Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-3wcx-33v7-xf78

больше 3 лет назад

Samsung Galaxy Apps before 4.4.01.7 allows modification of the hostname used for load balancing on installations of applications through a man-in-the-middle attack. An attacker may trick Galaxy Apps into using an arbitrary hostname for which the attacker can provide a valid SSL certificate, and emulate the API of the app store to modify existing apps at installation time. The specific flaw involves an HTTP method to obtain the load-balanced hostname that enforces SSL only after obtaining a hostname from the load balancer, and a missing app signature validation in the application XML. An attacker can exploit this vulnerability to achieve Remote Code Execution on the device. The Samsung ID is SVE-2018-12071.

CVSS3: 8.1
EPSS: Низкий
github логотип

GHSA-3wcw-m33p-8r99

больше 3 лет назад

Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application.

CVSS3: 4.7
EPSS: Низкий
github логотип

GHSA-3wcw-6j7r-p57r

5 месяцев назад

The eID Easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS3: 6.4
EPSS: Низкий
github логотип

GHSA-3wcv-7wxv-gvf8

3 месяца назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Builderall Builderall Builder for WordPress builderall-cheetah-for-wp allows Stored XSS.This issue affects Builderall Builder for WordPress: from n/a through <= 3.0.1.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3wcv-7r47-m45v

больше 3 лет назад

The krb5_db2_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4, when the db2 (aka Berkeley DB) back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, a different vulnerability than CVE-2011-1528.

EPSS: Низкий
github логотип

GHSA-3wcr-vccv-4fcx

больше 3 лет назад

The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3wcr-p8pv-4w4w

больше 3 лет назад

Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service (out-of-bounds access and QEMU process crash) via vectors related to VLAN stripping.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3wcq-x3mq-6r9p

больше 4 лет назад

Potential memory exposure in dns-packet

CVSS3: 7.7
EPSS: Низкий
github логотип

GHSA-3wcq-hf94-333f

больше 3 лет назад

In MISP before 2.4.89, app/View/Events/resolved_attributes.ctp has multiple XSS issues via a malicious MISP module.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-3wcp-pwj7-fwmf

около 1 года назад

Multiple command injection vulnerabilities exist in the web interface of the 501 Wireless Client Bridge which could lead to authenticated remote command execution. Successful exploitation of these vulnerabilities result in the ability of an attacker to execute arbitrary commands as a privileged user on the underlying operating system. Exploitation requires administrative authentication credentials on the host system.

CVSS3: 7.2
EPSS: Низкий
github логотип

GHSA-3wcp-g7h4-2r32

около 1 года назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Moose Moose Elementor Kit allows DOM-Based XSS.This issue affects Moose Elementor Kit: from n/a through 1.0.0.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3wcp-fjfh-pw9r

больше 3 лет назад

The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written. A compromised server could use this to write a file to an arbitrary location on the client with the filename appended with the string "_pub.pem".

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3wcm-x9f4-v99q

около 4 лет назад

MetInfo 7.0 beta contains a stored cross-site scripting (XSS) vulnerability in the $name parameter of admin/?n=column&c=index&a=doAddColumn.

EPSS: Низкий
github логотип

GHSA-3wcm-vppv-p3q9

больше 3 лет назад

IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3wcm-m2wj-fj25

около 1 года назад

The Legull WordPress plugin through 1.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

CVSS3: 7.1
EPSS: Низкий
github логотип

GHSA-3wcj-rg8q-9cqv

больше 3 лет назад

Open redirect in ASP.NET Core

CVSS3: 8.8
EPSS: Средний
github логотип

GHSA-3wcj-pc96-v578

6 месяцев назад

A vulnerability has been found in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-3wcj-f5mq-gxw2

больше 3 лет назад

Tenda TX9 Pro 22.03.02.10 devices have a SetNetControlList buffer overflow.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3wch-cp8h-4vh3

больше 3 лет назад

Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution.

CVSS3: 9.8
EPSS: Средний
github логотип

GHSA-3wch-5xm2-547f

больше 1 года назад

An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure.

