Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-3vcx-x6r7-phpm

почти 4 года назад

SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the category_id parameter.

EPSS: Низкий
github логотип

GHSA-3vcx-wp2w-x68x

2 месяца назад

Missing Authorization vulnerability in Yandex Metrika Yandex.Metrica wp-yandex-metrika allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yandex.Metrica: from n/a through <= 1.2.2.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3vcx-w94h-68vg

больше 3 лет назад

XXE vulnerability in Jenkins Android Lint Plugin

CVSS3: 8.3
EPSS: Низкий
github логотип

GHSA-3vcx-qq88-36qg

больше 3 лет назад

The ChangeWeDer/BaiduWenkuSpider_flaskWeb repository before 2021-11-29 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

CVSS3: 9.3
EPSS: Низкий
github логотип

GHSA-3vcw-xhqc-97mh

больше 3 лет назад

Medtronic 2090 CareLink Programmer all versions The affected product uses a virtual private network connection to securely download updates. The product does not verify it is still connected to this virtual private network before downloading updates. An attacker with local network access to the programmer could influence these communications.

CVSS3: 8
EPSS: Низкий
github логотип

GHSA-3vcw-92x2-jjg4

больше 3 лет назад

A vulnerability in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. The attacker must have administrative credentials on the device. This vulnerability is due to incomplete validation of user input for a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device with administrative privileges and issuing a CLI command with crafted user parameters. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges.

CVSS3: 6
EPSS: Низкий
github логотип

GHSA-3vcv-r276-ff59

около 2 лет назад

Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3vcv-qvpj-9v53

почти 2 года назад

SourceCodester Product Show Room 1.0 and before is vulnerable to Cross Site Scripting (XSS) via "Middle Name" under Add Users.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-3vcr-vjpj-p33c

почти 4 года назад

join.asp in MiniHTTP Web Forum & File Server PowerPack 4.0 allows remote attackers to add or modify arbitrary user accounts via modified (1) frmMailBox and (2) frmUserPass parameters.

EPSS: Низкий
github логотип

GHSA-3vcr-m67m-mr3p

почти 4 года назад

Format string vulnerability in ePO service for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request with format strings in the computerlist parameter, which are used when logging a failed name resolution.

EPSS: Низкий
github логотип

GHSA-3vcr-579j-4x48

больше 2 лет назад

Stored XSS vulnerability in Jenkins TAP Plugin

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-3vcq-64gh-84x2

почти 4 года назад

Directory traversal vulnerability in file.php in Moodle 1.4.2 and earlier allows remote attackers to read arbitrary session files for known session IDs via a .. (dot dot) in the file parameter.

EPSS: Низкий
github логотип

GHSA-3vcp-r62v-xpvg

5 месяцев назад

Apache DolphinScheduler vulnerable to Alert Script Attack

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3vcm-c42p-3hhf

5 месяцев назад

Mattermost Missing Authorization vulnerability

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3vcm-c256-hxfx

больше 3 лет назад

Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file.

EPSS: Низкий
github логотип

GHSA-3vcm-3w42-g672

почти 4 года назад

Cross-site scripting (XSS) vulnerability in search.asp in DT Centrepiece 4.0 allows remote attackers to inject arbitrary web script or HTML via the searchFor parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

EPSS: Низкий
github логотип

GHSA-3vcj-x75g-g7r9

почти 3 года назад

In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628612; Issue ID: ALPS07628612.

CVSS3: 4.4
EPSS: Низкий
github логотип

GHSA-3vcj-crmp-9f49

почти 4 года назад

Multiple SQL injection vulnerabilities in QuickTicket 1.2 build:20070621 and QuickTalk Forum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) t and (2) f parameters in (a) qti_ind_post.php and (b) qti_ind_post_prt.php; (3) dir and (4) order parameters in qti_ind_member.php; (5) id parameter in qti_usr.php; and the (6) f parameter in qti_ind_topic.php. NOTE: it was later reported that vector 5 also affects 1.4, 1.5, and 1.5.0.3.

EPSS: Низкий
github логотип

GHSA-3vcj-cj9g-vfr3

5 месяцев назад

This vulnerability exists in the Syrotech SY-GPON-2010-WADONT router due to improper access control in its FTP service. A remote attacker could exploit this vulnerability by establishing an FTP connection using default credentials, potentially gaining unauthorized access to configuration files, user credentials, or other sensitive information stored on the targeted device.

EPSS: Низкий
github логотип

GHSA-3vcj-6338-x74x

почти 4 года назад

BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the SecurityRoleAssignmentMBean.toXML method, inadvertently removes security-role-assignment tags when weblogic.xml does not have a principal-name tag, which can remove intended access restrictions for the associated web application.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3vcx-x6r7-phpm

SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the category_id parameter.

