Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 529

Количество 314 529

github логотип

GHSA-3xfv-v3m6-pcv2

больше 1 года назад

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.8 via the download_user_ajax function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including usernames, hashed passwords, and emails.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3xfr-5qpm-hvr4

10 месяцев назад

An issue in the login page of Seclore v3.27.5.0 allows attackers to bypass authentication via a brute force attack.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3xfq-r823-x7c3

больше 3 лет назад

Open redirect vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-3xfq-789p-7m6h

почти 4 года назад

Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X allow user-assisted remote attackers to cause a denial of service (application crash) via unspecified vectors related to (1) certain KERN_PROTECTION_FAILURE thread crashes and (2) certain KERN_INVALID_ADDRESS thread crashes, as discovered with the "iSec Partners FileP fuzzer".

EPSS: Низкий
github логотип

GHSA-3xfq-3889-4q8m

больше 3 лет назад

Improper conditions check in the Intel(R) SGX DCAP software before version 1.6 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

EPSS: Низкий
github логотип

GHSA-3xfp-j69g-wh2v

больше 3 лет назад

An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute malicious payloads via the WifiName POST parameter.

EPSS: Низкий
github логотип

GHSA-3xfm-x84x-qwwq

25 дней назад

A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.

CVSS3: 3.7
EPSS: Низкий
github логотип

GHSA-3xfm-3jfc-q3c4

больше 3 лет назад

HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow remote command execution via shell metacharacters in the mac parameter of a protocol.csp?function=set&fname=security&opt=mac_table request.

CVSS3: 9.8
EPSS: Средний
github логотип

GHSA-3xfh-c7qq-jpr6

больше 3 лет назад

In UpdateLoadElement of ic.cc, there is a possible out-of-bounds write due to type confusion. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-117607414

EPSS: Низкий
github логотип

GHSA-3xfh-83xg-cw7w

4 месяца назад

jshERP up to commit fbda24da was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the jsh_erp function.

CVSS3: 8.2
EPSS: Низкий
github логотип

GHSA-3xfg-wqwr-xxc8

больше 3 лет назад

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A malicious application may be able to gain root privileges.

EPSS: Низкий
github логотип

GHSA-3xff-w8w7-qmq7

7 месяцев назад

Reflected Cross-site Scripting (XSS) vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the campo parameter in /<Client>FacturaE/VerFacturaPDF.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-3xff-pwwp-wxh5

около 2 лет назад

This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application (formerly known as Insight Discovery) and the Assets Discovery agent. Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or Server. It detects hardware and software that is connected to your local network and extracts detailed information about each asset. This data can then be imported into Assets in Jira Service Management to help you manage all of the devices and configuration items within your local network.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3xff-6435-4373

больше 3 лет назад

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3xfc-m583-jq9v

почти 2 года назад

NETGEAR ProSAFE Network Management System SettingConfigController Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SettingConfigController class. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19725.

CVSS3: 7.2
EPSS: Низкий
github логотип

GHSA-3xf9-qwxv-r3r4

почти 4 года назад

A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3xf9-pgc2-mr9c

больше 2 лет назад

Jenkins SAML Single Sign On(SSO) Plugin missing permission checks

CVSS3: 7.1
EPSS: Низкий
github логотип

GHSA-3xf9-4gwf-w55x

больше 3 лет назад

The Any Hostname WordPress plugin through 1.0.6 does not sanitise or escape its "Allowed hosts" setting, leading to an authenticated stored XSS issue as high privilege users are able to set XSS payloads in it

EPSS: Низкий
github логотип

GHSA-3xf8-vx6f-3f9h

больше 3 лет назад

Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3xf8-g8gr-g7rh

около 2 лет назад

Graylog session fixation vulnerability through cookie injection

CVSS3: 5.7
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3xfv-v3m6-pcv2

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.8 via the download_user_ajax function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including usernames, hashed passwords, and emails.

CVSS3: 6.5
1%
Низкий
больше 1 года назад
github логотип
GHSA-3xfr-5qpm-hvr4

An issue in the login page of Seclore v3.27.5.0 allows attackers to bypass authentication via a brute force attack.

CVSS3: 9.8
0%
Низкий
10 месяцев назад
github логотип
GHSA-3xfq-r823-x7c3

Open redirect vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3xfq-789p-7m6h

Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X allow user-assisted remote attackers to cause a denial of service (application crash) via unspecified vectors related to (1) certain KERN_PROTECTION_FAILURE thread crashes and (2) certain KERN_INVALID_ADDRESS thread crashes, as discovered with the "iSec Partners FileP fuzzer".

1%
Низкий
почти 4 года назад
github логотип
GHSA-3xfq-3889-4q8m

Improper conditions check in the Intel(R) SGX DCAP software before version 1.6 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3xfp-j69g-wh2v

An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute malicious payloads via the WifiName POST parameter.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3xfm-x84x-qwwq

A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.

CVSS3: 3.7
0%
Низкий
25 дней назад
github логотип
GHSA-3xfm-3jfc-q3c4

HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow remote command execution via shell metacharacters in the mac parameter of a protocol.csp?function=set&fname=security&opt=mac_table request.

CVSS3: 9.8
42%
Средний
больше 3 лет назад
github логотип
GHSA-3xfh-c7qq-jpr6

In UpdateLoadElement of ic.cc, there is a possible out-of-bounds write due to type confusion. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-117607414

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3xfh-83xg-cw7w

jshERP up to commit fbda24da was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the jsh_erp function.

CVSS3: 8.2
0%
Низкий
4 месяца назад
github логотип
GHSA-3xfg-wqwr-xxc8

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A malicious application may be able to gain root privileges.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3xff-w8w7-qmq7

Reflected Cross-site Scripting (XSS) vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the campo parameter in /<Client>FacturaE/VerFacturaPDF.

CVSS3: 6.1
0%
Низкий
7 месяцев назад
github логотип
GHSA-3xff-pwwp-wxh5

This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application (formerly known as Insight Discovery) and the Assets Discovery agent. Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or Server. It detects hardware and software that is connected to your local network and extracts detailed information about each asset. This data can then be imported into Assets in Jira Service Management to help you manage all of the devices and configuration items within your local network.

CVSS3: 9.8
7%
Низкий
около 2 лет назад
github логотип
GHSA-3xff-6435-4373

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3xfc-m583-jq9v

NETGEAR ProSAFE Network Management System SettingConfigController Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SettingConfigController class. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19725.

CVSS3: 7.2
6%
Низкий
почти 2 года назад
github логотип
GHSA-3xf9-qwxv-r3r4

A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information.

CVSS3: 6.5
0%
Низкий
почти 4 года назад
github логотип
GHSA-3xf9-pgc2-mr9c

Jenkins SAML Single Sign On(SSO) Plugin missing permission checks

CVSS3: 7.1
1%
Низкий
больше 2 лет назад
github логотип
GHSA-3xf9-4gwf-w55x

The Any Hostname WordPress plugin through 1.0.6 does not sanitise or escape its "Allowed hosts" setting, leading to an authenticated stored XSS issue as high privilege users are able to set XSS payloads in it

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3xf8-vx6f-3f9h

Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page.

CVSS3: 6.5
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3xf8-g8gr-g7rh

Graylog session fixation vulnerability through cookie injection

CVSS3: 5.7
0%
Низкий
около 2 лет назад

Уязвимостей на страницу