Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 290 712

Количество 290 712

github логотип

GHSA-2fvw-6h8p-qwr7

больше 3 лет назад

This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.

CVSS3: 6.1
EPSS: Высокий
github логотип

GHSA-2fvw-3vhp-2m2r

больше 3 лет назад

The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg.

EPSS: Низкий
github логотип

GHSA-2fvv-qxrq-7jq6

около 3 лет назад

apollo-server-core vulnerable to URL-based XSS attack affecting IE11 on default landing page

EPSS: Низкий
github логотип

GHSA-2fvq-w5h5-q4v5

больше 3 лет назад

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS3: 4.9
EPSS: Низкий
github логотип

GHSA-2fvq-gwm3-84c2

больше 3 лет назад

In MailEnable Enterprise Premium 10.23, the potential cross-site request forgery (CSRF) protection mechanism was not implemented correctly and it was possible to bypass it by removing the anti-CSRF token parameter from the request. This could allow an attacker to manipulate a user into unwittingly performing actions within the application (such as sending email, adding contacts, or changing settings) on behalf of the attacker.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-2fvq-8pc8-8468

почти 2 года назад

MiniTool Movie Maker 6.1.0 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack.

CVSS3: 8.1
EPSS: Низкий
github логотип

GHSA-2fvp-h46w-x58c

около 3 лет назад

An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendmail.php (when the attacker has dls_print authority) via a dlid cookie.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2fvp-7f4c-65qh

больше 3 лет назад

A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974.

CVSS3: 7.1
EPSS: Низкий
github логотип

GHSA-2fvm-j35v-vj7q

больше 3 лет назад

Direct static code injection vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to inject arbitrary PHP code into a certain file in regged/ via the username parameter in a Register action, possibly related to the register function in forumfunctions.php.

EPSS: Средний
github логотип

GHSA-2fvm-hcc8-v9vr

больше 3 лет назад

Untrusted search path vulnerability in McAfee VirusScan Enterprise before 8.7i allows local users to gain privileges via a Trojan horse DLL in an unspecified directory, as demonstrated by scanning a document located on a remote share.

EPSS: Низкий
github логотип

GHSA-2fvj-qg75-5fhx

больше 3 лет назад

Privilege escalation vulnerability in MicroK8s allows a low privilege user with local access to obtain root access to the host by provisioning a privileged container. Fixed in MicroK8s 1.15.3.

EPSS: Низкий
github логотип

GHSA-2fvj-55p5-9gp4

9 месяцев назад

Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2fvj-2r46-pgcr

больше 3 лет назад

EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-2fvh-635r-mg69

больше 3 лет назад

The Woodforest Mobile Banking (aka com.woodforest) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

EPSS: Низкий
github логотип

GHSA-2fvh-4fwg-94q3

больше 3 лет назад

Heap-based buffer overflow in SAP Crystal Reports Server 2008 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.

EPSS: Низкий
github логотип

GHSA-2fvg-vjrp-6xv7

больше 3 лет назад

A reflected cross-site-scripting attack in web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to execute code in the device of the victim via sending a specific URL to the unauthenticated victim.

EPSS: Низкий
github логотип

GHSA-2fvg-v46v-wg77

больше 3 лет назад

Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).

EPSS: Низкий
github логотип

GHSA-2fvg-pqv8-jj7q

больше 3 лет назад

** DISPUTED ** The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter. NOTE: the vendor reports that this does not cross a privilege boundary.

CVSS3: 8.1
EPSS: Низкий
github логотип

GHSA-2fvg-6m83-pjw6

около 3 лет назад

A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the title of a rule node.

CVSS3: 4.8
EPSS: Низкий
github логотип

GHSA-2fvf-fg52-pwrv

почти 2 года назад

An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface.

CVSS3: 8.8
EPSS: Средний

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2fvw-6h8p-qwr7

This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.

CVSS3: 6.1
74%
Высокий
больше 3 лет назад
github логотип
GHSA-2fvw-3vhp-2m2r

The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg.

4%
Низкий
больше 3 лет назад
github логотип
GHSA-2fvv-qxrq-7jq6

apollo-server-core vulnerable to URL-based XSS attack affecting IE11 on default landing page

около 3 лет назад
github логотип
GHSA-2fvq-w5h5-q4v5

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS3: 4.9
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2fvq-gwm3-84c2

In MailEnable Enterprise Premium 10.23, the potential cross-site request forgery (CSRF) protection mechanism was not implemented correctly and it was possible to bypass it by removing the anti-CSRF token parameter from the request. This could allow an attacker to manipulate a user into unwittingly performing actions within the application (such as sending email, adding contacts, or changing settings) on behalf of the attacker.

CVSS3: 6.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2fvq-8pc8-8468

MiniTool Movie Maker 6.1.0 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack.

CVSS3: 8.1
3%
Низкий
почти 2 года назад
github логотип
GHSA-2fvp-h46w-x58c

An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendmail.php (when the attacker has dls_print authority) via a dlid cookie.

CVSS3: 8.8
0%
Низкий
около 3 лет назад
github логотип
GHSA-2fvp-7f4c-65qh

A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974.

CVSS3: 7.1
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2fvm-j35v-vj7q

Direct static code injection vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to inject arbitrary PHP code into a certain file in regged/ via the username parameter in a Register action, possibly related to the register function in forumfunctions.php.

11%
Средний
больше 3 лет назад
github логотип
GHSA-2fvm-hcc8-v9vr

Untrusted search path vulnerability in McAfee VirusScan Enterprise before 8.7i allows local users to gain privileges via a Trojan horse DLL in an unspecified directory, as demonstrated by scanning a document located on a remote share.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-2fvj-qg75-5fhx

Privilege escalation vulnerability in MicroK8s allows a low privilege user with local access to obtain root access to the host by provisioning a privileged container. Fixed in MicroK8s 1.15.3.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2fvj-55p5-9gp4

Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation.

CVSS3: 7.8
0%
Низкий
9 месяцев назад
github логотип
GHSA-2fvj-2r46-pgcr

EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2fvh-635r-mg69

The Woodforest Mobile Banking (aka com.woodforest) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2fvh-4fwg-94q3

Heap-based buffer overflow in SAP Crystal Reports Server 2008 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2fvg-vjrp-6xv7

A reflected cross-site-scripting attack in web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to execute code in the device of the victim via sending a specific URL to the unauthenticated victim.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2fvg-v46v-wg77

Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).

2%
Низкий
больше 3 лет назад
github логотип
GHSA-2fvg-pqv8-jj7q

** DISPUTED ** The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter. NOTE: the vendor reports that this does not cross a privilege boundary.

CVSS3: 8.1
1%
Низкий
больше 3 лет назад
github логотип
GHSA-2fvg-6m83-pjw6

A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the title of a rule node.

CVSS3: 4.8
1%
Низкий
около 3 лет назад
github логотип
GHSA-2fvf-fg52-pwrv

An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface.

CVSS3: 8.8
13%
Средний
почти 2 года назад

Уязвимостей на страницу