Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-3qwx-q6x9-637h

почти 2 года назад

Vulnerability of incorrect service logic in the WindowManagerServices module.Successful exploitation of this vulnerability may cause features to perform abnormally.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3qwx-fr6j-m6r7

больше 3 лет назад

Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3qwx-85qr-mvqm

почти 4 года назад

Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

EPSS: Низкий
github логотип

GHSA-3qww-7h3r-885f

почти 2 года назад

A vulnerability classified as problematic has been found in SourceCodester Warehouse Management System 1.0. This affects an unknown part of the file customer.php. The manipulation of the argument nama_customer/alamat_customer/notelp_customer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260271.

CVSS3: 3.5
EPSS: Низкий
github логотип

GHSA-3qww-55h8-4xjp

больше 3 лет назад

A security Bypass vulnerability exists in mod_fcgid through 2016-07-07 in the FcgidPassHeader Proxy.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3qwv-82r7-qfr8

больше 3 лет назад

In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the enterprise, which can lead to "undesirable results."

EPSS: Низкий
github логотип

GHSA-3qwr-mfh2-wggm

больше 3 лет назад

The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). The affected client software, "Sophos IPSec Client" 11.04 is a rebranded version of NCP "Secure Entry Client" 10.11 r32792. A vulnerability in the software update feature of the VPN client allows a man-in-the-middle (MITM) or man-on-the-side (MOTS) attacker to execute arbitrary, malicious software on a target user's computer. This is related to SIC_V11.04-64.exe (Sophos), NCP_EntryCl_Windows_x86_1004_31799.exe (NCP), and ncpmon.exe (both Sophos and NCP). The vulnerability exists because: (1) the VPN client requests update metadata over an insecure HTTP connection; and (2) the client software does not check if the software update is signed before running it.

CVSS3: 8.1
EPSS: Низкий
github логотип

GHSA-3qwr-jvvx-5665

больше 3 лет назад

checkinstall 1.6.2, when used to create a package that contains a symlink, may trigger the creation of a mode 0777 executable file.

EPSS: Низкий
github логотип

GHSA-3qwq-p88c-9vwf

больше 3 лет назад

/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3qwq-8wfq-2pfc

больше 3 лет назад

The Countdown Block WordPress plugin before 1.1.2 does not have authorisation in the eb_write_block_css AJAX action, which allows any authenticated user, such as Subscriber, to modify post contents displayed to users.

EPSS: Низкий
github логотип

GHSA-3qwm-q2c3-qv6x

больше 3 лет назад

IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permissions to obtain sensitive information via generic processes. IBM X-Force ID: 175639.

EPSS: Низкий
github логотип

GHSA-3qwj-pv6x-95j3

больше 3 лет назад

The trace functionality in libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-3qwj-cx3m-c3pj

около 2 лет назад

SmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to perform via commands. An authenticated with normal user privilege can execute administrator privilege, resulting in performing arbitrary system operations or disrupting service.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3qwj-7p4f-cf9r

больше 3 лет назад

platform/msm_shared/partition_parser.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate certain GUID Partition Table (GPT) data, which allows attackers to bypass intended access restrictions via a crafted MultiMediaCard (MMC), aka Android internal bug 28822878 and Qualcomm internal bug CR823461.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3qwh-w55v-784g

больше 3 лет назад

Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.

EPSS: Критический
github логотип

GHSA-3qwh-j562-h8h6

около 2 лет назад

Path transversal in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7DN HDMI firmware update tool software before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS3: 6.7
EPSS: Низкий
github логотип

GHSA-3qwh-g5rx-3xc3

больше 3 лет назад

Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote authenticated users to bypass intended access restrictions via unknown vectors.

EPSS: Средний
github логотип

GHSA-3qwg-vch4-4r45

около 4 лет назад

A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3qwg-rjm5-wq8p

9 месяцев назад

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.

CVSS3: 3.8
EPSS: Низкий
github логотип

GHSA-3qwg-qhg3-83g6

больше 3 лет назад

In a display driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable controlled by userspace is used to calculate offsets and sizes for copy operations, which could result in heap overflow.

