Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-3xhr-vwcx-8p3c

около 2 лет назад

Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3xhq-34vv-rcv3

больше 3 лет назад

Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3xhm-wx2h-r6c8

около 3 лет назад

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the time parameter at /goform/saveParentControlInfo.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3xhm-m5h8-87g4

почти 4 года назад

Multiple stack-based buffer overflows in PowerArchiver 8.10 through 9.5 Beta 4 and Beta 5 allow remote attackers to execute arbitrary code via a long filename in a (1) ACE or (2) ARJ archive.

EPSS: Низкий
github логотип

GHSA-3xhj-ccfg-q5j3

почти 4 года назад

Buffer overflow in RealPlayer 11 build 6.0.14.748 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: As of 20080103, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.

EPSS: Низкий
github логотип

GHSA-3xhj-54c4-g444

больше 3 лет назад

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-ldss.c by ensuring that memory is allocated for a certain data structure.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3xhg-f42j-mq9r

почти 4 года назад

Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to port scan arbitrary hosts via URLs with modified targets and ports, then comparing the resulting error messages to determine open and closed ports.

EPSS: Низкий
github логотип

GHSA-3xhg-6w83-qffm

почти 4 года назад

Stack-based buffer overflow in mIRC 6.34 allows remote attackers to execute arbitrary code via a long hostname in a PRIVMSG message.

EPSS: Высокий
github логотип

GHSA-3xhc-3pqp-v39v

больше 3 лет назад

Unvalidated input in the WP Google Map Plugin WordPress plugin, versions before 4.1.5, in the Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high privileged user (admin+).

CVSS3: 7.2
EPSS: Низкий
github логотип

GHSA-3xh9-qqm6-f9gm

больше 3 лет назад

The Zone-Based Firewall implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers incorrect kernel-timer handling, aka Bug ID CSCuh25672.

EPSS: Низкий
github логотип

GHSA-3xh9-7994-gpvw

больше 2 лет назад

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3xh8-wc63-mmj5

больше 3 лет назад

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1193, CVE-2020-1332, CVE-2020-1335.

CVSS3: 7.8
EPSS: Средний
github логотип

GHSA-3xh8-3p84-p59c

больше 3 лет назад

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LDAP group membership an attack might gain privileged access. IBM X-Force ID: 130807.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3xh8-38h4-qx97

больше 3 лет назад

DistinctDev, Inc., The Moron Test, 6.3.1, 2017-05-04, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3xh7-vf3h-529r

почти 2 года назад

In tbd of tbd, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS3: 8.4
EPSS: Низкий
github логотип

GHSA-3xh7-fq5x-f9qj

7 дней назад

An improper access control vulnerability exists in ASUS Secure Delete Driver of ASUS Business Manager. This vulnerability can be triggered by a local user sending a specially crafted request, potentially leading to the creation of arbitrary files in a specified path. Refer to the "Security Update for ASUS Business Manager" section on the ASUS Security Advisory for more information.

EPSS: Низкий
github логотип

GHSA-3xh6-gqph-67wc

больше 1 года назад

The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary OS commands via the login_id parameter when invoking the forgot_password functionality over HTTP.

CVSS3: 9.8
EPSS: Средний
github логотип

GHSA-3xh6-2cvw-6jh4

почти 4 года назад

Multiple PHP remote file inclusion vulnerabilities in Persism CMS 0.9.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the system[path] parameter to (1) blocks/headerfile.php, (2) files/blocks/latest_files.php, (3) filters/headerfile.php, (4) forums/blocks/latest_posts.php, (5) groups/headerfile.php, (6) links/blocks/links.php, (7) menu/headerfile.php, (8) news/blocks/latest_news.php, (9) settings/headerfile.php, or (10) users/headerfile.php, in modules/.

EPSS: Высокий
github логотип

GHSA-3xh5-8hvq-rc8x

около 3 лет назад

Apache DolphinScheduler vulnerable to Improper Input Validation

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3xh5-6h9j-xjc3

почти 4 года назад

Sprint Nextel Sprint voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID).

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3xhr-vwcx-8p3c

Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame.

