Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-3r7x-xv8f-pv5m

больше 3 лет назад

A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'.

EPSS: Низкий
github логотип

GHSA-3r7x-xp2q-64p6

почти 4 года назад

WinCE 3.0.9348 generates predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.

EPSS: Низкий
github логотип

GHSA-3r7x-vxx6-j729

почти 4 года назад

movemail in HP-UX 10.20 has insecure permissions, which allows local users to gain privileges.

EPSS: Низкий
github логотип

GHSA-3r7x-vv9v-4xqg

почти 4 года назад

SQL injection vulnerability in index.php in Invision Power Board allows remote attackers to execute arbitrary SQL commands via the pid parameter in a reputation action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

EPSS: Низкий
github логотип

GHSA-3r7x-fw6m-4w78

больше 3 лет назад

The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allowed to load content over "https:" but this requirement was not properly enforced. This can potentially allow privileged pages to be loaded by the extension. This vulnerability affects Firefox < 58.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3r7x-52q9-w4pw

9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix NULL pointer in can_accept_new_subflow When testing valkey benchmark tool with MPTCP, the kernel panics in 'mptcp_can_accept_new_subflow' because subflow_req->msk is NULL. Call trace: mptcp_can_accept_new_subflow (./net/mptcp/subflow.c:63 (discriminator 4)) (P) subflow_syn_recv_sock (./net/mptcp/subflow.c:854) tcp_check_req (./net/ipv4/tcp_minisocks.c:863) tcp_v4_rcv (./net/ipv4/tcp_ipv4.c:2268) ip_protocol_deliver_rcu (./net/ipv4/ip_input.c:207) ip_local_deliver_finish (./net/ipv4/ip_input.c:234) ip_local_deliver (./net/ipv4/ip_input.c:254) ip_rcv_finish (./net/ipv4/ip_input.c:449) ... According to the debug log, the same req received two SYN-ACK in a very short time, very likely because the client retransmits the syn ack due to multiple reasons. Even if the packets are transmitted with a relevant time interval, they can be processed by the server on different CPUs concurrently). ...

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3r7x-228q-mxc2

больше 2 лет назад

A vulnerability classified as critical has been found in Campcodes Simple Student Information System 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-244323.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3r7w-8rpr-7jcq

больше 3 лет назад

arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28814690 and Qualcomm internal bug CR554575.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3r7v-9q8r-r9gj

12 месяцев назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vito Peleg Atarim allows Reflected XSS. This issue affects Atarim: from n/a through 4.1.0.

CVSS3: 7.1
EPSS: Низкий
github логотип

GHSA-3r7v-265j-fg8v

почти 2 года назад

A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. Affected is the function formAddDnsForward of the file /goform/AddDnsForward. The manipulation of the argument DnsForwardRule leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261858 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3r7r-vmq3-cmvh

больше 3 лет назад

Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-3r7r-mrpq-cx9g

больше 3 лет назад

The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has two user accounts with default passwords, including a hardcoded service account with the username true and password true. These accounts can be used to login to the web interface, exploit authenticated command injections and change router settings for malicious purposes.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3r7r-62rh-7p3r

больше 3 лет назад

Jamf Self Service 10.9.0 allows man-in-the-middle attackers to obtain a root shell by leveraging the "publish Bash shell scripts" feature to insert "/Applications/Utilities/Terminal app/Contents/MacOS/Terminal" into the TCP data stream.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3r7r-25x9-hq63

больше 3 лет назад

The management implementation on Cisco ONS 15454 controller cards with software 9.8 and earlier allows remote attackers to cause a denial of service (card reset) via crafted packets, aka Bug ID CSCtz50902.

EPSS: Низкий
github логотип

GHSA-3r7q-rhw3-rmxq

больше 3 лет назад

IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC. IBM X-Force ID: 168883.

EPSS: Низкий
github логотип

GHSA-3r7q-94c4-jm45

5 месяцев назад

A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions. This vulnerability was fixed in 9.0.20.100 and above.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3r7q-27vw-j482

больше 3 лет назад

The successsecrets (aka com.alek.successsecrets) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

EPSS: Низкий
github логотип

GHSA-3r7p-5g7m-j435

больше 3 лет назад

Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote attackers to bypass intended economic restrictions and create many bitcoins via a crafted Bitcoin transaction.

EPSS: Низкий
github логотип

GHSA-3r7m-q5px-rp76

больше 3 лет назад

The Wire application before 2018-03-07 for Android allows attackers to write to pathnames outside of the downloads directory via a ../ in a filename of a received file, related to AssetService.scala.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3r7m-hxcx-w9m7

больше 2 лет назад

Mercury A15 V1.0 20230818_1.0.3 was discovered to contain a command execution vulnerability via the component cloudDeviceTokenSuccCB.

