Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 529

Количество 314 529

github логотип

GHSA-3vwg-cxp6-wf3x

больше 3 лет назад

D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header.

EPSS: Низкий
github логотип

GHSA-3vwf-8mrh-29c3

11 месяцев назад

A code execution vulnerability exists in the Xiaomi shop applicationproduct. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-3vwc-vg65-rpwm

почти 4 года назад

Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 allow remote attackers to execute arbitrary code via crafted EMR records in an EMF file associated with a StarOffice/StarSuite document, which trigger a heap-based buffer overflow.

EPSS: Низкий
github логотип

GHSA-3vwc-j35j-g8jv

почти 2 года назад

An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-3vwc-9hxx-4mr4

больше 3 лет назад

An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1379, CVE-2019-1383.

EPSS: Низкий
github логотип

GHSA-3vw9-p3ff-4j6x

больше 3 лет назад

Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted FlashPix file.

EPSS: Низкий
github логотип

GHSA-3vw8-fxch-92g8

2 месяца назад

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-3vw8-44x3-wrr9

больше 3 лет назад

SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3vw7-gqq2-ffcx

больше 3 лет назад

In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when BIG-IP is provisioned with PEM or AFM module, an undisclosed input can cause Traffic Management Microkernel (TMM) to terminate.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3vw6-2x4m-gr8r

больше 3 лет назад

Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code Execution Vulnerability".

CVSS3: 8.8
EPSS: Средний
github логотип

GHSA-3vw5-w7rp-h2rf

около 1 года назад

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

EPSS: Низкий
github логотип

GHSA-3vw4-6555-wh35

3 месяца назад

A security flaw has been discovered in itsourcecode Inventory Management System 1.0. Affected is an unknown function of the file /LogSignModal.PHP. The manipulation of the argument U_USERNAME results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be exploited.

CVSS3: 7.3
EPSS: Низкий
github логотип

GHSA-3vw3-g8hp-j327

почти 4 года назад

Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing.

EPSS: Низкий
github логотип

GHSA-3vw3-8gqg-phx5

почти 4 года назад

The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability."

EPSS: Высокий
github логотип

GHSA-3vvx-rwp5-c7c5

больше 3 лет назад

Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read. An attacker can leverage this to launch a DoS attack.

EPSS: Низкий
github логотип

GHSA-3vvx-pv53-gmrh

больше 3 лет назад

mailscanner 4.68.8 and other versions before 4.74.16-1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) clamav-autoupdate, (3) avast-autoupdate, and (4) f-prot-6-autoupdate scripts in /etc/MailScanner/autoupdate/; the (5) bitdefender-wrapper, (6) kaspersky-wrapper, (7) clamav-wrapper, and (8) rav-wrapper scripts in /etc/MailScanner/wrapper/; the (9) Quarantine.pm, (10) TNEF.pm, (11) MessageBatch.pm, (12) WorkArea.pm, and (13) SA.pm scripts in /usr/share/MailScanner/MailScanner/; (14) /usr/sbin/MailScanner; and (15) scripts that load the /etc/MailScanner/mailscanner.conf.with.mcp configuration file.

EPSS: Низкий
github логотип

GHSA-3vvw-rvgw-fjmh

почти 2 года назад

Secure Boot Security Feature Bypass Vulnerability

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3vvw-qcwc-c3gc

около 1 года назад

Privilege escalation vulnerability in the Account module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVSS3: 6.6
EPSS: Низкий
github логотип

GHSA-3vvw-g7qx-ffjj

больше 3 лет назад

A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. There is no firmware validation (e.g., cryptographic signature validation) during a File Upload for a firmware update.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3vvv-pvc3-2gx5

больше 3 лет назад

SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3vwg-cxp6-wf3x

D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header.

8%
Низкий
больше 3 лет назад
github логотип
GHSA-3vwf-8mrh-29c3

A code execution vulnerability exists in the Xiaomi shop applicationproduct. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code.

CVSS3: 4.3
0%
Низкий
11 месяцев назад
github логотип
GHSA-3vwc-vg65-rpwm

Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 allow remote attackers to execute arbitrary code via crafted EMR records in an EMF file associated with a StarOffice/StarSuite document, which trigger a heap-based buffer overflow.

9%
Низкий
почти 4 года назад
github логотип
GHSA-3vwc-j35j-g8jv

An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution.

CVSS3: 5.3
0%
Низкий
почти 2 года назад
github логотип
GHSA-3vwc-9hxx-4mr4

An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1379, CVE-2019-1383.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3vw9-p3ff-4j6x

Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted FlashPix file.

8%
Низкий
больше 3 лет назад
github логотип
GHSA-3vw8-fxch-92g8

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVSS3: 5.4
0%
Низкий
2 месяца назад
github логотип
GHSA-3vw8-44x3-wrr9

SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3vw7-gqq2-ffcx

In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when BIG-IP is provisioned with PEM or AFM module, an undisclosed input can cause Traffic Management Microkernel (TMM) to terminate.

CVSS3: 6.5
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3vw6-2x4m-gr8r

Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code Execution Vulnerability".

CVSS3: 8.8
36%
Средний
больше 3 лет назад
github логотип
GHSA-3vw5-w7rp-h2rf

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

около 1 года назад
github логотип
GHSA-3vw4-6555-wh35

A security flaw has been discovered in itsourcecode Inventory Management System 1.0. Affected is an unknown function of the file /LogSignModal.PHP. The manipulation of the argument U_USERNAME results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be exploited.

CVSS3: 7.3
0%
Низкий
3 месяца назад
github логотип
GHSA-3vw3-g8hp-j327

Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3vw3-8gqg-phx5

The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability."

85%
Высокий
почти 4 года назад
github логотип
GHSA-3vvx-rwp5-c7c5

Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read. An attacker can leverage this to launch a DoS attack.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3vvx-pv53-gmrh

mailscanner 4.68.8 and other versions before 4.74.16-1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) clamav-autoupdate, (3) avast-autoupdate, and (4) f-prot-6-autoupdate scripts in /etc/MailScanner/autoupdate/; the (5) bitdefender-wrapper, (6) kaspersky-wrapper, (7) clamav-wrapper, and (8) rav-wrapper scripts in /etc/MailScanner/wrapper/; the (9) Quarantine.pm, (10) TNEF.pm, (11) MessageBatch.pm, (12) WorkArea.pm, and (13) SA.pm scripts in /usr/share/MailScanner/MailScanner/; (14) /usr/sbin/MailScanner; and (15) scripts that load the /etc/MailScanner/mailscanner.conf.with.mcp configuration file.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3vvw-rvgw-fjmh

Secure Boot Security Feature Bypass Vulnerability

CVSS3: 7.8
0%
Низкий
почти 2 года назад
github логотип
GHSA-3vvw-qcwc-c3gc

Privilege escalation vulnerability in the Account module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVSS3: 6.6
0%
Низкий
около 1 года назад
github логотип
GHSA-3vvw-g7qx-ffjj

A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. There is no firmware validation (e.g., cryptographic signature validation) during a File Upload for a firmware update.

CVSS3: 9.8
2%
Низкий
больше 3 лет назад
github логотип
GHSA-3vvv-pvc3-2gx5

SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket.

1%
Низкий
больше 3 лет назад

Уязвимостей на страницу