Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-3p3p-qg5g-j2p5

больше 3 лет назад

SQL injection vulnerability in view.php in Butterfly Organizer 2.0.1 allows remote attackers to execute arbitrary SQL commands via the mytable parameter. NOTE: the id vector is covered by another CVE name.

EPSS: Низкий
github логотип

GHSA-3p3p-pvm7-cggr

больше 3 лет назад

Winston 1.5.4 devices are vulnerable to command injection via the API.

EPSS: Низкий
github логотип

GHSA-3p3p-cgj7-vgw3

почти 2 года назад

RSSHub vulnerable to Server-Side Request Forgery

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3p3m-mqcr-8mfw

больше 2 лет назад

Inappropriate implementation in Cast UI in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to spoof browser UI via a crafted HTML page. (Chromium security severity: Low)

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-3p3m-h26v-9r73

больше 3 лет назад

The Quectel RG502Q-EA modem before 2022-02-23 allow OS Command Injection.

CVSS3: 9.8
EPSS: Средний
github логотип

GHSA-3p3h-qghp-hvh2

почти 5 лет назад

Open Redirect in werkzeug

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-3p3h-j9q4-q239

больше 1 года назад

Incorrect access control in the firmware update and download processes of IVY Smart v4.5.0 allows attackers to access sensitive information by analyzing the code and data within the APK file.

CVSS3: 8.4
EPSS: Низкий
github логотип

GHSA-3p3h-7wpm-9j2r

больше 3 лет назад

Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the function Pollers > Broker Configuration by adding a crafted payload into the name parameter.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-3p3h-5g54-qmc8

больше 1 года назад

ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3p3g-vpw6-4w66

больше 4 лет назад

Authentication Bypass in hydra

CVSS3: 5.8
EPSS: Низкий
github логотип

GHSA-3p3g-v9c5-jwvw

почти 3 года назад

An improper certificate validation vulnerability [CWE-295] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions and FortiProxy 7.0.0 through 7.0.6, 2.0 all versions, 1.2 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiOS/FortiProxy device and remote servers hosting threat feeds (when the latter are configured as Fabric connectors in FortiOS/FortiProxy)

CVSS3: 7.4
EPSS: Низкий
github логотип

GHSA-3p3f-hgmm-72qv

больше 3 лет назад

Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

EPSS: Низкий
github логотип

GHSA-3p3f-h63v-47c5

больше 3 лет назад

A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3p3f-cf7r-qqhf

почти 4 года назад

FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which allows local users to bypass intended access restrictions to cause a denial of service, obtain sensitive information, and possibly gain privileges.

EPSS: Низкий
github логотип

GHSA-3p3f-2jrx-f966

около 2 лет назад

Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3p3c-qfrw-wp9f

4 месяца назад

The Page Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the admin_process_widget_page_change function. This makes it possible for unauthenticated attackers to modify widget page block configurations via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-3p3c-hpcw-jjrv

больше 3 лет назад

In all Qualcomm products with Android releases from CAF using the Linux kernel, concurrent calls into ioctl RMNET_IOCTL_ADD_MUX_CHANNEL in ipa wan driver may lead to memory corruption due to missing locks.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3p3c-fq8f-wj3w

почти 4 года назад

Cross-site scripting (XSS) vulnerability in gallery.php in Captivate 1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter, which is reflected in an error message.

EPSS: Низкий
github логотип

GHSA-3p3c-7gwc-rw29

больше 1 года назад

Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3p39-7f4w-92pm

больше 3 лет назад

In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML page.

CVSS3: 6.1
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3p3p-qg5g-j2p5

SQL injection vulnerability in view.php in Butterfly Organizer 2.0.1 allows remote attackers to execute arbitrary SQL commands via the mytable parameter. NOTE: the id vector is covered by another CVE name.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3p3p-pvm7-cggr

Winston 1.5.4 devices are vulnerable to command injection via the API.

6%
Низкий
больше 3 лет назад
github логотип
GHSA-3p3p-cgj7-vgw3

RSSHub vulnerable to Server-Side Request Forgery

CVSS3: 6.5
1%
Низкий
почти 2 года назад
github логотип
GHSA-3p3m-mqcr-8mfw

Inappropriate implementation in Cast UI in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to spoof browser UI via a crafted HTML page. (Chromium security severity: Low)

CVSS3: 4.3
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3p3m-h26v-9r73

The Quectel RG502Q-EA modem before 2022-02-23 allow OS Command Injection.

CVSS3: 9.8
13%
Средний
больше 3 лет назад
github логотип
GHSA-3p3h-qghp-hvh2

Open Redirect in werkzeug

CVSS3: 6.1
1%
Низкий
почти 5 лет назад
github логотип
GHSA-3p3h-j9q4-q239

Incorrect access control in the firmware update and download processes of IVY Smart v4.5.0 allows attackers to access sensitive information by analyzing the code and data within the APK file.

CVSS3: 8.4
0%
Низкий
больше 1 года назад
github логотип
GHSA-3p3h-7wpm-9j2r

Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the function Pollers > Broker Configuration by adding a crafted payload into the name parameter.

CVSS3: 5.4
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3p3h-5g54-qmc8

ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code.

CVSS3: 9.8
0%
Низкий
больше 1 года назад
github логотип
GHSA-3p3g-vpw6-4w66

Authentication Bypass in hydra

CVSS3: 5.8
0%
Низкий
больше 4 лет назад
github логотип
GHSA-3p3g-v9c5-jwvw

An improper certificate validation vulnerability [CWE-295] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions and FortiProxy 7.0.0 through 7.0.6, 2.0 all versions, 1.2 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiOS/FortiProxy device and remote servers hosting threat feeds (when the latter are configured as Fabric connectors in FortiOS/FortiProxy)

CVSS3: 7.4
0%
Низкий
почти 3 года назад
github логотип
GHSA-3p3f-hgmm-72qv

Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3p3f-h63v-47c5

A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.

CVSS3: 5.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3p3f-cf7r-qqhf

FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which allows local users to bypass intended access restrictions to cause a denial of service, obtain sensitive information, and possibly gain privileges.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3p3f-2jrx-f966

Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS3: 5.5
0%
Низкий
около 2 лет назад
github логотип
GHSA-3p3c-qfrw-wp9f

The Page Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the admin_process_widget_page_change function. This makes it possible for unauthenticated attackers to modify widget page block configurations via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS3: 4.3
0%
Низкий
4 месяца назад
github логотип
GHSA-3p3c-hpcw-jjrv

In all Qualcomm products with Android releases from CAF using the Linux kernel, concurrent calls into ioctl RMNET_IOCTL_ADD_MUX_CHANNEL in ipa wan driver may lead to memory corruption due to missing locks.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3p3c-fq8f-wj3w

Cross-site scripting (XSS) vulnerability in gallery.php in Captivate 1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter, which is reflected in an error message.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3p3c-7gwc-rw29

Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

CVSS3: 7.8
1%
Низкий
больше 1 года назад
github логотип
GHSA-3p39-7f4w-92pm

In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML page.

CVSS3: 6.1
0%
Низкий
больше 3 лет назад

Уязвимостей на страницу