Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-3w57-2x48-2wv9

почти 4 года назад

SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter.

EPSS: Низкий
github логотип

GHSA-3w56-rxq6-73qf

больше 3 лет назад

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.

CVSS3: 7.2
EPSS: Низкий
github логотип

GHSA-3w56-qhmc-wqwr

почти 3 года назад

IBM Aspera Faspex 4.4.1 could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.

CVSS3: 9.8
EPSS: Критический
github логотип

GHSA-3w56-mg6p-g5gj

10 месяцев назад

Missing Authorization vulnerability in Oliver Boyers Pin Generator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pin Generator: from n/a through 2.0.0.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-3w55-xwjg-qq8w

больше 3 лет назад

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

EPSS: Средний
github логотип

GHSA-3w55-pwjx-p5m9

больше 3 лет назад

A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3w54-g522-46ww

около 4 лет назад

A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/users/Staff.php, staff{TITLE] parameter.

EPSS: Низкий
github логотип

GHSA-3w54-7254-p9mg

около 1 года назад

A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. This issue affects some unknown processing of the file /add_achievement_details.php. The manipulation of the argument ach_certy leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 6.3
EPSS: Низкий
github логотип

GHSA-3w53-pf87-j9x6

больше 3 лет назад

An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_start parameter.

CVSS3: 4.8
EPSS: Низкий
github логотип

GHSA-3w53-58xm-8pwx

около 1 года назад

Missing Authorization vulnerability in Pierre JEHAN Owl Carousel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Owl Carousel: from n/a through 0.5.3.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-3w4x-wq52-ff93

почти 4 года назад

Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file.

EPSS: Низкий
github логотип

GHSA-3w4x-g8q4-22gw

почти 4 года назад

The (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval forms in WebAPP before 0.9.9.5 use hidden inputs, which has unknown impact and remote attack vectors.

EPSS: Низкий
github логотип

GHSA-3w4w-m332-9cfq

больше 3 лет назад

The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392.

EPSS: Низкий
github логотип

GHSA-3w4v-rvc4-2xpw

больше 3 лет назад

Keycloak has Files or Directories Accessible to External Parties

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-3w4v-qfqc-3433

больше 3 лет назад

ChakraCore RCE Vulnerability

CVSS3: 7.5
EPSS: Критический
github логотип

GHSA-3w4r-prc4-q67c

около 1 года назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agnel Waghela Shortcode Collection allows Stored XSS.This issue affects Shortcode Collection: from n/a through 1.4.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3w4r-g3q4-3xjj

больше 1 года назад

In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible

CVSS3: 3.5
EPSS: Низкий
github логотип

GHSA-3w4p-r654-56p4

почти 4 года назад

Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escape_sqlData, implode_sql, and implode_sqlIn functions, but these are protection schemes, not the vulnerable functions.

EPSS: Низкий
github логотип

GHSA-3w4p-mc7m-x3qf

больше 3 лет назад

Directory traversal vulnerability in repository/filesystem/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a path.

EPSS: Низкий
github логотип

GHSA-3w4p-hjjh-fjwg

почти 4 года назад

FireGPG before 0.6 handle user?s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users?s private key.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3w57-2x48-2wv9

SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3w56-rxq6-73qf

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.

CVSS3: 7.2
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3w56-qhmc-wqwr

IBM Aspera Faspex 4.4.1 could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.

CVSS3: 9.8
94%
Критический
почти 3 года назад
github логотип
GHSA-3w56-mg6p-g5gj

Missing Authorization vulnerability in Oliver Boyers Pin Generator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pin Generator: from n/a through 2.0.0.

CVSS3: 5.4
0%
Низкий
10 месяцев назад
github логотип
GHSA-3w55-xwjg-qq8w

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

27%
Средний
больше 3 лет назад
github логотип
GHSA-3w55-pwjx-p5m9

A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file.

CVSS3: 7.8
4%
Низкий
больше 3 лет назад
github логотип
GHSA-3w54-g522-46ww

A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/users/Staff.php, staff{TITLE] parameter.

1%
Низкий
около 4 лет назад
github логотип
GHSA-3w54-7254-p9mg

A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. This issue affects some unknown processing of the file /add_achievement_details.php. The manipulation of the argument ach_certy leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 6.3
0%
Низкий
около 1 года назад
github логотип
GHSA-3w53-pf87-j9x6

An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_start parameter.

CVSS3: 4.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3w53-58xm-8pwx

Missing Authorization vulnerability in Pierre JEHAN Owl Carousel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Owl Carousel: from n/a through 0.5.3.

CVSS3: 5.3
0%
Низкий
около 1 года назад
github логотип
GHSA-3w4x-wq52-ff93

Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3w4x-g8q4-22gw

The (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval forms in WebAPP before 0.9.9.5 use hidden inputs, which has unknown impact and remote attack vectors.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3w4w-m332-9cfq

The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3w4v-rvc4-2xpw

Keycloak has Files or Directories Accessible to External Parties

CVSS3: 4.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3w4v-qfqc-3433

ChakraCore RCE Vulnerability

CVSS3: 7.5
91%
Критический
больше 3 лет назад
github логотип
GHSA-3w4r-prc4-q67c

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agnel Waghela Shortcode Collection allows Stored XSS.This issue affects Shortcode Collection: from n/a through 1.4.

CVSS3: 6.5
0%
Низкий
около 1 года назад
github логотип
GHSA-3w4r-g3q4-3xjj

In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible

CVSS3: 3.5
0%
Низкий
больше 1 года назад
github логотип
GHSA-3w4p-r654-56p4

Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escape_sqlData, implode_sql, and implode_sqlIn functions, but these are protection schemes, not the vulnerable functions.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3w4p-mc7m-x3qf

Directory traversal vulnerability in repository/filesystem/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a path.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3w4p-hjjh-fjwg

FireGPG before 0.6 handle user?s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users?s private key.

0%
Низкий
почти 4 года назад

Уязвимостей на страницу