Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-3wxg-f3wj-3x8p

около 2 лет назад

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.1.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3wxf-wxw2-g5hj

около 3 лет назад

The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-3wxf-h9xq-wcv8

больше 3 лет назад

Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to hijack the authentication of users for requests that (1) create accounts or (2) reset passwords, related to the Special:Userlogin form.

EPSS: Низкий
github логотип

GHSA-3wxf-8h2q-7rqj

около 2 лет назад

Denial of Service (DoS) vulnerability in the DMS module. Successful exploitation of this vulnerability will affect availability.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3wxf-2wrv-x2cq

больше 3 лет назад

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.4.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to Install.

CVSS3: 7.1
EPSS: Низкий
github логотип

GHSA-3wxc-gqjr-6mh6

больше 3 лет назад

Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the session_id.

EPSS: Низкий
github логотип

GHSA-3wxc-cg64-x24r

почти 4 года назад

Online Armor Personal Firewall 2.0.1.215 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtAllocateVirtualMemory, (2) NtConnectPort, (3) NtCreateFile, (4) NtCreateKey, (5) NtCreatePort, (6) NtDeleteFile, (7) NtDeleteValueKey, (8) NtLoadKey, (9) NtOpenFile, (10) NtOpenProcess, (11) NtOpenThread, (12) NtResumeThread, (13) NtSetContextThread, (14) NtSetValueKey, (15) NtSuspendProcess, (16) NtSuspendThread, and (17) NtTerminateThread.

EPSS: Низкий
github логотип

GHSA-3wx9-g76r-9crv

11 месяцев назад

Missing Authorization vulnerability in Shakeeb Sadikeen RapidLoad allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RapidLoad: from n/a through 2.4.4.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-3wx9-f3x6-49f8

больше 2 лет назад

When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed traffic can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3wx8-32hq-qw6x

больше 2 лет назад

A vulnerability was found in mooSocial mooTravel 3.1.8 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. VDB-236210 is the identifier assigned to this vulnerability.

CVSS3: 3.5
EPSS: Низкий
github логотип

GHSA-3wx7-rcmj-m6wf

почти 2 года назад

Voltronic Power ViewPower Pro selectDeviceListBy SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the selectDeviceListBy method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-22163.

CVSS3: 9.8
EPSS: Средний
github логотип

GHSA-3wx7-h26j-wp5f

больше 3 лет назад

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.

EPSS: Низкий
github логотип

GHSA-3wx7-g4gx-j36c

около 1 года назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portfoliohub WordPress Portfolio Builder – Portfolio Gallery allows Stored XSS.This issue affects WordPress Portfolio Builder – Portfolio Gallery: from n/a through 1.1.7.

CVSS3: 5.9
EPSS: Низкий
github логотип

GHSA-3wx7-46ch-7rq2

больше 3 лет назад

AES OCB fails to encrypt some bytes

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3wx6-8fq9-gvgj

почти 4 года назад

Absolute path traversal vulnerability in index.php in Sys-Hotel on Line System allows remote attackers to read arbitrary files via an encoded "/" ("%2F") in the file parameter.

EPSS: Низкий
github логотип

GHSA-3wx6-5r67-625q

больше 3 лет назад

In versions bundled with BIG-IP APM 12.1.0-12.1.5 and 11.6.1-11.6.5.2, Edge Client for Linux exposes full session ID in the local log files.

EPSS: Низкий
github логотип

GHSA-3wx4-x6c7-9xm5

больше 3 лет назад

An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0.4 could disclose highly sensitive information.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-3wx2-wvxf-xw45

почти 4 года назад

SQL injection vulnerability in soporte_horizontal_w.php in PHP Webquest 2.6 allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter, a different vector than CVE-2007-4920.

EPSS: Низкий
github логотип

GHSA-3wx2-gggp-v6jp

больше 1 года назад

In multiple functions of MessageQueueBase.h, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-3wx2-5m79-ph37

почти 4 года назад

Cross-site Scripting (XSS) vulnerability in log view of Secomea SiteManager allows a logged in user to store javascript for later execution. This issue affects: Secomea SiteManager Version 9.6.621421014 and all prior versions.