CVSS3: 9.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3r7x-xv8f-pv5m

A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3r7x-xp2q-64p6

WinCE 3.0.9348 generates predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.

7%
Низкий
почти 4 года назад
github логотип
GHSA-3r7x-vxx6-j729

movemail in HP-UX 10.20 has insecure permissions, which allows local users to gain privileges.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3r7x-vv9v-4xqg

SQL injection vulnerability in index.php in Invision Power Board allows remote attackers to execute arbitrary SQL commands via the pid parameter in a reputation action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3r7x-fw6m-4w78

The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allowed to load content over "https:" but this requirement was not properly enforced. This can potentially allow privileged pages to be loaded by the extension. This vulnerability affects Firefox < 58.

CVSS3: 7.5
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3r7x-52q9-w4pw

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix NULL pointer in can_accept_new_subflow When testing valkey benchmark tool with MPTCP, the kernel panics in 'mptcp_can_accept_new_subflow' because subflow_req->msk is NULL. Call trace: mptcp_can_accept_new_subflow (./net/mptcp/subflow.c:63 (discriminator 4)) (P) subflow_syn_recv_sock (./net/mptcp/subflow.c:854) tcp_check_req (./net/ipv4/tcp_minisocks.c:863) tcp_v4_rcv (./net/ipv4/tcp_ipv4.c:2268) ip_protocol_deliver_rcu (./net/ipv4/ip_input.c:207) ip_local_deliver_finish (./net/ipv4/ip_input.c:234) ip_local_deliver (./net/ipv4/ip_input.c:254) ip_rcv_finish (./net/ipv4/ip_input.c:449) ... According to the debug log, the same req received two SYN-ACK in a very short time, very likely because the client retransmits the syn ack due to multiple reasons. Even if the packets are transmitted with a relevant time interval, they can be processed by the server on different CPUs concurrently). ...

CVSS3: 5.5
0%
Низкий
9 месяцев назад
github логотип
GHSA-3r7x-228q-mxc2

A vulnerability classified as critical has been found in Campcodes Simple Student Information System 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-244323.

CVSS3: 5.5
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3r7w-8rpr-7jcq

arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28814690 and Qualcomm internal bug CR554575.

CVSS3: 5.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3r7v-9q8r-r9gj

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vito Peleg Atarim allows Reflected XSS. This issue affects Atarim: from n/a through 4.1.0.

CVSS3: 7.1
0%
Низкий
12 месяцев назад
github логотип
GHSA-3r7v-265j-fg8v

A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. Affected is the function formAddDnsForward of the file /goform/AddDnsForward. The manipulation of the argument DnsForwardRule leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261858 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS3: 8.8
0%
Низкий
почти 2 года назад
github логотип
GHSA-3r7r-vmq3-cmvh

Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks.

CVSS3: 4.3
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3r7r-mrpq-cx9g

The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has two user accounts with default passwords, including a hardcoded service account with the username true and password true. These accounts can be used to login to the web interface, exploit authenticated command injections and change router settings for malicious purposes.

CVSS3: 8.8
7%
Низкий
больше 3 лет назад
github логотип
GHSA-3r7r-62rh-7p3r

Jamf Self Service 10.9.0 allows man-in-the-middle attackers to obtain a root shell by leveraging the "publish Bash shell scripts" feature to insert "/Applications/Utilities/Terminal app/Contents/MacOS/Terminal" into the TCP data stream.

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3r7r-25x9-hq63

The management implementation on Cisco ONS 15454 controller cards with software 9.8 and earlier allows remote attackers to cause a denial of service (card reset) via crafted packets, aka Bug ID CSCtz50902.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3r7q-rhw3-rmxq

IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC. IBM X-Force ID: 168883.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3r7q-94c4-jm45

A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions. This vulnerability was fixed in 9.0.20.100 and above.

CVSS3: 8.8
0%
Низкий
5 месяцев назад
github логотип
GHSA-3r7q-27vw-j482

The successsecrets (aka com.alek.successsecrets) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3r7p-5g7m-j435

Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote attackers to bypass intended economic restrictions and create many bitcoins via a crafted Bitcoin transaction.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3r7m-q5px-rp76

The Wire application before 2018-03-07 for Android allows attackers to write to pathnames outside of the downloads directory via a ../ in a filename of a received file, related to AssetService.scala.

CVSS3: 7.5
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3r7m-hxcx-w9m7

Mercury A15 V1.0 20230818_1.0.3 was discovered to contain a command execution vulnerability via the component cloudDeviceTokenSuccCB.

CVSS3: 9.8
0%
Низкий
больше 2 лет назад

Уязвимостей на страницу