Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-3qgh-94cf-8mjr

больше 1 года назад

A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01 BETA. This affects the function formdumpeasysetup of the file /goform/formdumpeasysetup. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3qgh-6635-p7pp

больше 1 года назад

An issue in the Bluetooth Low Energy implementation of Realtek RTL8762E BLE SDK v1.4.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ll_terminate_ind packet.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-3qgh-24xg-pr22

больше 1 года назад

Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Name.

CVSS3: 4.8
EPSS: Низкий
github логотип

GHSA-3qgg-x8gm-v5qm

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-3qgg-rq2q-hq34

больше 1 года назад

In the Linux kernel, the following vulnerability has been resolved: netpoll: Fix race condition in netpoll_owner_active KCSAN detected a race condition in netpoll: BUG: KCSAN: data-race in net_rx_action / netpoll_send_skb write (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10: net_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822) <snip> read to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2: netpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393) netpoll_send_udp (net/core/netpoll.c:?) <snip> value changed: 0x0000000a -> 0xffffffff This happens because netpoll_owner_active() needs to check if the current CPU is the owner of the lock, touching napi->poll_owner non atomically. The ->poll_owner field contains the current CPU holding the lock. Use an atomic read to check if the poll owner is the current CPU.

CVSS3: 4.7
EPSS: Низкий
github логотип

GHSA-3qgg-q55f-9qv8

почти 4 года назад

** DISPUTED ** Directory traversal vulnerability in index.php in PHP Point Of Sale for osCommerce 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cfg_language parameter. NOTE: this issue has been disputed by CVE, since the cfg_language variable is configured upon proper product installation.

EPSS: Низкий
github логотип

GHSA-3qgg-g3px-jvhp

5 месяцев назад

NVIDIA DOCA contains a vulnerability in the collectx-dpeserver Debian package for arm64 that could allow an attacker with low privileges to escalate privileges. A successful exploit of this vulnerability might lead to escalation of privileges.

CVSS3: 7.3
EPSS: Низкий
github логотип

GHSA-3qgg-5wf9-23cw

больше 3 лет назад

A use after free in the TextBox field Mouse Enter action in IReader_ContentProvider can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031. An attacker can leverage this to gain remote code execution. Relative to CVE-2018-19444, this has a different free location and requires different JavaScript code for exploitation.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3qgg-3fwc-j9gv

больше 3 лет назад

The DTLS support in radsecproxy before 1.6.2 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients, a different vulnerability than CVE-2012-4523.

EPSS: Низкий
github логотип

GHSA-3qgf-m686-2pqj

больше 3 лет назад

Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

EPSS: Низкий
github логотип

GHSA-3qgc-vrvv-mv2r

больше 1 года назад

Memory corruption while processing voice packet with arbitrary data received from ADSP.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3qgc-jrrr-25jv

больше 1 года назад

PHP RCE: A Bypass of CVE-2012-1823, Argument Injection in PHP-CGI

EPSS: Критический
github логотип

GHSA-3qgc-gmq8-h85r

больше 3 лет назад

Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the log_id parameter to admin/editgroup.php.

CVSS3: 7.2
EPSS: Низкий
github логотип

GHSA-3qg9-h6qr-3w9j

почти 4 года назад

Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file.

EPSS: Низкий
github логотип

GHSA-3qg9-cv5p-h6hq

почти 4 года назад

Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments.

EPSS: Низкий
github логотип

GHSA-3qg9-856j-f4jv

больше 3 лет назад

The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

EPSS: Средний
github логотип

GHSA-3qg9-5cr6-vjmf

больше 3 лет назад

Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3qg8-96ff-3xhq

8 месяцев назад

A vulnerability, which was classified as critical, was found in JeeWMS up to 20250504. This affects the function filedeal of the file /systemController/filedeal.do of the component File Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

CVSS3: 6.3
EPSS: Низкий
github логотип

GHSA-3qg7-hh88-r5c3

больше 2 лет назад

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7.5 versions.

