Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-3vff-2vjg-jh5h

больше 1 года назад

A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuLog Center 1.8.0.872 ( 2024/06/17 ) and later QuLog Center 1.7.0.827 ( 2024/06/17 ) and later

CVSS3: 8.2
EPSS: Низкий
github логотип

GHSA-3vfc-q5wf-pm9c

больше 3 лет назад

Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX-R devices allows remote attackers to hijack the authentication of arbitrary users.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3vf9-hrcp-mj3p

больше 3 лет назад

Eaton's easySoft software v7.20 and prior are susceptible to file parsing type confusion remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user upload a malformed .E70 file in the application. The vulnerability arises due to improper validation of user data supplied through E70 file which is causing Type Confusion.

EPSS: Низкий
github логотип

GHSA-3vf8-2x93-3hff

больше 3 лет назад

On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific UPDATE for an EBGP peer can lead to a routing process daemon (RPD) crash and restart. This issue occurs only when the device is receiving and processing the BGP UPDATE for an EBGP peer. This issue does not occur when the device is receiving and processing the BGP UPDATE for an IBGP peer. However, the offending BGP UPDATE can originally come from an EBGP peer, propagates through the network via IBGP peers without causing crash, then it causes RPD crash when it is processed for a BGP UPDATE towards an EBGP peer. Repeated receipt and processing of the same specific BGP UPDATE can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 17.3R3-S6, 17.4R2-S7, and 18.1R3-S7. Juniper Networks Junos OS Evolved 19.2R2-EVO and later versions, prior to 19.3R1-EVO. Other Junos OS releases are not affected.

EPSS: Низкий
github логотип

GHSA-3vf7-wf97-3857

больше 3 лет назад

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.0, 9.1, 9.2.3, 10.0.2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Node Manager.

EPSS: Низкий
github логотип

GHSA-3vf7-gh27-gx55

почти 3 года назад

A vulnerability was found in Dart http_server up to 0.9.5 and classified as problematic. Affected by this issue is the function VirtualDirectory of the file lib/src/virtual_directory.dart of the component Directory Listing Handler. The manipulation of the argument request.uri.path leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.9.6 is able to address this issue. The name of the patch is 27c1cbd8125bb0369e675eb72e48218496e48ffb. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225356.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-3vf7-954m-xhg4

6 месяцев назад

A flaw has been found in Linksys E1700 1.0.0.4.003. Affected by this vulnerability is the function setWan of the file /goform/setWan. This manipulation of the argument DeviceName/lanIp causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3vf7-8mpc-5rrc

больше 3 лет назад

LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal.

CVSS3: 7.5
EPSS: Высокий
github логотип

GHSA-3vf5-xm2p-6mh5

больше 2 лет назад

Cockpit Cross-site Scripting vulnerability

CVSS3: 8.3
EPSS: Низкий
github логотип

GHSA-3vf5-m872-p593

больше 3 лет назад

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 410/12, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 810, SD 820, and SD 820A, a buffer overflow can occur in SafeSwitch.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3vf5-967m-jfcw

12 месяцев назад

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to factory reset the device via crafted HTTP requests.

CVSS3: 9.1
EPSS: Низкий
github логотип

GHSA-3vf4-qf7v-8hwx

больше 1 года назад

Out-of-bounds read in uuid parsing in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.

CVSS3: 4
EPSS: Низкий
github логотип

GHSA-3vf4-p6xq-xxr9

больше 3 лет назад

The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an error other than the KRB5_KDB_NOENTRY error.

EPSS: Низкий
github логотип

GHSA-3vf4-6xfg-p852

больше 3 лет назад

cPanel before 60.0.25 allows self XSS in the alias upload interface (SEC-184).

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-3vf4-2h3f-crc2

больше 3 лет назад

IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker to traverse directories on the system. An unauthenticated attacker could alter UCD deployments. IBM X-Force ID: 135522.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-3vf3-j8cr-x4g6

больше 1 года назад

The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks

CVSS3: 6.5
EPSS: Высокий
github логотип

GHSA-3vf3-8x3v-cfhr

почти 2 года назад

In DevmemIntUnmapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS3: 8.4
EPSS: Низкий
github логотип

GHSA-3vf2-rf9c-6455

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in the autolearn configuration page in Fortinet FortiWeb 5.1.2 through 5.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-3vf2-r6qr-hcf2

больше 3 лет назад

Catfish CMS V4.7.21 allows XSS via the pinglun parameter to cat/index/index/pinglun (aka an authenticated comment).

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-3vf2-6fxh-3q3m

больше 3 лет назад

WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to obtain sensitive information from process memory via crafted icon data, aka "Windows Forms Information Disclosure Vulnerability."