2%
Низкий
почти 4 года назад
github логотип
GHSA-3vcx-wp2w-x68x

Missing Authorization vulnerability in Yandex Metrika Yandex.Metrica wp-yandex-metrika allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yandex.Metrica: from n/a through <= 1.2.2.

CVSS3: 6.5
0%
Низкий
2 месяца назад
github логотип
GHSA-3vcx-w94h-68vg

XXE vulnerability in Jenkins Android Lint Plugin

CVSS3: 8.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3vcx-qq88-36qg

The ChangeWeDer/BaiduWenkuSpider_flaskWeb repository before 2021-11-29 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

CVSS3: 9.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3vcw-xhqc-97mh

Medtronic 2090 CareLink Programmer all versions The affected product uses a virtual private network connection to securely download updates. The product does not verify it is still connected to this virtual private network before downloading updates. An attacker with local network access to the programmer could influence these communications.

CVSS3: 8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3vcw-92x2-jjg4

A vulnerability in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. The attacker must have administrative credentials on the device. This vulnerability is due to incomplete validation of user input for a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device with administrative privileges and issuing a CLI command with crafted user parameters. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges.

CVSS3: 6
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3vcv-r276-ff59

Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0.

CVSS3: 7.5
0%
Низкий
около 2 лет назад
github логотип
GHSA-3vcv-qvpj-9v53

SourceCodester Product Show Room 1.0 and before is vulnerable to Cross Site Scripting (XSS) via "Middle Name" under Add Users.

CVSS3: 5.3
0%
Низкий
почти 2 года назад
github логотип
GHSA-3vcr-vjpj-p33c

join.asp in MiniHTTP Web Forum & File Server PowerPack 4.0 allows remote attackers to add or modify arbitrary user accounts via modified (1) frmMailBox and (2) frmUserPass parameters.

8%
Низкий
почти 4 года назад
github логотип
GHSA-3vcr-m67m-mr3p

Format string vulnerability in ePO service for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request with format strings in the computerlist parameter, which are used when logging a failed name resolution.

2%
Низкий
почти 4 года назад
github логотип
GHSA-3vcr-579j-4x48

Stored XSS vulnerability in Jenkins TAP Plugin

CVSS3: 5.4
6%
Низкий
больше 2 лет назад
github логотип
GHSA-3vcq-64gh-84x2

Directory traversal vulnerability in file.php in Moodle 1.4.2 and earlier allows remote attackers to read arbitrary session files for known session IDs via a .. (dot dot) in the file parameter.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3vcp-r62v-xpvg

Apache DolphinScheduler vulnerable to Alert Script Attack

CVSS3: 8.8
0%
Низкий
5 месяцев назад
github логотип
GHSA-3vcm-c42p-3hhf

Mattermost Missing Authorization vulnerability

CVSS3: 6.5
0%
Низкий
5 месяцев назад
github логотип
GHSA-3vcm-c256-hxfx

Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3vcm-3w42-g672

Cross-site scripting (XSS) vulnerability in search.asp in DT Centrepiece 4.0 allows remote attackers to inject arbitrary web script or HTML via the searchFor parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3vcj-x75g-g7r9

In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628612; Issue ID: ALPS07628612.

CVSS3: 4.4
0%
Низкий
почти 3 года назад
github логотип
GHSA-3vcj-crmp-9f49

Multiple SQL injection vulnerabilities in QuickTicket 1.2 build:20070621 and QuickTalk Forum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) t and (2) f parameters in (a) qti_ind_post.php and (b) qti_ind_post_prt.php; (3) dir and (4) order parameters in qti_ind_member.php; (5) id parameter in qti_usr.php; and the (6) f parameter in qti_ind_topic.php. NOTE: it was later reported that vector 5 also affects 1.4, 1.5, and 1.5.0.3.

2%
Низкий
почти 4 года назад
github логотип
GHSA-3vcj-cj9g-vfr3

This vulnerability exists in the Syrotech SY-GPON-2010-WADONT router due to improper access control in its FTP service. A remote attacker could exploit this vulnerability by establishing an FTP connection using default credentials, potentially gaining unauthorized access to configuration files, user credentials, or other sensitive information stored on the targeted device.

0%
Низкий
5 месяцев назад
github логотип
GHSA-3vcj-6338-x74x

BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the SecurityRoleAssignmentMBean.toXML method, inadvertently removes security-role-assignment tags when weblogic.xml does not have a principal-name tag, which can remove intended access restrictions for the associated web application.

2%
Низкий
почти 4 года назад

Уязвимостей на страницу