Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-3xh5-5v5v-mfgm

больше 3 лет назад

Moodle reflected Cross-site Scripting (XSS)

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-3xh4-442x-8r5w

больше 3 лет назад

The Loving - Couple Essential (aka com.xiaoenai.app) application 4.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

EPSS: Низкий
github логотип

GHSA-3xh3-pc52-c4v9

больше 3 лет назад

A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3xh3-gmcq-76vr

больше 3 лет назад

JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 is affected by: Buffer Overflow. The impact is: denial of service and possibly arbitrary code execution. The component is: function lit_char_to_utf8_bytes (jerry-core/lit/lit-char-helpers.c:377). The attack vector is: executing crafted javascript code. The fixed version is: after commit 505dace719aebb3308a3af223cfaa985159efae0.

EPSS: Низкий
github логотип

GHSA-3xh3-cw6f-h2ch

больше 3 лет назад

Unspecified vulnerability in HP Intelligent Management Center (iMC) User Access Manager (UAM) before 5.2 E0402 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1643.

EPSS: Низкий
github логотип

GHSA-3xh3-cprw-47gx

больше 3 лет назад

A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function add_yblock of the file libavcodec/snow.h. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3xh3-694g-3p24

больше 3 лет назад

An issue was discovered in Bento4 v1.5.1.0. There is a heap-buffer-overflow in AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp, leading to a denial of service (program crash), as demonstrated by mp42aac.

EPSS: Низкий
github логотип

GHSA-3xh3-2jvh-x9rr

больше 3 лет назад

SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940.

EPSS: Средний
github логотип

GHSA-3xh2-74w9-5vxm

больше 4 лет назад

Integer overflow in github.com/gorilla/websocket

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3xgx-x66j-ggxc

почти 2 года назад

The Popup Box – Best WordPress Popup Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_pb_create_author AJAX action in all versions up to, and including, 4.3.6. This makes it possible for unauthenticated attackers to enumerate all emails registered on the website.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-3xgx-wrc3-hjjj

больше 3 лет назад

IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input neutralization of special elements. IBM X-Force ID: 170011.

EPSS: Низкий
github логотип

GHSA-3xgx-r9j4-qw9w

почти 4 года назад

Prototype Pollution in Dexie

CVSS3: 7.3
EPSS: Низкий
github логотип

GHSA-3xgx-5fr5-rcrq

8 месяцев назад

A vulnerability was found in Tenda AC5 15.03.06.47. It has been classified as critical. Affected is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3xgw-mp56-cmcq

около 4 лет назад

In DayByDay CRM, versions 1.1 through 2.2.1 (latest) suffer from an application-wide Client-Side Template Injection (CSTI). A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser.

EPSS: Низкий
github логотип

GHSA-3xgw-97m8-xp2p

около 1 месяца назад

Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user-provided complaint fields (Explain the Complaint) submitted via /register-complaint.php are stored and rendered unescaped in the admin viewer (/admin/complaint-details.php?cid=<id>). When an administrator opens the complaint, injected HTML/JavaScript executes in the admin's browser.

CVSS3: 8.7
EPSS: Низкий
github логотип

GHSA-3xgv-5mmx-xwqh

больше 3 лет назад

Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, 12.2.2, and 12.2.3 allows remote attackers to affect confidentiality via unknown vectors related to DM Others.

EPSS: Высокий
github логотип

GHSA-3xgv-53v3-rfw4

больше 3 лет назад

A vulnerability in certain filtering mechanisms of access control lists (ACLs) for Cisco ASR 5000 Series Aggregation Services Routers through 21.x could allow an unauthenticated, remote attacker to bypass ACL rules that have been configured for an affected device. More Information: CSCvb99022 CSCvc16964 CSCvc37351 CSCvc54843 CSCvc63444 CSCvc77815 CSCvc88658 CSCve08955 CSCve14141 CSCve33870.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3xgv-2qr4-qv6r

почти 4 года назад

Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process unassigned workflows, which allows remote attackers to cause a denial of service (W3WP process hang) via a crafted URL, aka "SharePoint Denial of Service Vulnerability."

