Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-3rrr-cqqf-5xqm

почти 4 года назад

VirtueMart before 1.0.1 does not properly handle errors when a user is forbidden to read a requested page, which has unknown impact and remote attack vectors.

EPSS: Низкий
github логотип

GHSA-3rrr-6hj5-967g

около 1 года назад

A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ownersignup.php. The manipulation of the argument f/e/p/m/o/n/c/s/ci/a leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "m" to be affected. But it must be assumed that many other parameters are affected as well.

CVSS3: 7.3
EPSS: Низкий
github логотип

GHSA-3rrq-p5gv-7828

больше 3 лет назад

Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via calculation of a session cookie or CSRF nonce.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3rrq-mwrq-44vc

почти 4 года назад

Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, 12.2(18)SV, 12.2(18)SW, and other versions without the "no service dhcp" command, keep undeliverable DHCP packets in the queue instead of dropping them, which allows remote attackers to cause a denial of service (dropped traffic) via multiple undeliverable DHCP packets that exceed the input queue size.

EPSS: Низкий
github логотип

GHSA-3rrq-93q9-g68g

почти 4 года назад

SQL injection vulnerability in player.php in Left 4 Dead (L4D) Stats 1.1 allows remote attackers to execute arbitrary SQL commands via the steamid parameter.

EPSS: Низкий
github логотип

GHSA-3rrm-g9g7-qh35

почти 4 года назад

Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow remote attackers to execute arbitrary SQL commands via (1) the username or password to logon.asp, (2) WeeklyNotesDisplay.asp, or (3) the Search page.

EPSS: Низкий
github логотип

GHSA-3rrm-945c-3g7m

5 месяцев назад

A security vulnerability has been detected in code-projects Mobile Shop Management System 1.0. This affects an unknown function of the file AddNewProduct.php. The manipulation of the argument ProductImage leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.

CVSS3: 6.3
EPSS: Низкий
github логотип

GHSA-3rrh-rx2j-x9xj

больше 3 лет назад

CryptoPro CSP through 5.0.0.10004 on 64-bit platforms allows local users with the SeChangeNotifyPrivilege right to cause denial of service because user-mode input is mishandled during process creation.

EPSS: Низкий
github логотип

GHSA-3rrh-jvpr-5pv8

больше 3 лет назад

In sound_trigger_event_alloc of platform.h, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-167663878

EPSS: Низкий
github логотип

GHSA-3rrh-hp3f-9r6p

около 1 года назад

A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container. This vulnerability exists because the debug mode is incorrectly enabled for specific services. An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled. A successful exploit could allow the attacker to execute arbitrary commands as the root user. The attacker would need to perform detailed reconnaissance to allow for unauthenticated access. The vulnerability can also be exploited by an authenticated attacker. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

CVSS3: 8.1
EPSS: Средний
github логотип

GHSA-3rrg-p8xc-3457

больше 3 лет назад

Stored cross-site scripting vulnerability in Jenkins TestLink Plugin

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-3rrg-mmq3-p43v

почти 4 года назад

The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.

EPSS: Низкий
github логотип

GHSA-3rrg-9ph6-24px

больше 3 лет назад

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The application does not perform the integrity check of the update packages. Without validation, an admin user might be tricked to install a malicious package, granting root privileges to an attacker.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3rrf-jrxv-9vpm

5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: iio: light: as73211: Ensure buffer holes are zeroed Given that the buffer is copied to a kfifo that ultimately user space can read, ensure we zero it.

EPSS: Низкий
github логотип

GHSA-3rrc-wwp9-v95c

больше 1 года назад

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper Typing Text allows Stored XSS.This issue affects Typing Text: from n/a through 1.2.5.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3rr9-mpg6-99rm

5 месяцев назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Gallery PhotoBlocks allows Stored XSS. This issue affects Gallery PhotoBlocks: from n/a through 1.3.1.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3rr8-55p7-vjcq

больше 3 лет назад

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1870.

EPSS: Средний
github логотип

GHSA-3rr7-mrfp-2whc

около 3 лет назад

An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise web interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3rr6-v7fv-2xh2

около 1 года назад

A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been classified as critical. This affects an unknown part of the file /pages/term.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 6.3
EPSS: Низкий
github логотип

GHSA-3rr5-vgfq-8c8h

9 месяцев назад

A SQL injection vulnerability in manage_damage.php in Sourcecodester Computer Laboratory Management System v1.0 allows an authenticated attacker to execute arbitrary SQL commands via the "id" parameter

CVSS3: 8.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3rrr-cqqf-5xqm

VirtueMart before 1.0.1 does not properly handle errors when a user is forbidden to read a requested page, which has unknown impact and remote attack vectors.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3rrr-6hj5-967g

A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ownersignup.php. The manipulation of the argument f/e/p/m/o/n/c/s/ci/a leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "m" to be affected. But it must be assumed that many other parameters are affected as well.

