Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-3wg9-ch55-29w5

больше 3 лет назад

In Bevywise MQTTRoute 1.1 build 1018-002, a connect packet combined with a malformed unsubscribe request packet can be used to cause a Denial of Service attack against the broker.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3wg9-7hfj-6cp9

почти 4 года назад

VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an "insecurely created named pipe," a different vulnerability than CVE-2008-1361.

EPSS: Низкий
github логотип

GHSA-3wg8-6w7g-gg2j

почти 3 года назад

The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not validate and escape one of its shortcode attributes before using it in a SQL statement, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3wg7-r7q5-r2jf

около 1 года назад

Indico Insecure Access

EPSS: Низкий
github логотип

GHSA-3wg6-mw5q-rvxh

больше 1 года назад

A vulnerability, which was classified as problematic, was found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805. Affected is an unknown function of the file /Report/ParkCommon/GetParkInThroughDeivces. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-3wg5-x88w-52fj

больше 1 года назад

A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials.

CVSS3: 6.5
EPSS: Средний
github логотип

GHSA-3wg4-x8pv-x63w

около 2 лет назад

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.0 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.0 and earlier allows a attacker to log in to the product may execute an arbitrary command.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3wg4-q244-7pm9

7 месяцев назад

A vulnerability has been found in 1000 Projects ABC Courier Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /Add_reciver.php. The manipulation of the argument reciver_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 7.3
EPSS: Низкий
github логотип

GHSA-3wg4-9v5r-3g2h

больше 2 лет назад

HTTP.sys Denial of Service Vulnerability

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3wg4-74hw-hxr7

больше 3 лет назад

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-2481.

EPSS: Низкий
github логотип

GHSA-3wg4-69x5-5r76

почти 3 года назад

A stack-based buffer overflow vulnerability [CWE-121] in the CA sign functionality of FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted password.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3wg3-6wwv-v265

больше 1 года назад

A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the KeBugCheckEx function.

EPSS: Средний
github логотип

GHSA-3wg2-8vcr-5m74

около 3 лет назад

The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs.

CVSS3: 5.3
EPSS: Средний
github логотип

GHSA-3wg2-72jm-537j

почти 3 года назад

In SAP BusinessObjects Business Intelligence Platform - version 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own CMS, leading to a high impact on availability.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3wg2-58mc-3xgh

3 месяца назад

Sensitive information uncleared in resource before release for reuse for some Intel(R) NPU Drivers for Windows before version 32.0.100.4023 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

CVSS3: 3.8
EPSS: Низкий
github логотип

GHSA-3wfx-w72c-xg7v

8 месяцев назад

Cross-Site Request Forgery (CSRF) vulnerability in mangup Personal Favicon allows Stored XSS. This issue affects Personal Favicon: from n/a through 2.0.

CVSS3: 7.1
EPSS: Низкий
github логотип

GHSA-3wfx-mj93-vf8v

больше 1 года назад

Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3wfw-hw9j-3p3m

12 дней назад

Froxlor Server Management Panel 0.10.16 contains a persistent cross-site scripting vulnerability in customer registration input fields. Attackers can inject malicious scripts through username, name, and firstname parameters to execute code when administrators view customer traffic modules.

CVSS3: 6.4
EPSS: Низкий
github логотип

GHSA-3wfw-cf7h-38c7

больше 1 года назад

A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials. This vulnerability is due to improper storage of the unencrypted database credentials on the device that is running Cisco IOS XR Software. An attacker could exploit this vulnerability by accessing the configuration files on an affected system. A successful exploit could allow the attacker to view MongoDB credentials.

CVSS3: 8.4
EPSS: Низкий
github логотип

GHSA-3wfv-3cfc-9mjc

почти 3 года назад

In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.

CVSS3: 6.1
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3wg9-ch55-29w5

In Bevywise MQTTRoute 1.1 build 1018-002, a connect packet combined with a malformed unsubscribe request packet can be used to cause a Denial of Service attack against the broker.