CVSS3: 9.9
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3wcx-33v7-xf78

Samsung Galaxy Apps before 4.4.01.7 allows modification of the hostname used for load balancing on installations of applications through a man-in-the-middle attack. An attacker may trick Galaxy Apps into using an arbitrary hostname for which the attacker can provide a valid SSL certificate, and emulate the API of the app store to modify existing apps at installation time. The specific flaw involves an HTTP method to obtain the load-balanced hostname that enforces SSL only after obtaining a hostname from the load balancer, and a missing app signature validation in the application XML. An attacker can exploit this vulnerability to achieve Remote Code Execution on the device. The Samsung ID is SVE-2018-12071.

CVSS3: 8.1
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3wcw-m33p-8r99

Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application.

CVSS3: 4.7
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3wcw-6j7r-p57r

The eID Easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS3: 6.4
0%
Низкий
5 месяцев назад
github логотип
GHSA-3wcv-7wxv-gvf8

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Builderall Builderall Builder for WordPress builderall-cheetah-for-wp allows Stored XSS.This issue affects Builderall Builder for WordPress: from n/a through <= 3.0.1.

CVSS3: 6.5
0%
Низкий
3 месяца назад
github логотип
GHSA-3wcv-7r47-m45v

The krb5_db2_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4, when the db2 (aka Berkeley DB) back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, a different vulnerability than CVE-2011-1528.

5%
Низкий
больше 3 лет назад
github логотип
GHSA-3wcr-vccv-4fcx

The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.

CVSS3: 7.5
3%
Низкий
больше 3 лет назад
github логотип
GHSA-3wcr-p8pv-4w4w

Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service (out-of-bounds access and QEMU process crash) via vectors related to VLAN stripping.

CVSS3: 7.5
3%
Низкий
больше 3 лет назад
github логотип
GHSA-3wcq-x3mq-6r9p

Potential memory exposure in dns-packet

CVSS3: 7.7
1%
Низкий
больше 4 лет назад
github логотип
GHSA-3wcq-hf94-333f

In MISP before 2.4.89, app/View/Events/resolved_attributes.ctp has multiple XSS issues via a malicious MISP module.

CVSS3: 6.1
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3wcp-pwj7-fwmf

Multiple command injection vulnerabilities exist in the web interface of the 501 Wireless Client Bridge which could lead to authenticated remote command execution. Successful exploitation of these vulnerabilities result in the ability of an attacker to execute arbitrary commands as a privileged user on the underlying operating system. Exploitation requires administrative authentication credentials on the host system.

CVSS3: 7.2
1%
Низкий
около 1 года назад
github логотип
GHSA-3wcp-g7h4-2r32

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Moose Moose Elementor Kit allows DOM-Based XSS.This issue affects Moose Elementor Kit: from n/a through 1.0.0.

CVSS3: 6.5
0%
Низкий
около 1 года назад
github логотип
GHSA-3wcp-fjfh-pw9r

The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written. A compromised server could use this to write a file to an arbitrary location on the client with the filename appended with the string "_pub.pem".

CVSS3: 6.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3wcm-x9f4-v99q

MetInfo 7.0 beta contains a stored cross-site scripting (XSS) vulnerability in the $name parameter of admin/?n=column&c=index&a=doAddColumn.

0%
Низкий
около 4 лет назад
github логотип
GHSA-3wcm-vppv-p3q9

IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025.

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3wcm-m2wj-fj25

The Legull WordPress plugin through 1.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

CVSS3: 7.1
0%
Низкий
около 1 года назад
github логотип
GHSA-3wcj-rg8q-9cqv

Open redirect in ASP.NET Core

CVSS3: 8.8
10%
Средний
больше 3 лет назад
github логотип
GHSA-3wcj-pc96-v578

A vulnerability has been found in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 4.3
0%
Низкий
6 месяцев назад
github логотип
GHSA-3wcj-f5mq-gxw2

Tenda TX9 Pro 22.03.02.10 devices have a SetNetControlList buffer overflow.

CVSS3: 9.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3wch-cp8h-4vh3

Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution.

CVSS3: 9.8
11%
Средний
больше 3 лет назад
github логотип
GHSA-3wch-5xm2-547f

An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure.

CVSS3: 9.9
0%
Низкий
больше 1 года назад

Уязвимостей на страницу