Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 288 225

Количество 288 225

github логотип

GHSA-24fx-v9pv-mr36

около 3 лет назад

Shell Metacharacter Injection in www/modules/save.php in FruityWifi (aka PatatasFritas/PatataWifi) through 2.4 allows remote attackers to execute arbitrary code with root privileges via a crafted mod_name parameter in a POST request. NOTE: unlike in CVE-2018-17317, the attacker does not need a valid session.

CVSS3: 9.8
EPSS: Средний
github логотип

GHSA-24fx-4wrx-3r7g

больше 3 лет назад

The avast! Mobile Security application before 2.0.4400 for Android allows attackers to cause a denial of service (application crash) via a crafted application that sends an intent to com.avast.android.mobilesecurity.app.scanner.DeleteFileActivity with zero arguments.

EPSS: Низкий
github логотип

GHSA-24fw-p524-4547

больше 3 лет назад

Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote authenticated users to execute arbitrary code via a long argument in a SEARCH ON command. NOTE: this issue might overlap with CVE-2004-1211.

EPSS: Низкий
github логотип

GHSA-24fv-mmr6-7gc5

около 3 лет назад

Adobe Shockwave versions 12.2.7.197 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to escalation of privilege.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-24fr-xcq3-rqjr

больше 3 лет назад

The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA back-up code implementation that logs users in upon success. This affects versions up to, and including, 1.2.5.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-24fq-qhc2-ccp5

больше 1 года назад

A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnlist.php, in the deleted parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.

CVSS3: 7.1
EPSS: Низкий
github логотип

GHSA-24fp-3vjc-ghg3

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in index.php in the Sirius 1.0 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).

EPSS: Низкий
github логотип

GHSA-24fm-5qww-3rxw

около 3 лет назад

Freeway 1.5 Alpha allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/Freeway/boxes/last_product.php and certain other files.

EPSS: Низкий
github логотип

GHSA-24fj-mqgp-74gr

6 месяцев назад

A vulnerability classified as problematic has been found in code-projects Wazifa System 1.0. Affected is the function searchuser of the file /search_resualts.php. The manipulation of the argument firstname/lastname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. There is a typo in the affected file name.

CVSS3: 3.5
EPSS: Низкий
github логотип

GHSA-24fj-8r25-f374

около 3 лет назад

A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52856.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-24fj-8422-2v9w

больше 3 лет назад

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability."

CVSS3: 7.1
EPSS: Низкий
github логотип

GHSA-24fj-279j-cvw2

больше 3 лет назад

Codesys Profinet in version V4.2.0.0 is prone to null pointer dereference that allows a denial of service (DoS) attack of an unauthenticated user via SNMP.

EPSS: Низкий
github логотип

GHSA-24fh-vxfp-5g6v

около 3 лет назад

Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, allows attackers with certain database privileges to cause a denial of service (inaccessible page) via a non-ASCII character in the name of a link.

EPSS: Низкий
github логотип

GHSA-24fh-2pfj-hp74

около 3 лет назад

A vulnerability in the Simple Network Management Protocol version 3 (SNMPv3) access control functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to query SNMP data. This vulnerability is due to ineffective access control. An attacker could exploit this vulnerability by sending an SNMPv3 query to an affected device from a host that is not permitted by the SNMPv3 access control list. A successful exploit could allow the attacker to send an SNMP query to an affected device and retrieve information from the device. The attacker would need valid credentials to perform the SNMP query.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-24fg-p96v-hxh8

почти 8 лет назад

actionpack Cross-Site Request Forgery vulnerability

EPSS: Низкий
github логотип

GHSA-24fg-6vgc-ccxv

около 3 лет назад

SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-24ff-pr42-8q5w

больше 3 лет назад

user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the full path via a ' (quote) character, and possibly other invalid values, in the uname parameter in a userinfo operation.

EPSS: Низкий
github логотип

GHSA-24ff-5f5g-gx6c

около 3 лет назад

IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137448.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-24fc-4fxj-fj82

около 2 лет назад

In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible

CVSS3: 4.6
EPSS: Низкий
github логотип

GHSA-24f9-34c8-68cp

больше 3 лет назад

Directory traversal vulnerability in story.pl in Interactive Story 1.3 allows a remote attacker to read arbitrary files via a .. (dot dot) attack on the "next" parameter.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-24fx-v9pv-mr36

Shell Metacharacter Injection in www/modules/save.php in FruityWifi (aka PatatasFritas/PatataWifi) through 2.4 allows remote attackers to execute arbitrary code with root privileges via a crafted mod_name parameter in a POST request. NOTE: unlike in CVE-2018-17317, the attacker does not need a valid session.

