Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-3r5p-qhf8-8xc9

больше 3 лет назад

Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_close at /my/unicorn/uc.c.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3r5p-998x-5m4f

почти 4 года назад

The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability."

EPSS: Средний
github логотип

GHSA-3r5p-5q8f-23jv

больше 3 лет назад

Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 system that utilizes inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a "Zip Bomb" attack.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-3r5p-42mc-834f

больше 2 лет назад

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3r5m-qgj5-854w

около 4 лет назад

Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services.

EPSS: Низкий
github логотип

GHSA-3r5j-phw6-cxph

около 3 лет назад

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note field after clicking "Add".

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-3r5h-mjx6-6cjh

больше 2 лет назад

Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access.

CVSS3: 4.1
EPSS: Низкий
github логотип

GHSA-3r5f-vjfp-r32c

почти 4 года назад

SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified other vectors.

EPSS: Низкий
github логотип

GHSA-3r5f-57cx-rf5j

больше 1 года назад

Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious path into the search directories, which the application could unknowingly execute. This could allow the attacker to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3r5f-3w86-fgf8

больше 3 лет назад

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.

CVSS3: 4.8
EPSS: Низкий
github логотип

GHSA-3r5f-38cp-r8x3

больше 2 лет назад

An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.

CVSS3: 7.5
EPSS: Критический
github логотип

GHSA-3r5c-h7g6-cqw7

почти 3 года назад

Duplicate Advisory: pimcore is vulnerable to cross-site scripting in classes module

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-3r5c-h748-vjgc

больше 3 лет назад

Untrusted search path vulnerability in Windows Media Device Manager in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rtf file, aka "DLL Planting Remote Code Execution Vulnerability."

EPSS: Низкий
github логотип

GHSA-3r58-xjch-5xjp

почти 2 года назад

The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3r58-vgpx-8w42

почти 4 года назад

Linux cdwtools 093 and earlier allows local users to gain root privileges via the /tmp directory.

EPSS: Низкий
github логотип

GHSA-3r58-6hw4-672v

больше 1 года назад

A SQL injection vulnerability in "/music/ajax.php?action=find_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "search" parameter.

CVSS3: 7.6
EPSS: Низкий
github логотип

GHSA-3r57-cvmr-xwg9

больше 3 лет назад

Cross-site request forgery (CSRF) vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to hijack the authentication of administrators and unintended operations may be performed via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-3r56-gc76-cxqc

10 месяцев назад

Missing Authorization vulnerability in Brady Vercher Cue allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cue: from n/a through 2.4.4.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-3r56-5r55-j5mh

около 1 года назад

An “Authentication Bypass Using an Alternate Path or Channel” vulnerability in the OPC UA Server configuration required for B&R mapp Cockpit before 6.0, B&R mapp View before 6.0, B&R mapp Services before 6.0, B&R mapp Motion before 6.0 and B&R mapp Vision before 6.0 may be used by an unauthenticated network-based attacker to cause information disclosure, unintended change of data, or denial of service conditions. B&R mapp Services is only affected, when mpUserX or mpCodeBox are used in the Automation Studio project.

EPSS: Низкий
github логотип

GHSA-3r55-8c76-hvc2

больше 2 лет назад

Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo.

CVSS3: 5.4
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3r5p-qhf8-8xc9

Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_close at /my/unicorn/uc.c.

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3r5p-998x-5m4f

The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability."

40%
Средний
почти 4 года назад
github логотип
GHSA-3r5p-5q8f-23jv

Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 system that utilizes inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a "Zip Bomb" attack.

CVSS3: 5.3
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3r5p-42mc-834f

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS3: 7.8
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3r5m-qgj5-854w

Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services.

1%
Низкий
около 4 лет назад
github логотип
GHSA-3r5j-phw6-cxph

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note field after clicking "Add".

CVSS3: 5.4
1%
Низкий
около 3 лет назад
github логотип
GHSA-3r5h-mjx6-6cjh

Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access.

CVSS3: 4.1
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3r5f-vjfp-r32c

SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified other vectors.

2%
Низкий
почти 4 года назад
github логотип
GHSA-3r5f-57cx-rf5j

Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious path into the search directories, which the application could unknowingly execute. This could allow the attacker to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction.

CVSS3: 7.8
0%
Низкий
больше 1 года назад
github логотип
GHSA-3r5f-3w86-fgf8

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.

CVSS3: 4.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3r5f-38cp-r8x3

An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.

CVSS3: 7.5
93%
Критический
больше 2 лет назад
github логотип
GHSA-3r5c-h7g6-cqw7

Duplicate Advisory: pimcore is vulnerable to cross-site scripting in classes module

CVSS3: 5.4
почти 3 года назад
github логотип
GHSA-3r5c-h748-vjgc

Untrusted search path vulnerability in Windows Media Device Manager in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rtf file, aka "DLL Planting Remote Code Execution Vulnerability."

6%
Низкий
больше 3 лет назад
github логотип
GHSA-3r58-xjch-5xjp

The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling.

CVSS3: 9.8
0%
Низкий
почти 2 года назад
github логотип
GHSA-3r58-vgpx-8w42

Linux cdwtools 093 and earlier allows local users to gain root privileges via the /tmp directory.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3r58-6hw4-672v

A SQL injection vulnerability in "/music/ajax.php?action=find_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "search" parameter.

CVSS3: 7.6
0%
Низкий
больше 1 года назад
github логотип
GHSA-3r57-cvmr-xwg9

Cross-site request forgery (CSRF) vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to hijack the authentication of administrators and unintended operations may be performed via unspecified vectors.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3r56-gc76-cxqc

Missing Authorization vulnerability in Brady Vercher Cue allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cue: from n/a through 2.4.4.

CVSS3: 4.3
0%
Низкий
10 месяцев назад
github логотип
GHSA-3r56-5r55-j5mh

An “Authentication Bypass Using an Alternate Path or Channel” vulnerability in the OPC UA Server configuration required for B&R mapp Cockpit before 6.0, B&R mapp View before 6.0, B&R mapp Services before 6.0, B&R mapp Motion before 6.0 and B&R mapp Vision before 6.0 may be used by an unauthenticated network-based attacker to cause information disclosure, unintended change of data, or denial of service conditions. B&R mapp Services is only affected, when mpUserX or mpCodeBox are used in the Automation Studio project.

0%
Низкий
около 1 года назад
github логотип
GHSA-3r55-8c76-hvc2

Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo.

CVSS3: 5.4
0%
Низкий
больше 2 лет назад

Уязвимостей на страницу