CVSS3: 5.4
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3wxg-f3wj-3x8p

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.1.

CVSS3: 7.5
0%
Низкий
около 2 лет назад
github логотип
GHSA-3wxf-wxw2-g5hj

The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website.

CVSS3: 4.3
0%
Низкий
около 3 лет назад
github логотип
GHSA-3wxf-h9xq-wcv8

Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to hijack the authentication of users for requests that (1) create accounts or (2) reset passwords, related to the Special:Userlogin form.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3wxf-8h2q-7rqj

Denial of Service (DoS) vulnerability in the DMS module. Successful exploitation of this vulnerability will affect availability.

CVSS3: 7.5
0%
Низкий
около 2 лет назад
github логотип
GHSA-3wxf-2wrv-x2cq

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.4.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to Install.

CVSS3: 7.1
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3wxc-gqjr-6mh6

Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the session_id.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3wxc-cg64-x24r

Online Armor Personal Firewall 2.0.1.215 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtAllocateVirtualMemory, (2) NtConnectPort, (3) NtCreateFile, (4) NtCreateKey, (5) NtCreatePort, (6) NtDeleteFile, (7) NtDeleteValueKey, (8) NtLoadKey, (9) NtOpenFile, (10) NtOpenProcess, (11) NtOpenThread, (12) NtResumeThread, (13) NtSetContextThread, (14) NtSetValueKey, (15) NtSuspendProcess, (16) NtSuspendThread, and (17) NtTerminateThread.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3wx9-g76r-9crv

Missing Authorization vulnerability in Shakeeb Sadikeen RapidLoad allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RapidLoad: from n/a through 2.4.4.

CVSS3: 4.3
0%
Низкий
11 месяцев назад
github логотип
GHSA-3wx9-f3x6-49f8

When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed traffic can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS3: 7.5
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3wx8-32hq-qw6x

A vulnerability was found in mooSocial mooTravel 3.1.8 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. VDB-236210 is the identifier assigned to this vulnerability.

CVSS3: 3.5
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3wx7-rcmj-m6wf

Voltronic Power ViewPower Pro selectDeviceListBy SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the selectDeviceListBy method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-22163.

CVSS3: 9.8
36%
Средний
почти 2 года назад
github логотип
GHSA-3wx7-h26j-wp5f

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3wx7-g4gx-j36c

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portfoliohub WordPress Portfolio Builder – Portfolio Gallery allows Stored XSS.This issue affects WordPress Portfolio Builder – Portfolio Gallery: from n/a through 1.1.7.

CVSS3: 5.9
0%
Низкий
около 1 года назад
github логотип
GHSA-3wx7-46ch-7rq2

AES OCB fails to encrypt some bytes

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3wx6-8fq9-gvgj

Absolute path traversal vulnerability in index.php in Sys-Hotel on Line System allows remote attackers to read arbitrary files via an encoded "/" ("%2F") in the file parameter.

2%
Низкий
почти 4 года назад
github логотип
GHSA-3wx6-5r67-625q

In versions bundled with BIG-IP APM 12.1.0-12.1.5 and 11.6.1-11.6.5.2, Edge Client for Linux exposes full session ID in the local log files.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3wx4-x6c7-9xm5

An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0.4 could disclose highly sensitive information.

CVSS3: 5.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3wx2-wvxf-xw45

SQL injection vulnerability in soporte_horizontal_w.php in PHP Webquest 2.6 allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter, a different vector than CVE-2007-4920.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3wx2-gggp-v6jp

In multiple functions of MessageQueueBase.h, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS3: 5.3
0%
Низкий
больше 1 года назад
github логотип
GHSA-3wx2-5m79-ph37

Cross-site Scripting (XSS) vulnerability in log view of Secomea SiteManager allows a logged in user to store javascript for later execution. This issue affects: Secomea SiteManager Version 9.6.621421014 and all prior versions.

CVSS3: 5.4
1%
Низкий
почти 4 года назад

Уязвимостей на страницу