Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-3rhc-hj98-5mpj

8 месяцев назад

Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the tor blocking feature when the Devolutions hosted endpoint is not reachable.

CVSS3: 5
EPSS: Низкий
github логотип

GHSA-3rhc-g969-jjxw

5 месяцев назад

A weakness has been identified in Campcodes Online Learning Management System 1.0. This vulnerability affects unknown code of the file /admin/admin_user.php. Executing manipulation of the argument firstname can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.

CVSS3: 7.3
EPSS: Низкий
github логотип

GHSA-3rhc-44qf-c226

больше 2 лет назад

A vulnerability has been discovered in Rocket.Chat, where editing messages can change the original timestamp, causing the UI to display messages in an incorrect order.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-3rh8-vm3g-5r4x

больше 3 лет назад

TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3rh8-jx6v-pf36

почти 3 года назад

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3rh8-f4gv-8c37

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in vud_term.module in the Vote Up/Down module 6.x-2.x before 6.x-2.8 and 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via taxonomy terms.

EPSS: Низкий
github логотип

GHSA-3rh7-vm4x-q2hp

около 7 лет назад

sqlserver is malware

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3rh7-494q-3mjq

больше 3 лет назад

A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3rh6-vqr9-vpx5

больше 3 лет назад

Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via a large crontab file because an unlimited number of lines is accepted.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3rh6-mpmf-236w

больше 2 лет назад

iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3rh6-4p5j-qqfp

больше 3 лет назад

An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can retrieve recently used and running applications, their icons, and their file paths. This information is sent in cleartext and is not protected by any authentication logic.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-3rh5-9p47-7947

больше 3 лет назад

The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core.

EPSS: Низкий
github логотип

GHSA-3rh4-hgwg-p5c2

больше 3 лет назад

Windows Connected Devices Platform Service Information Disclosure Vulnerability.

CVSS3: 4.7
EPSS: Низкий
github логотип

GHSA-3rh3-x38g-8fjx

почти 4 года назад

Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0975.

EPSS: Средний
github логотип

GHSA-3rh3-wfr4-76mj

почти 5 лет назад

Regular expression Denial of Service in multiple packages

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3rh3-mwf4-58r4

больше 3 лет назад

In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit Directory Traversal to execute arbitrary code on the appliance.

CVSS3: 7.2
EPSS: Низкий
github логотип

GHSA-3rh2-mmpx-4299

больше 3 лет назад

The search-everything plugin before 8.1.7 for WordPress has SQL injection related to WordPress 4.7.x, a different vulnerability than CVE-2014-2316.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3rh2-hpf7-3mm7

больше 3 лет назад

An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling xfa.event.rest XFA JavaScript due to accessing a wild pointer.

EPSS: Низкий
github логотип

GHSA-3rgx-xp66-8w52

почти 4 года назад

Cross-site scripting (XSS) vulnerability in Compaq Insight Management Agents 2.0, 2.1, 3.6.0, 4.2 and 4.3.7 allows remote attackers to inject arbitrary web script or HTML via a URL, which inserts the script into the resulting error message.

EPSS: Низкий
github логотип

GHSA-3rgx-c7jv-r7q6

больше 3 лет назад

A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an authenticated, remote attacker to perform arbitrary file downloads that could allow the attacker to read files from the underlying filesystem. More Information: CSCvc90335. Known Affected Releases: 12.1.

CVSS3: 6.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3rhc-hj98-5mpj

Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the tor blocking feature when the Devolutions hosted endpoint is not reachable.

CVSS3: 5
0%
Низкий
8 месяцев назад
github логотип
GHSA-3rhc-g969-jjxw

A weakness has been identified in Campcodes Online Learning Management System 1.0. This vulnerability affects unknown code of the file /admin/admin_user.php. Executing manipulation of the argument firstname can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.

CVSS3: 7.3
0%
Низкий
5 месяцев назад
github логотип
GHSA-3rhc-44qf-c226

A vulnerability has been discovered in Rocket.Chat, where editing messages can change the original timestamp, causing the UI to display messages in an incorrect order.

CVSS3: 5.3
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3rh8-vm3g-5r4x

TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges.

CVSS3: 8.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3rh8-jx6v-pf36

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

CVSS3: 7.5
0%
Низкий
почти 3 года назад
github логотип
GHSA-3rh8-f4gv-8c37

Cross-site scripting (XSS) vulnerability in vud_term.module in the Vote Up/Down module 6.x-2.x before 6.x-2.8 and 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via taxonomy terms.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3rh7-vm4x-q2hp

sqlserver is malware

CVSS3: 7.5
0%
Низкий
около 7 лет назад
github логотип
GHSA-3rh7-494q-3mjq

A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code.

CVSS3: 8.8
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3rh6-vqr9-vpx5

Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via a large crontab file because an unlimited number of lines is accepted.

CVSS3: 5.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3rh6-mpmf-236w

iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php.

CVSS3: 9.8
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3rh6-4p5j-qqfp

An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can retrieve recently used and running applications, their icons, and their file paths. This information is sent in cleartext and is not protected by any authentication logic.

CVSS3: 5.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3rh5-9p47-7947

The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3rh4-hgwg-p5c2

Windows Connected Devices Platform Service Information Disclosure Vulnerability.

CVSS3: 4.7
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3rh3-x38g-8fjx

Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0975.

54%
Средний
почти 4 года назад
github логотип
GHSA-3rh3-wfr4-76mj

Regular expression Denial of Service in multiple packages

CVSS3: 6.5
8%
Низкий
почти 5 лет назад
github логотип
GHSA-3rh3-mwf4-58r4

In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit Directory Traversal to execute arbitrary code on the appliance.

CVSS3: 7.2
4%
Низкий
больше 3 лет назад
github логотип
GHSA-3rh2-mmpx-4299

The search-everything plugin before 8.1.7 for WordPress has SQL injection related to WordPress 4.7.x, a different vulnerability than CVE-2014-2316.

CVSS3: 9.8
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3rh2-hpf7-3mm7

An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling xfa.event.rest XFA JavaScript due to accessing a wild pointer.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3rgx-xp66-8w52

Cross-site scripting (XSS) vulnerability in Compaq Insight Management Agents 2.0, 2.1, 3.6.0, 4.2 and 4.3.7 allows remote attackers to inject arbitrary web script or HTML via a URL, which inserts the script into the resulting error message.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3rgx-c7jv-r7q6

A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an authenticated, remote attacker to perform arbitrary file downloads that could allow the attacker to read files from the underlying filesystem. More Information: CSCvc90335. Known Affected Releases: 12.1.

CVSS3: 6.5
1%
Низкий
больше 3 лет назад

Уязвимостей на страницу