CVSS3: 7.5
0%
Низкий
около 2 лет назад
github логотип
GHSA-3xhq-34vv-rcv3

Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.

CVSS3: 6.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3xhm-wx2h-r6c8

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the time parameter at /goform/saveParentControlInfo.

CVSS3: 7.5
0%
Низкий
около 3 лет назад
github логотип
GHSA-3xhm-m5h8-87g4

Multiple stack-based buffer overflows in PowerArchiver 8.10 through 9.5 Beta 4 and Beta 5 allow remote attackers to execute arbitrary code via a long filename in a (1) ACE or (2) ARJ archive.

4%
Низкий
почти 4 года назад
github логотип
GHSA-3xhj-ccfg-q5j3

Buffer overflow in RealPlayer 11 build 6.0.14.748 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: As of 20080103, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.

7%
Низкий
почти 4 года назад
github логотип
GHSA-3xhj-54c4-g444

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-ldss.c by ensuring that memory is allocated for a certain data structure.

CVSS3: 7.5
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3xhg-f42j-mq9r

Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to port scan arbitrary hosts via URLs with modified targets and ports, then comparing the resulting error messages to determine open and closed ports.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3xhg-6w83-qffm

Stack-based buffer overflow in mIRC 6.34 allows remote attackers to execute arbitrary code via a long hostname in a PRIVMSG message.

81%
Высокий
почти 4 года назад
github логотип
GHSA-3xhc-3pqp-v39v

Unvalidated input in the WP Google Map Plugin WordPress plugin, versions before 4.1.5, in the Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high privileged user (admin+).

CVSS3: 7.2
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3xh9-qqm6-f9gm

The Zone-Based Firewall implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers incorrect kernel-timer handling, aka Bug ID CSCuh25672.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3xh9-7994-gpvw

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS3: 7.8
1%
Низкий
больше 2 лет назад
github логотип
GHSA-3xh8-wc63-mmj5

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1193, CVE-2020-1332, CVE-2020-1335.

CVSS3: 7.8
11%
Средний
больше 3 лет назад
github логотип
GHSA-3xh8-3p84-p59c

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LDAP group membership an attack might gain privileged access. IBM X-Force ID: 130807.

CVSS3: 8.8
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3xh8-38h4-qx97

DistinctDev, Inc., The Moron Test, 6.3.1, 2017-05-04, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3xh7-vf3h-529r

In tbd of tbd, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS3: 8.4
0%
Низкий
почти 2 года назад
github логотип
GHSA-3xh7-fq5x-f9qj

An improper access control vulnerability exists in ASUS Secure Delete Driver of ASUS Business Manager. This vulnerability can be triggered by a local user sending a specially crafted request, potentially leading to the creation of arbitrary files in a specified path. Refer to the "Security Update for ASUS Business Manager" section on the ASUS Security Advisory for more information.

0%
Низкий
7 дней назад
github логотип
GHSA-3xh6-gqph-67wc

The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary OS commands via the login_id parameter when invoking the forgot_password functionality over HTTP.

CVSS3: 9.8
54%
Средний
больше 1 года назад
github логотип
GHSA-3xh6-2cvw-6jh4

Multiple PHP remote file inclusion vulnerabilities in Persism CMS 0.9.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the system[path] parameter to (1) blocks/headerfile.php, (2) files/blocks/latest_files.php, (3) filters/headerfile.php, (4) forums/blocks/latest_posts.php, (5) groups/headerfile.php, (6) links/blocks/links.php, (7) menu/headerfile.php, (8) news/blocks/latest_news.php, (9) settings/headerfile.php, or (10) users/headerfile.php, in modules/.

76%
Высокий
почти 4 года назад
github логотип
GHSA-3xh5-8hvq-rc8x

Apache DolphinScheduler vulnerable to Improper Input Validation

CVSS3: 9.8
3%
Низкий
около 3 лет назад
github логотип
GHSA-3xh5-6h9j-xjc3

Sprint Nextel Sprint voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID).

1%
Низкий
почти 4 года назад

Уязвимостей на страницу