CVSS3: 9.8
13%
Средний
около 3 лет назад
github логотип
GHSA-24fx-4wrx-3r7g

The avast! Mobile Security application before 2.0.4400 for Android allows attackers to cause a denial of service (application crash) via a crafted application that sends an intent to com.avast.android.mobilesecurity.app.scanner.DeleteFileActivity with zero arguments.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-24fw-p524-4547

Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote authenticated users to execute arbitrary code via a long argument in a SEARCH ON command. NOTE: this issue might overlap with CVE-2004-1211.

10%
Низкий
больше 3 лет назад
github логотип
GHSA-24fv-mmr6-7gc5

Adobe Shockwave versions 12.2.7.197 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to escalation of privilege.

CVSS3: 7.8
2%
Низкий
около 3 лет назад
github логотип
GHSA-24fr-xcq3-rqjr

The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA back-up code implementation that logs users in upon success. This affects versions up to, and including, 1.2.5.

CVSS3: 9.8
3%
Низкий
больше 3 лет назад
github логотип
GHSA-24fq-qhc2-ccp5

A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnlist.php, in the deleted parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.

CVSS3: 7.1
0%
Низкий
больше 1 года назад
github логотип
GHSA-24fp-3vjc-ghg3

Cross-site scripting (XSS) vulnerability in index.php in the Sirius 1.0 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).

0%
Низкий
больше 3 лет назад
github логотип
GHSA-24fm-5qww-3rxw

Freeway 1.5 Alpha allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/Freeway/boxes/last_product.php and certain other files.

0%
Низкий
около 3 лет назад
github логотип
GHSA-24fj-mqgp-74gr

A vulnerability classified as problematic has been found in code-projects Wazifa System 1.0. Affected is the function searchuser of the file /search_resualts.php. The manipulation of the argument firstname/lastname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. There is a typo in the affected file name.

CVSS3: 3.5
0%
Низкий
6 месяцев назад
github логотип
GHSA-24fj-8r25-f374

A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52856.

CVSS3: 5.3
0%
Низкий
около 3 лет назад
github логотип
GHSA-24fj-8422-2v9w

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability."

CVSS3: 7.1
2%
Низкий
больше 3 лет назад
github логотип
GHSA-24fj-279j-cvw2

Codesys Profinet in version V4.2.0.0 is prone to null pointer dereference that allows a denial of service (DoS) attack of an unauthenticated user via SNMP.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-24fh-vxfp-5g6v

Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, allows attackers with certain database privileges to cause a denial of service (inaccessible page) via a non-ASCII character in the name of a link.

0%
Низкий
около 3 лет назад
github логотип
GHSA-24fh-2pfj-hp74

A vulnerability in the Simple Network Management Protocol version 3 (SNMPv3) access control functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to query SNMP data. This vulnerability is due to ineffective access control. An attacker could exploit this vulnerability by sending an SNMPv3 query to an affected device from a host that is not permitted by the SNMPv3 access control list. A successful exploit could allow the attacker to send an SNMP query to an affected device and retrieve information from the device. The attacker would need valid credentials to perform the SNMP query.

CVSS3: 5.3
0%
Низкий
около 3 лет назад
github логотип
GHSA-24fg-p96v-hxh8

actionpack Cross-Site Request Forgery vulnerability

1%
Низкий
почти 8 лет назад
github логотип
GHSA-24fg-6vgc-ccxv

SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter.

CVSS3: 6.5
1%
Низкий
около 3 лет назад
github логотип
GHSA-24ff-pr42-8q5w

user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the full path via a ' (quote) character, and possibly other invalid values, in the uname parameter in a userinfo operation.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-24ff-5f5g-gx6c

IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137448.

CVSS3: 5.4
0%
Низкий
около 3 лет назад
github логотип
GHSA-24fc-4fxj-fj82

In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible

CVSS3: 4.6
0%
Низкий
около 2 лет назад
github логотип
GHSA-24f9-34c8-68cp

Directory traversal vulnerability in story.pl in Interactive Story 1.3 allows a remote attacker to read arbitrary files via a .. (dot dot) attack on the "next" parameter.

7%
Низкий
больше 3 лет назад

Уязвимостей на страницу