больше 3 лет назад

Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of the anti-malware engine via the running of a specific command with the correct parameters.

CVSS3: 4.4
EPSS: Низкий
github логотип

GHSA-423v-966v-frxg

больше 1 года назад

A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the `UI_LOGO_PATH` variable to a remote server address in the `get_image` function, an attacker can write a malicious Google KMS configuration file to the `cached_logo.jpg` file. This file can then be used to execute arbitrary code by assigning malicious code to the `SAVE_CONFIG_TO_DB` environment variable, leading to full system control. The vulnerability is contingent upon the use of the Google KMS feature.

CVSS3: 7.2
EPSS: Низкий
github логотип

GHSA-423v-7q98-2mj3

3 месяца назад

A vulnerability was detected in code-projects COVID Tracking System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument code results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.

CVSS3: 7.3
EPSS: Низкий
github логотип

GHSA-423v-6jmc-4fwg

почти 4 года назад

Multiple buffer overflows in the httplib_parse_sc_header function in lib/http.c in Streamripper before 1.62.2 allow remote attackers to execute arbitrary code via long (1) Location and (2) Server HTTP headers, a different vulnerability than CVE-2006-3124.

EPSS: Низкий
github логотип

GHSA-423r-r42q-j5mc

3 месяца назад

Use of Hard-Coded Credentials issue exists in MZK-DP300N version 1.07 and earlier, which may allow an attacker within the local network to log in to the affected device via Telnet and execute arbitrary commands.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-423r-mv6p-g8cm

5 месяцев назад

A command injection vulnerability has been reported to affect QuRouter 2.5.1. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.5.1.060 and later

CVSS3: 7.2
EPSS: Низкий
github логотип

GHSA-423p-f8g4-wmpc

больше 3 лет назад

In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-423p-ch83-27qw

больше 3 лет назад

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in multiple log files. A local authenticated attacker with access to the log files may use the exposed password to gain access with the privileges of the compromised user.

EPSS: Низкий
github логотип

GHSA-423m-g5gq-97wq

почти 4 года назад

Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values.

EPSS: Низкий
github логотип

GHSA-423j-x6cf-vmrf

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in the contact update page (ss/bwgkoemr.P_UpdateEmrgContacts) in SunGard Banner Student 7.3 allows remote attackers to inject arbitrary web script or HTML via the addr1 parameter. NOTE: this might be resultant from a CSRF vulnerability, but there are insufficient details to be sure.

EPSS: Низкий
github логотип

GHSA-423j-83rg-3cgc

больше 3 лет назад

syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present. This flaw affects syslog-ng versions prior to and including 2.0.9.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-4244-mrv4-7597

Multiple cross-site request forgery (CSRF) vulnerabilities in password.php in PHPmotion 2.1 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that modify an account via the (1) password or (2) email_address parameter.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-4244-48rc-52q9

Stack-based buffer overflow in an ActiveX control in najdisitoolbar.dll in Najdi.si Toolbar 2.0.4.1 allows remote attackers to cause a denial of service (browser crash) or execute arbitrary code via a long Document.Location property value.

8%
Низкий
больше 3 лет назад
github логотип
GHSA-4243-9jgj-pmh6

In Jiangmin Antivirus 16.0.13.129, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220440.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-4243-7hwp-6php

Memory corruption during concurrent SSR execution due to race condition on the global maps list.

CVSS3: 7.8
0%
Низкий
9 месяцев назад
github логотип
GHSA-423x-f92f-r5fm

Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1. Freeing such pages requires that the hypervisor enforce that no parallel request can result in the addition of a mapping of such a page to a guest. That enforcement was missing, allowing guests to retain access to pages that were freed and perhaps re-used for other purposes. Unfortunately, when XSA-379 was being prepared, this similar issue was not noticed.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-423x-7gwr-q727

Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-423w-pcwr-hw6q

EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contains an Improper Authentication vulnerability that could potentially be exploited by malicious users to compromise the affected system.

CVSS3: 9.8
3%
Низкий
больше 3 лет назад
github логотип
GHSA-423w-p2w9-r7vq

AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure

CVSS3: 4.7
0%
Низкий
больше 2 лет назад
github логотип
GHSA-423w-7xwv-vwqw

An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-423w-5759-v9fv

Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of the anti-malware engine via the running of a specific command with the correct parameters.

CVSS3: 4.4
0%
Низкий
больше 3 лет назад
github логотип
GHSA-423v-966v-frxg

A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the `UI_LOGO_PATH` variable to a remote server address in the `get_image` function, an attacker can write a malicious Google KMS configuration file to the `cached_logo.jpg` file. This file can then be used to execute arbitrary code by assigning malicious code to the `SAVE_CONFIG_TO_DB` environment variable, leading to full system control. The vulnerability is contingent upon the use of the Google KMS feature.

CVSS3: 7.2
0%
Низкий
больше 1 года назад
github логотип
GHSA-423v-7q98-2mj3

A vulnerability was detected in code-projects COVID Tracking System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument code results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.

CVSS3: 7.3
0%
Низкий
3 месяца назад
github логотип
GHSA-423v-6jmc-4fwg

Multiple buffer overflows in the httplib_parse_sc_header function in lib/http.c in Streamripper before 1.62.2 allow remote attackers to execute arbitrary code via long (1) Location and (2) Server HTTP headers, a different vulnerability than CVE-2006-3124.

3%
Низкий
почти 4 года назад
github логотип
GHSA-423r-r42q-j5mc

Use of Hard-Coded Credentials issue exists in MZK-DP300N version 1.07 and earlier, which may allow an attacker within the local network to log in to the affected device via Telnet and execute arbitrary commands.

CVSS3: 8.8
0%
Низкий
3 месяца назад
github логотип
GHSA-423r-mv6p-g8cm

A command injection vulnerability has been reported to affect QuRouter 2.5.1. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.5.1.060 and later

CVSS3: 7.2
0%
Низкий
5 месяцев назад
github логотип
GHSA-423p-f8g4-wmpc

In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.

CVSS3: 6.5
2%
Низкий
больше 3 лет назад
github логотип
GHSA-423p-ch83-27qw

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in multiple log files. A local authenticated attacker with access to the log files may use the exposed password to gain access with the privileges of the compromised user.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-423m-g5gq-97wq

Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values.

0%
Низкий
почти 4 года назад
github логотип
GHSA-423j-x6cf-vmrf

Cross-site scripting (XSS) vulnerability in the contact update page (ss/bwgkoemr.P_UpdateEmrgContacts) in SunGard Banner Student 7.3 allows remote attackers to inject arbitrary web script or HTML via the addr1 parameter. NOTE: this might be resultant from a CSRF vulnerability, but there are insufficient details to be sure.

6%
Низкий
больше 3 лет назад
github логотип
GHSA-423j-83rg-3cgc

syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present. This flaw affects syslog-ng versions prior to and including 2.0.9.

1%
Низкий
больше 3 лет назад

Уязвимостей на страницу