Количество 312 573
Количество 312 573
GHSA-3mmj-mrr2-5rmx
Million Dollar Text Links 1.0 does not properly restrict administrator access to admin.home.php, which allows remote attackers to bypass intended restrictions and gain privileges via a direct request to admin.home.php after visiting admin.php.
GHSA-3mmj-45hw-28gw
Unspecified vulnerability in Oracle VM VirtualBox 3.0, 3.1, 3.2, and 4.0 through 4.0.8 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Guest Additions for Windows.
GHSA-3mmh-vq9w-4c3g
Microweber vulnerable to Reflected Cross-site Scripting
GHSA-3mmh-h28h-wgxq
The “WooLentor – WooCommerce Elementor Addons + Builder� WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
GHSA-3mmf-7v44-cphp
The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c.
GHSA-3mmf-6wp6-5hfj
Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9.
GHSA-3mmf-29wp-jc9p
An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other malicious activities. The issue is fixed in pyload-ng 0.5.0b3.dev79.
GHSA-3mmc-w8vq-jvw8
EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to list arbitrary directories via an HTTP request for a directory that ends in a "." (trailing dot).
GHSA-3mm9-2p44-rw39
Silverstripe SiteTree Creation Permission Vulnerability
GHSA-3mm6-vwmh-qm9c
The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows an attacker to perform a Man in the Middle attack.
GHSA-3mm6-mv5c-6hfv
LastPass prior to 2.5.1 has an insecure PIN implementation.
GHSA-3mm6-hc5r-p5rx
Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).
GHSA-3mm6-4hpm-pgrc
Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature. This can be exploited to disable all security plugins on the blog.
GHSA-3mm5-rh7g-ph5j
A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. The vulnerability was addressed by escaping individual arguments to shell functions coming from user input.
GHSA-3mm5-fxrj-9334
SQL injection vulnerability in standings.php in Elite Gaming Ladders 3.5 allows remote attackers to execute arbitrary SQL commands via the ladder[id] parameter.
GHSA-3mm4-w7v6-4rhv
android-gif-drawable vulerable to denial of service due to unrestricted comment length
GHSA-3mm4-v52x-x9rw
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
GHSA-3mm4-jwgr-q6c5
Directory traversal vulnerability in the FTP client in AceFTP Freeware 3.80.3 and AceFTP Pro 3.80.3 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345.
GHSA-3mm3-wfpv-q85g
Clerk-js vulnerable to bypass of OAuth authentication flow by manipulating request at OTP verification stage
GHSA-3mm3-c684-p47h
The server in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.5 does not properly process certificate chains, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-3mmj-mrr2-5rmx Million Dollar Text Links 1.0 does not properly restrict administrator access to admin.home.php, which allows remote attackers to bypass intended restrictions and gain privileges via a direct request to admin.home.php after visiting admin.php. | 1% Низкий | почти 4 года назад | ||
GHSA-3mmj-45hw-28gw Unspecified vulnerability in Oracle VM VirtualBox 3.0, 3.1, 3.2, and 4.0 through 4.0.8 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Guest Additions for Windows. | 0% Низкий | больше 3 лет назад | ||
GHSA-3mmh-vq9w-4c3g Microweber vulnerable to Reflected Cross-site Scripting | CVSS3: 6.1 | 0% Низкий | около 3 лет назад | |
GHSA-3mmh-h28h-wgxq The “WooLentor – WooCommerce Elementor Addons + Builderâ€? WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | 0% Низкий | больше 3 лет назад | ||
GHSA-3mmf-7v44-cphp The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c. | 0% Низкий | больше 3 лет назад | ||
GHSA-3mmf-6wp6-5hfj Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9. | CVSS3: 8.8 | 1% Низкий | почти 3 года назад | |
GHSA-3mmf-29wp-jc9p An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other malicious activities. The issue is fixed in pyload-ng 0.5.0b3.dev79. | CVSS3: 4.6 | 0% Низкий | около 1 года назад | |
GHSA-3mmc-w8vq-jvw8 EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to list arbitrary directories via an HTTP request for a directory that ends in a "." (trailing dot). | 0% Низкий | почти 4 года назад | ||
GHSA-3mm9-2p44-rw39 Silverstripe SiteTree Creation Permission Vulnerability | CVSS3: 7.5 | больше 1 года назад | ||
GHSA-3mm6-vwmh-qm9c The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows an attacker to perform a Man in the Middle attack. | CVSS3: 5.9 | 0% Низкий | больше 3 лет назад | |
GHSA-3mm6-mv5c-6hfv LastPass prior to 2.5.1 has an insecure PIN implementation. | 0% Низкий | почти 4 года назад | ||
GHSA-3mm6-hc5r-p5rx Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password). | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад | |
GHSA-3mm6-4hpm-pgrc Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature. This can be exploited to disable all security plugins on the blog. | CVSS3: 6.5 | 0% Низкий | больше 3 лет назад | |
GHSA-3mm5-rh7g-ph5j A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. The vulnerability was addressed by escaping individual arguments to shell functions coming from user input. | CVSS3: 9.8 | 1% Низкий | около 4 лет назад | |
GHSA-3mm5-fxrj-9334 SQL injection vulnerability in standings.php in Elite Gaming Ladders 3.5 allows remote attackers to execute arbitrary SQL commands via the ladder[id] parameter. | 0% Низкий | больше 3 лет назад | ||
GHSA-3mm4-w7v6-4rhv android-gif-drawable vulerable to denial of service due to unrestricted comment length | CVSS3: 7.5 | 0% Низкий | около 4 лет назад | |
GHSA-3mm4-v52x-x9rw WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 3% Низкий | больше 3 лет назад | ||
GHSA-3mm4-jwgr-q6c5 Directory traversal vulnerability in the FTP client in AceFTP Freeware 3.80.3 and AceFTP Pro 3.80.3 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. | 2% Низкий | больше 3 лет назад | ||
GHSA-3mm3-wfpv-q85g Clerk-js vulnerable to bypass of OAuth authentication flow by manipulating request at OTP verification stage | CVSS3: 7.5 | 3 месяца назад | ||
GHSA-3mm3-c684-p47h The server in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.5 does not properly process certificate chains, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу