Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-3p62-jm9h-gf52

больше 3 лет назад

An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 123661.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-3p62-6fjh-3p5h

больше 2 лет назад

Keycloak vulnerable to cross-site scripting when validating URI-schemes on SAML and OIDC

CVSS3: 10
EPSS: Низкий
github логотип

GHSA-3p62-42x7-gxg5

больше 1 года назад

Grafana User enumeration via forget password

CVSS3: 6.7
EPSS: Низкий
github логотип

GHSA-3p62-3xx8-qq46

больше 3 лет назад

The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (disrupted domain access) via spoofed AN messages that reset a finite state machine, aka Bug ID CSCup62293.

EPSS: Низкий
github логотип

GHSA-3p62-2p5c-mgqj

почти 2 года назад

An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap overflow in AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42aac.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3p5w-c6fg-w249

почти 4 года назад

On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3p5w-29q3-9985

24 дня назад

A stack overflow in the dump_ttxt_sample function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted packet.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3p5v-9pqp-m2pp

больше 1 года назад

Improper Neutralization of Input During Web Page Generation vulnerability in SOKRATES-software SOWA OPAC allows a Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects SOWA OPAC software in versions from 4.0 before 4.9.10, from 5.0 before 6.2.12.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-3p5v-4gv6-58hf

больше 3 лет назад

Vulnerability in the PeopleSoft Enterprise HCM Absence Management product of Oracle PeopleSoft (component: Absence Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Absence Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Absence Management accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

EPSS: Низкий
github логотип

GHSA-3p5r-wcf3-c745

больше 3 лет назад

The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's block.

EPSS: Низкий
github логотип

GHSA-3p5r-7cw3-2m67

больше 3 лет назад

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

EPSS: Низкий
github логотип

GHSA-3p5q-mj37-8frf

почти 4 года назад

Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows untrusted applets to access the system clipboard.

EPSS: Низкий
github логотип

GHSA-3p5q-c694-c8q3

9 месяцев назад

A vulnerability, which was classified as critical, was found in code-projects Album Management System 1.0. This affects the function searchalbum of the component Search Albums. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-3p5q-8m4h-wr8g

больше 3 лет назад

Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution.

EPSS: Низкий
github логотип

GHSA-3p5q-5ghh-h456

больше 3 лет назад

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the CN= parm in the "/goform/net_WebCSRGen" uri to trigger this vulnerability.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3p5q-2rr6-m932

24 дня назад

Ether MP3 CD Burner 1.3.8 contains a buffer overflow vulnerability in the registration name field that allows remote code execution. Attackers can craft a malicious payload to overwrite SEH handlers and execute a bind shell on port 3110 by exploiting improper input validation.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3p5p-wf36-fw98

больше 3 лет назад

EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files.

CVSS3: 6.3
EPSS: Низкий
github логотип

GHSA-3p5p-c5mc-jqg3

около 1 года назад

Missing Authorization vulnerability in Lauri Karisola / WP Trio Stock Sync for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Sync for WooCommerce: from n/a through 2.3.2.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-3p5p-863p-q64f

почти 4 года назад

The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population.

EPSS: Низкий
github логотип

GHSA-3p5m-m447-4mm4

больше 3 лет назад

Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to cause a denial of service (cold start) by sending two crafted ping requests.

CVSS3: 7.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3p62-jm9h-gf52

An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 123661.

CVSS3: 4.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3p62-6fjh-3p5h

Keycloak vulnerable to cross-site scripting when validating URI-schemes on SAML and OIDC

CVSS3: 10
2%
Низкий
больше 2 лет назад
github логотип
GHSA-3p62-42x7-gxg5

Grafana User enumeration via forget password

CVSS3: 6.7
0%
Низкий
больше 1 года назад
github логотип
GHSA-3p62-3xx8-qq46

The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (disrupted domain access) via spoofed AN messages that reset a finite state machine, aka Bug ID CSCup62293.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3p62-2p5c-mgqj

An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap overflow in AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42aac.

CVSS3: 6.5
0%
Низкий
почти 2 года назад
github логотип
GHSA-3p5w-c6fg-w249

On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol.

CVSS3: 7.5
0%
Низкий
почти 4 года назад
github логотип
GHSA-3p5w-29q3-9985

A stack overflow in the dump_ttxt_sample function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted packet.

CVSS3: 7.5
0%
Низкий
24 дня назад
github логотип
GHSA-3p5v-9pqp-m2pp

Improper Neutralization of Input During Web Page Generation vulnerability in SOKRATES-software SOWA OPAC allows a Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects SOWA OPAC software in versions from 4.0 before 4.9.10, from 5.0 before 6.2.12.

CVSS3: 6.1
2%
Низкий
больше 1 года назад
github логотип
GHSA-3p5v-4gv6-58hf

Vulnerability in the PeopleSoft Enterprise HCM Absence Management product of Oracle PeopleSoft (component: Absence Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Absence Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Absence Management accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3p5r-wcf3-c745

The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's block.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3p5r-7cw3-2m67

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

7%
Низкий
больше 3 лет назад
github логотип
GHSA-3p5q-mj37-8frf

Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows untrusted applets to access the system clipboard.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3p5q-c694-c8q3

A vulnerability, which was classified as critical, was found in code-projects Album Management System 1.0. This affects the function searchalbum of the component Search Albums. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

CVSS3: 5.3
0%
Низкий
9 месяцев назад
github логотип
GHSA-3p5q-8m4h-wr8g

Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution.

8%
Низкий
больше 3 лет назад
github логотип
GHSA-3p5q-5ghh-h456

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the CN= parm in the "/goform/net_WebCSRGen" uri to trigger this vulnerability.

CVSS3: 8.8
3%
Низкий
больше 3 лет назад
github логотип
GHSA-3p5q-2rr6-m932

Ether MP3 CD Burner 1.3.8 contains a buffer overflow vulnerability in the registration name field that allows remote code execution. Attackers can craft a malicious payload to overwrite SEH handlers and execute a bind shell on port 3110 by exploiting improper input validation.

CVSS3: 9.8
0%
Низкий
24 дня назад
github логотип
GHSA-3p5p-wf36-fw98

EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files.

CVSS3: 6.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3p5p-c5mc-jqg3

Missing Authorization vulnerability in Lauri Karisola / WP Trio Stock Sync for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Sync for WooCommerce: from n/a through 2.3.2.

CVSS3: 4.3
0%
Низкий
около 1 года назад
github логотип
GHSA-3p5p-863p-q64f

The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population.

3%
Низкий
почти 4 года назад
github логотип
GHSA-3p5m-m447-4mm4

Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to cause a denial of service (cold start) by sending two crafted ping requests.

CVSS3: 7.5
1%
Низкий
больше 3 лет назад

Уязвимостей на страницу