CVSS3: 7.1
EPSS: Низкий
github логотип

GHSA-3qg7-2p3j-xrqp

больше 2 лет назад

Product: AndroidVersions: Android SoCAndroid ID: A-278156680

CVSS3: 9.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3qgh-94cf-8mjr

A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01 BETA. This affects the function formdumpeasysetup of the file /goform/formdumpeasysetup. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 8.8
0%
Низкий
больше 1 года назад
github логотип
GHSA-3qgh-6635-p7pp

An issue in the Bluetooth Low Energy implementation of Realtek RTL8762E BLE SDK v1.4.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ll_terminate_ind packet.

CVSS3: 4.3
0%
Низкий
больше 1 года назад
github логотип
GHSA-3qgh-24xg-pr22

Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Name.

CVSS3: 4.8
0%
Низкий
больше 1 года назад
github логотип
GHSA-3qgg-x8gm-v5qm

Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL.

CVSS3: 5.4
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3qgg-rq2q-hq34

In the Linux kernel, the following vulnerability has been resolved: netpoll: Fix race condition in netpoll_owner_active KCSAN detected a race condition in netpoll: BUG: KCSAN: data-race in net_rx_action / netpoll_send_skb write (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10: net_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822) <snip> read to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2: netpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393) netpoll_send_udp (net/core/netpoll.c:?) <snip> value changed: 0x0000000a -> 0xffffffff This happens because netpoll_owner_active() needs to check if the current CPU is the owner of the lock, touching napi->poll_owner non atomically. The ->poll_owner field contains the current CPU holding the lock. Use an atomic read to check if the poll owner is the current CPU.

CVSS3: 4.7
0%
Низкий
больше 1 года назад
github логотип
GHSA-3qgg-q55f-9qv8

** DISPUTED ** Directory traversal vulnerability in index.php in PHP Point Of Sale for osCommerce 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cfg_language parameter. NOTE: this issue has been disputed by CVE, since the cfg_language variable is configured upon proper product installation.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3qgg-g3px-jvhp

NVIDIA DOCA contains a vulnerability in the collectx-dpeserver Debian package for arm64 that could allow an attacker with low privileges to escalate privileges. A successful exploit of this vulnerability might lead to escalation of privileges.

CVSS3: 7.3
0%
Низкий
5 месяцев назад
github логотип
GHSA-3qgg-5wf9-23cw

A use after free in the TextBox field Mouse Enter action in IReader_ContentProvider can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031. An attacker can leverage this to gain remote code execution. Relative to CVE-2018-19444, this has a different free location and requires different JavaScript code for exploitation.

CVSS3: 7.8
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3qgg-3fwc-j9gv

The DTLS support in radsecproxy before 1.6.2 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients, a different vulnerability than CVE-2012-4523.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3qgf-m686-2pqj

Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3qgc-vrvv-mv2r

Memory corruption while processing voice packet with arbitrary data received from ADSP.

CVSS3: 7.8
0%
Низкий
больше 1 года назад
github логотип
GHSA-3qgc-jrrr-25jv

PHP RCE: A Bypass of CVE-2012-1823, Argument Injection in PHP-CGI

94%
Критический
больше 1 года назад
github логотип
GHSA-3qgc-gmq8-h85r

Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the log_id parameter to admin/editgroup.php.

CVSS3: 7.2
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3qg9-h6qr-3w9j

Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file.

6%
Низкий
почти 4 года назад
github логотип
GHSA-3qg9-cv5p-h6hq

Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3qg9-856j-f4jv

The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

22%
Средний
больше 3 лет назад
github логотип
GHSA-3qg9-5cr6-vjmf

Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files.

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3qg8-96ff-3xhq

A vulnerability, which was classified as critical, was found in JeeWMS up to 20250504. This affects the function filedeal of the file /systemController/filedeal.do of the component File Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

CVSS3: 6.3
0%
Низкий
8 месяцев назад
github логотип
GHSA-3qg7-hh88-r5c3

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7.5 versions.

CVSS3: 7.1
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3qg7-2p3j-xrqp

Product: AndroidVersions: Android SoCAndroid ID: A-278156680

CVSS3: 9.8
0%
Низкий
больше 2 лет назад

Уязвимостей на страницу