CVSS3: 8.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3qwx-q6x9-637h

Vulnerability of incorrect service logic in the WindowManagerServices module.Successful exploitation of this vulnerability may cause features to perform abnormally.

CVSS3: 9.8
0%
Низкий
почти 2 года назад
github логотип
GHSA-3qwx-fr6j-m6r7

Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code.

CVSS3: 7.8
2%
Низкий
больше 3 лет назад
github логотип
GHSA-3qwx-85qr-mvqm

Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3qww-7h3r-885f

A vulnerability classified as problematic has been found in SourceCodester Warehouse Management System 1.0. This affects an unknown part of the file customer.php. The manipulation of the argument nama_customer/alamat_customer/notelp_customer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260271.

CVSS3: 3.5
0%
Низкий
почти 2 года назад
github логотип
GHSA-3qww-55h8-4xjp

A security Bypass vulnerability exists in mod_fcgid through 2016-07-07 in the FcgidPassHeader Proxy.

CVSS3: 8.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3qwv-82r7-qfr8

In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the enterprise, which can lead to "undesirable results."

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3qwr-mfh2-wggm

The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). The affected client software, "Sophos IPSec Client" 11.04 is a rebranded version of NCP "Secure Entry Client" 10.11 r32792. A vulnerability in the software update feature of the VPN client allows a man-in-the-middle (MITM) or man-on-the-side (MOTS) attacker to execute arbitrary, malicious software on a target user's computer. This is related to SIC_V11.04-64.exe (Sophos), NCP_EntryCl_Windows_x86_1004_31799.exe (NCP), and ncpmon.exe (both Sophos and NCP). The vulnerability exists because: (1) the VPN client requests update metadata over an insecure HTTP connection; and (2) the client software does not check if the software update is signed before running it.

CVSS3: 8.1
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3qwr-jvvx-5665

checkinstall 1.6.2, when used to create a package that contains a symlink, may trigger the creation of a mode 0777 executable file.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3qwq-p88c-9vwf

/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system.

CVSS3: 9.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3qwq-8wfq-2pfc

The Countdown Block WordPress plugin before 1.1.2 does not have authorisation in the eb_write_block_css AJAX action, which allows any authenticated user, such as Subscriber, to modify post contents displayed to users.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3qwm-q2c3-qv6x

IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permissions to obtain sensitive information via generic processes. IBM X-Force ID: 175639.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3qwj-pv6x-95j3

The trace functionality in libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3qwj-cx3m-c3pj

SmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to perform via commands. An authenticated with normal user privilege can execute administrator privilege, resulting in performing arbitrary system operations or disrupting service.

CVSS3: 8.8
0%
Низкий
около 2 лет назад
github логотип
GHSA-3qwj-7p4f-cf9r

platform/msm_shared/partition_parser.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate certain GUID Partition Table (GPT) data, which allows attackers to bypass intended access restrictions via a crafted MultiMediaCard (MMC), aka Android internal bug 28822878 and Qualcomm internal bug CR823461.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3qwh-w55v-784g

Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.

93%
Критический
больше 3 лет назад
github логотип
GHSA-3qwh-j562-h8h6

Path transversal in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7DN HDMI firmware update tool software before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS3: 6.7
0%
Низкий
около 2 лет назад
github логотип
GHSA-3qwh-g5rx-3xc3

Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote authenticated users to bypass intended access restrictions via unknown vectors.

31%
Средний
больше 3 лет назад
github логотип
GHSA-3qwg-vch4-4r45

A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS3: 7.8
0%
Низкий
около 4 лет назад
github логотип
GHSA-3qwg-rjm5-wq8p

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.

CVSS3: 3.8
0%
Низкий
9 месяцев назад
github логотип
GHSA-3qwg-qhg3-83g6

In a display driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable controlled by userspace is used to calculate offsets and sizes for copy operations, which could result in heap overflow.

CVSS3: 8.8
0%
Низкий
больше 3 лет назад

Уязвимостей на страницу