CVSS3: 7.3
0%
Низкий
около 1 года назад
github логотип
GHSA-3rrq-p5gv-7828

Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via calculation of a session cookie or CSRF nonce.

CVSS3: 8.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3rrq-mwrq-44vc

Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, 12.2(18)SV, 12.2(18)SW, and other versions without the "no service dhcp" command, keep undeliverable DHCP packets in the queue instead of dropping them, which allows remote attackers to cause a denial of service (dropped traffic) via multiple undeliverable DHCP packets that exceed the input queue size.

4%
Низкий
почти 4 года назад
github логотип
GHSA-3rrq-93q9-g68g

SQL injection vulnerability in player.php in Left 4 Dead (L4D) Stats 1.1 allows remote attackers to execute arbitrary SQL commands via the steamid parameter.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3rrm-g9g7-qh35

Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow remote attackers to execute arbitrary SQL commands via (1) the username or password to logon.asp, (2) WeeklyNotesDisplay.asp, or (3) the Search page.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3rrm-945c-3g7m

A security vulnerability has been detected in code-projects Mobile Shop Management System 1.0. This affects an unknown function of the file AddNewProduct.php. The manipulation of the argument ProductImage leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.

CVSS3: 6.3
0%
Низкий
5 месяцев назад
github логотип
GHSA-3rrh-rx2j-x9xj

CryptoPro CSP through 5.0.0.10004 on 64-bit platforms allows local users with the SeChangeNotifyPrivilege right to cause denial of service because user-mode input is mishandled during process creation.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3rrh-jvpr-5pv8

In sound_trigger_event_alloc of platform.h, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-167663878

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3rrh-hp3f-9r6p

A vulnerability in Cisco&nbsp;RCM for Cisco&nbsp;StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges&nbsp;in the context of the configured container. This vulnerability exists because the debug mode is incorrectly enabled for specific services. An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled. A successful exploit could allow the attacker to execute arbitrary commands as the root user. The attacker would need to perform detailed reconnaissance to allow for unauthenticated access. The vulnerability can also be exploited by an authenticated attacker. Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

CVSS3: 8.1
13%
Средний
около 1 года назад
github логотип
GHSA-3rrg-p8xc-3457

Stored cross-site scripting vulnerability in Jenkins TestLink Plugin

CVSS3: 5.4
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3rrg-mmq3-p43v

The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3rrg-9ph6-24px

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The application does not perform the integrity check of the update packages. Without validation, an admin user might be tricked to install a malicious package, granting root privileges to an attacker.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3rrf-jrxv-9vpm

In the Linux kernel, the following vulnerability has been resolved: iio: light: as73211: Ensure buffer holes are zeroed Given that the buffer is copied to a kfifo that ultimately user space can read, ensure we zero it.

0%
Низкий
5 месяцев назад
github логотип
GHSA-3rrc-wwp9-v95c

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper Typing Text allows Stored XSS.This issue affects Typing Text: from n/a through 1.2.5.

CVSS3: 6.5
0%
Низкий
больше 1 года назад
github логотип
GHSA-3rr9-mpg6-99rm

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Gallery PhotoBlocks allows Stored XSS. This issue affects Gallery PhotoBlocks: from n/a through 1.3.1.

CVSS3: 6.5
0%
Низкий
5 месяцев назад
github логотип
GHSA-3rr8-55p7-vjcq

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1870.

28%
Средний
больше 3 лет назад
github логотип
GHSA-3rr7-mrfp-2whc

An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise web interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.

CVSS3: 6.5
0%
Низкий
около 3 лет назад
github логотип
GHSA-3rr6-v7fv-2xh2

A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been classified as critical. This affects an unknown part of the file /pages/term.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 6.3
0%
Низкий
около 1 года назад
github логотип
GHSA-3rr5-vgfq-8c8h

A SQL injection vulnerability in manage_damage.php in Sourcecodester Computer Laboratory Management System v1.0 allows an authenticated attacker to execute arbitrary SQL commands via the "id" parameter

CVSS3: 8.8
0%
Низкий
9 месяцев назад

Уязвимостей на страницу