CVSS3: 7.5
EPSS: Средний

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3vff-2vjg-jh5h

A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuLog Center 1.8.0.872 ( 2024/06/17 ) and later QuLog Center 1.7.0.827 ( 2024/06/17 ) and later

CVSS3: 8.2
1%
Низкий
больше 1 года назад
github логотип
GHSA-3vfc-q5wf-pm9c

Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX-R devices allows remote attackers to hijack the authentication of arbitrary users.

CVSS3: 8.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3vf9-hrcp-mj3p

Eaton's easySoft software v7.20 and prior are susceptible to file parsing type confusion remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user upload a malformed .E70 file in the application. The vulnerability arises due to improper validation of user data supplied through E70 file which is causing Type Confusion.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3vf8-2x93-3hff

On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific UPDATE for an EBGP peer can lead to a routing process daemon (RPD) crash and restart. This issue occurs only when the device is receiving and processing the BGP UPDATE for an EBGP peer. This issue does not occur when the device is receiving and processing the BGP UPDATE for an IBGP peer. However, the offending BGP UPDATE can originally come from an EBGP peer, propagates through the network via IBGP peers without causing crash, then it causes RPD crash when it is processed for a BGP UPDATE towards an EBGP peer. Repeated receipt and processing of the same specific BGP UPDATE can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 17.3R3-S6, 17.4R2-S7, and 18.1R3-S7. Juniper Networks Junos OS Evolved 19.2R2-EVO and later versions, prior to 19.3R1-EVO. Other Junos OS releases are not affected.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3vf7-wf97-3857

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.0, 9.1, 9.2.3, 10.0.2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Node Manager.

4%
Низкий
больше 3 лет назад
github логотип
GHSA-3vf7-gh27-gx55

A vulnerability was found in Dart http_server up to 0.9.5 and classified as problematic. Affected by this issue is the function VirtualDirectory of the file lib/src/virtual_directory.dart of the component Directory Listing Handler. The manipulation of the argument request.uri.path leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.9.6 is able to address this issue. The name of the patch is 27c1cbd8125bb0369e675eb72e48218496e48ffb. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225356.

CVSS3: 6.1
0%
Низкий
почти 3 года назад
github логотип
GHSA-3vf7-954m-xhg4

A flaw has been found in Linksys E1700 1.0.0.4.003. Affected by this vulnerability is the function setWan of the file /goform/setWan. This manipulation of the argument DeviceName/lanIp causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS3: 8.8
0%
Низкий
6 месяцев назад
github логотип
GHSA-3vf7-8mpc-5rrc

LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal.

CVSS3: 7.5
73%
Высокий
больше 3 лет назад
github логотип
GHSA-3vf5-xm2p-6mh5

Cockpit Cross-site Scripting vulnerability

CVSS3: 8.3
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3vf5-m872-p593

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 410/12, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 810, SD 820, and SD 820A, a buffer overflow can occur in SafeSwitch.

CVSS3: 9.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3vf5-967m-jfcw

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to factory reset the device via crafted HTTP requests.

CVSS3: 9.1
0%
Низкий
12 месяцев назад
github логотип
GHSA-3vf4-qf7v-8hwx

Out-of-bounds read in uuid parsing in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.

CVSS3: 4
0%
Низкий
больше 1 года назад
github логотип
GHSA-3vf4-p6xq-xxr9

The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an error other than the KRB5_KDB_NOENTRY error.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3vf4-6xfg-p852

cPanel before 60.0.25 allows self XSS in the alias upload interface (SEC-184).

CVSS3: 5.4
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3vf4-2h3f-crc2

IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker to traverse directories on the system. An unauthenticated attacker could alter UCD deployments. IBM X-Force ID: 135522.

CVSS3: 5.3
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3vf3-j8cr-x4g6

The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks

CVSS3: 6.5
79%
Высокий
больше 1 года назад
github логотип
GHSA-3vf3-8x3v-cfhr

In DevmemIntUnmapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS3: 8.4
0%
Низкий
почти 2 года назад
github логотип
GHSA-3vf2-rf9c-6455

Cross-site scripting (XSS) vulnerability in the autolearn configuration page in Fortinet FortiWeb 5.1.2 through 5.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3vf2-r6qr-hcf2

Catfish CMS V4.7.21 allows XSS via the pinglun parameter to cat/index/index/pinglun (aka an authenticated comment).

CVSS3: 5.4
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3vf2-6fxh-3q3m

WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to obtain sensitive information from process memory via crafted icon data, aka "Windows Forms Information Disclosure Vulnerability."

CVSS3: 7.5
24%
Средний
больше 3 лет назад

Уязвимостей на страницу