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3wg9-7hfj-6cp9

VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an "insecurely created named pipe," a different vulnerability than CVE-2008-1361.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3wg8-6w7g-gg2j

The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not validate and escape one of its shortcode attributes before using it in a SQL statement, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks.

CVSS3: 8.8
1%
Низкий
почти 3 года назад
github логотип
GHSA-3wg7-r7q5-r2jf

Indico Insecure Access

6%
Низкий
около 1 года назад
github логотип
GHSA-3wg6-mw5q-rvxh

A vulnerability, which was classified as problematic, was found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805. Affected is an unknown function of the file /Report/ParkCommon/GetParkInThroughDeivces. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 4.3
1%
Низкий
больше 1 года назад
github логотип
GHSA-3wg5-x88w-52fj

A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials.

CVSS3: 6.5
17%
Средний
больше 1 года назад
github логотип
GHSA-3wg4-x8pv-x63w

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.0 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.0 and earlier allows a attacker to log in to the product may execute an arbitrary command.

CVSS3: 8.8
0%
Низкий
около 2 лет назад
github логотип
GHSA-3wg4-q244-7pm9

A vulnerability has been found in 1000 Projects ABC Courier Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /Add_reciver.php. The manipulation of the argument reciver_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 7.3
0%
Низкий
7 месяцев назад
github логотип
GHSA-3wg4-9v5r-3g2h

HTTP.sys Denial of Service Vulnerability

CVSS3: 7.5
1%
Низкий
больше 2 лет назад
github логотип
GHSA-3wg4-74hw-hxr7

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-2481.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3wg4-69x5-5r76

A stack-based buffer overflow vulnerability [CWE-121] in the CA sign functionality of FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted password.

CVSS3: 8.8
0%
Низкий
почти 3 года назад
github логотип
GHSA-3wg3-6wwv-v265

A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the KeBugCheckEx function.

19%
Средний
больше 1 года назад
github логотип
GHSA-3wg2-8vcr-5m74

The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs.

CVSS3: 5.3
59%
Средний
около 3 лет назад
github логотип
GHSA-3wg2-72jm-537j

In SAP BusinessObjects Business Intelligence Platform - version 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own CMS, leading to a high impact on availability.

CVSS3: 7.5
0%
Низкий
почти 3 года назад
github логотип
GHSA-3wg2-58mc-3xgh

Sensitive information uncleared in resource before release for reuse for some Intel(R) NPU Drivers for Windows before version 32.0.100.4023 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

CVSS3: 3.8
0%
Низкий
3 месяца назад
github логотип
GHSA-3wfx-w72c-xg7v

Cross-Site Request Forgery (CSRF) vulnerability in mangup Personal Favicon allows Stored XSS. This issue affects Personal Favicon: from n/a through 2.0.

CVSS3: 7.1
0%
Низкий
8 месяцев назад
github логотип
GHSA-3wfx-mj93-vf8v

Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS3: 8.8
0%
Низкий
больше 1 года назад
github логотип
GHSA-3wfw-hw9j-3p3m

Froxlor Server Management Panel 0.10.16 contains a persistent cross-site scripting vulnerability in customer registration input fields. Attackers can inject malicious scripts through username, name, and firstname parameters to execute code when administrators view customer traffic modules.

CVSS3: 6.4
0%
Низкий
12 дней назад
github логотип
GHSA-3wfw-cf7h-38c7

A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials. This vulnerability is due to improper storage of the unencrypted database credentials on the device that is running Cisco IOS XR Software. An attacker could exploit this vulnerability by accessing the configuration files on an affected system. A successful exploit could allow the attacker to view MongoDB credentials.

CVSS3: 8.4
0%
Низкий
больше 1 года назад
github логотип
GHSA-3wfv-3cfc-9mjc

In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.

CVSS3: 6.1
5%
Низкий
почти 3 года назад

Уязвимостей на страницу