EPSS: Высокий
github логотип

GHSA-3xgr-x5gv-64gh

больше 3 лет назад

It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3xgr-wp66-q45v

больше 3 лет назад

SQL injection vulnerability in index.php in WebStudio eHotel allows remote attackers to execute arbitrary SQL commands via the pageid parameter.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3xh5-5v5v-mfgm

Moodle reflected Cross-site Scripting (XSS)

CVSS3: 6.1
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3xh4-442x-8r5w

The Loving - Couple Essential (aka com.xiaoenai.app) application 4.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3xh3-pc52-c4v9

A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168.

CVSS3: 9.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3xh3-gmcq-76vr

JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 is affected by: Buffer Overflow. The impact is: denial of service and possibly arbitrary code execution. The component is: function lit_char_to_utf8_bytes (jerry-core/lit/lit-char-helpers.c:377). The attack vector is: executing crafted javascript code. The fixed version is: after commit 505dace719aebb3308a3af223cfaa985159efae0.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3xh3-cw6f-h2ch

Unspecified vulnerability in HP Intelligent Management Center (iMC) User Access Manager (UAM) before 5.2 E0402 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1643.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3xh3-cprw-47gx

A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function add_yblock of the file libavcodec/snow.h. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue.

CVSS3: 5.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3xh3-694g-3p24

An issue was discovered in Bento4 v1.5.1.0. There is a heap-buffer-overflow in AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp, leading to a denial of service (program crash), as demonstrated by mp42aac.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3xh3-2jvh-x9rr

SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940.

33%
Средний
больше 3 лет назад
github логотип
GHSA-3xh2-74w9-5vxm

Integer overflow in github.com/gorilla/websocket

CVSS3: 7.5
0%
Низкий
больше 4 лет назад
github логотип
GHSA-3xgx-x66j-ggxc

The Popup Box – Best WordPress Popup Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_pb_create_author AJAX action in all versions up to, and including, 4.3.6. This makes it possible for unauthenticated attackers to enumerate all emails registered on the website.

CVSS3: 5.3
0%
Низкий
почти 2 года назад
github логотип
GHSA-3xgx-wrc3-hjjj

IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input neutralization of special elements. IBM X-Force ID: 170011.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3xgx-r9j4-qw9w

Prototype Pollution in Dexie

CVSS3: 7.3
0%
Низкий
почти 4 года назад
github логотип
GHSA-3xgx-5fr5-rcrq

A vulnerability was found in Tenda AC5 15.03.06.47. It has been classified as critical. Affected is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 8.8
0%
Низкий
8 месяцев назад
github логотип
GHSA-3xgw-mp56-cmcq

In DayByDay CRM, versions 1.1 through 2.2.1 (latest) suffer from an application-wide Client-Side Template Injection (CSTI). A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser.

0%
Низкий
около 4 лет назад
github логотип
GHSA-3xgw-97m8-xp2p

Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user-provided complaint fields (Explain the Complaint) submitted via /register-complaint.php are stored and rendered unescaped in the admin viewer (/admin/complaint-details.php?cid=<id>). When an administrator opens the complaint, injected HTML/JavaScript executes in the admin's browser.

CVSS3: 8.7
0%
Низкий
около 1 месяца назад
github логотип
GHSA-3xgv-5mmx-xwqh

Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, 12.2.2, and 12.2.3 allows remote attackers to affect confidentiality via unknown vectors related to DM Others.

76%
Высокий
больше 3 лет назад
github логотип
GHSA-3xgv-53v3-rfw4

A vulnerability in certain filtering mechanisms of access control lists (ACLs) for Cisco ASR 5000 Series Aggregation Services Routers through 21.x could allow an unauthenticated, remote attacker to bypass ACL rules that have been configured for an affected device. More Information: CSCvb99022 CSCvc16964 CSCvc37351 CSCvc54843 CSCvc63444 CSCvc77815 CSCvc88658 CSCve08955 CSCve14141 CSCve33870.

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3xgv-2qr4-qv6r

Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process unassigned workflows, which allows remote attackers to cause a denial of service (W3WP process hang) via a crafted URL, aka "SharePoint Denial of Service Vulnerability."

74%
Высокий
почти 4 года назад
github логотип
GHSA-3xgr-x5gv-64gh

It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3xgr-wp66-q45v

SQL injection vulnerability in index.php in WebStudio eHotel allows remote attackers to execute arbitrary SQL commands via the pageid parameter.

0%
Низкий
больше 3 лет назад

Уязвимостей на страницу