Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-3xgr-h5hq-7299

4 месяца назад

GeoIP processor disables SSL certificate validation when downloading databases

CVSS3: 5.9
EPSS: Низкий
github логотип

GHSA-3xgr-6gm3-9657

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in wp-live.php in the WP Live.php module 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: some of these details are obtained from third party information.

EPSS: Низкий
github логотип

GHSA-3xgq-mgc9-7wqx

больше 2 лет назад

Using a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external protocol links in sandboxed iframes without <code>allow-top-navigation-to-custom-protocols</code>. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-3xgq-45jj-v275

больше 1 года назад

Regular Expression Denial of Service (ReDoS) in cross-spawn

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3xgp-qw97-rfg4

больше 3 лет назад

A skilled attacker with physical access to the affected device can gain access to the hard disk drive of the device to change the telemetry region and could use this setting to interrogate or program an implantable device in any region in the world.

CVSS3: 7.6
EPSS: Низкий
github логотип

GHSA-3xgp-3p7g-x446

почти 4 года назад

SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-3xgm-ccxm-hpw6

больше 3 лет назад

This issue was addressed with improved checks. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may be able to cause a denial of service.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3xgj-vqg4-h895

12 месяцев назад

In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE) vulnerability was found in the dynamic agent (implant) compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is running on via a crafted web request to the Caldera server API used for compiling and downloading of Caldera's Sandcat or Manx agent (implants). This web request can use the gcc -extldflags linker flag with sub-commands.

CVSS3: 10
EPSS: Низкий
github логотип

GHSA-3xgj-g7mg-qvrj

почти 4 года назад

SQL injection vulnerability in visu_user.asp in Digiappz DigiAffiliate 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

EPSS: Низкий
github логотип

GHSA-3xgh-9rw3-wpjw

больше 3 лет назад

The WP SEO Tags WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the saq_txt_the_filter parameter in the ~/wp-seo-tags.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.2.7.

EPSS: Низкий
github логотип

GHSA-3xgg-p2vx-fw2j

почти 2 года назад

A path traversal vulnerability exists in GoAnywhere MFT prior to 7.4.2 which allows attackers to circumvent endpoint-specific permission checks in the GoAnywhere Admin and Web Clients.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3xgg-6rww-2j3w

около 1 года назад

The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. This is due to the plugin not properly verifying a users identity when verifying an email address through the user_account_activation function. This makes it possible for unauthenticated attackers to log in as any user, including site administrators if the users email is known.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3xgg-69w3-vvww

больше 3 лет назад

Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013.

CVSS3: 7.8
EPSS: Высокий
github логотип

GHSA-3xgc-wmrh-cwjc

больше 1 года назад

SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3xgc-7mw7-pvhp

9 месяцев назад

Unrestricted Upload of File with Dangerous Type vulnerability in Themefic BEAF allows Upload a Web Shell to a Web Server. This issue affects BEAF: from n/a through 4.6.10.

CVSS3: 9.1
EPSS: Низкий
github логотип

GHSA-3xg8-jv32-cg9g

больше 3 лет назад

An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_download.php via an id parameter value with a trailing comma.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3xg8-cc8f-9wv2

около 3 лет назад

Unsanitized input leading to code injection in Dalli

CVSS3: 3.7
EPSS: Низкий
github логотип

GHSA-3xg7-hprv-32gf

больше 3 лет назад

Cross-site request forgery (CSRF) vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3xg7-f5vp-g65m

больше 3 лет назад

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .

EPSS: Средний
github логотип

GHSA-3xg7-54rf-9rrr

больше 1 года назад

A vulnerability was found in itsourcecode Project Expense Monitoring System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file print.php. The manipulation of the argument map_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 6.3
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3xgr-h5hq-7299

GeoIP processor disables SSL certificate validation when downloading databases

CVSS3: 5.9
4 месяца назад
github логотип
GHSA-3xgr-6gm3-9657

Cross-site scripting (XSS) vulnerability in wp-live.php in the WP Live.php module 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: some of these details are obtained from third party information.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3xgq-mgc9-7wqx

Using a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external protocol links in sandboxed iframes without <code>allow-top-navigation-to-custom-protocols</code>. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.

CVSS3: 6.1
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3xgq-45jj-v275

Regular Expression Denial of Service (ReDoS) in cross-spawn

CVSS3: 7.5
0%
Низкий
больше 1 года назад
github логотип
GHSA-3xgp-qw97-rfg4

A skilled attacker with physical access to the affected device can gain access to the hard disk drive of the device to change the telemetry region and could use this setting to interrogate or program an implantable device in any region in the world.

CVSS3: 7.6
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3xgp-3p7g-x446

SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3xgm-ccxm-hpw6

This issue was addressed with improved checks. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may be able to cause a denial of service.

CVSS3: 7.5
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3xgj-vqg4-h895

In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE) vulnerability was found in the dynamic agent (implant) compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is running on via a crafted web request to the Caldera server API used for compiling and downloading of Caldera's Sandcat or Manx agent (implants). This web request can use the gcc -extldflags linker flag with sub-commands.

CVSS3: 10
3%
Низкий
12 месяцев назад
github логотип
GHSA-3xgj-g7mg-qvrj

SQL injection vulnerability in visu_user.asp in Digiappz DigiAffiliate 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3xgh-9rw3-wpjw

The WP SEO Tags WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the saq_txt_the_filter parameter in the ~/wp-seo-tags.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.2.7.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3xgg-p2vx-fw2j

A path traversal vulnerability exists in GoAnywhere MFT prior to 7.4.2 which allows attackers to circumvent endpoint-specific permission checks in the GoAnywhere Admin and Web Clients.

CVSS3: 6.5
0%
Низкий
почти 2 года назад
github логотип
GHSA-3xgg-6rww-2j3w

The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. This is due to the plugin not properly verifying a users identity when verifying an email address through the user_account_activation function. This makes it possible for unauthenticated attackers to log in as any user, including site administrators if the users email is known.

CVSS3: 9.8
0%
Низкий
около 1 года назад
github логотип
GHSA-3xgg-69w3-vvww

Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013.

CVSS3: 7.8
88%
Высокий
больше 3 лет назад
github логотип
GHSA-3xgc-wmrh-cwjc

SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.

CVSS3: 9.8
1%
Низкий
больше 1 года назад
github логотип
GHSA-3xgc-7mw7-pvhp

Unrestricted Upload of File with Dangerous Type vulnerability in Themefic BEAF allows Upload a Web Shell to a Web Server. This issue affects BEAF: from n/a through 4.6.10.

CVSS3: 9.1
0%
Низкий
9 месяцев назад
github логотип
GHSA-3xg8-jv32-cg9g

An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_download.php via an id parameter value with a trailing comma.

CVSS3: 9.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3xg8-cc8f-9wv2

Unsanitized input leading to code injection in Dalli

CVSS3: 3.7
0%
Низкий
около 3 лет назад
github логотип
GHSA-3xg7-hprv-32gf

Cross-site request forgery (CSRF) vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

CVSS3: 8.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3xg7-f5vp-g65m

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .

34%
Средний
больше 3 лет назад
github логотип
GHSA-3xg7-54rf-9rrr

A vulnerability was found in itsourcecode Project Expense Monitoring System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file print.php. The manipulation of the argument map_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 6.3
0%
Низкий
больше 1 года назад

Уязвимостей на страницу