Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-3q7q-248p-fr45

почти 4 года назад

SQL injection vulnerability in viewcat.php in the WF-Links (wflinks) 1.03 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter.

EPSS: Низкий
github логотип

GHSA-3q7p-8frq-qm6c

больше 3 лет назад

An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120004 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an arbitrary write primitive that can lead to code execution or escalation of privileges.

EPSS: Низкий
github логотип

GHSA-3q7m-vm36-hj4m

больше 3 лет назад

Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3q7m-cr8v-q45g

почти 2 года назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Post Type Builder (PTB) allows Reflected XSS.This issue affects Post Type Builder (PTB): from n/a through 2.0.8.

CVSS3: 7.1
EPSS: Низкий
github логотип

GHSA-3q7m-4q8x-8gvg

почти 4 года назад

Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens.

EPSS: Низкий
github логотип

GHSA-3q7m-2c53-555m

около 1 года назад

A stored cross-site scripting (XSS) vulnerability in the Project name of REDCap through 15.0.0 allows authenticated users to inject malicious scripts into the name field of a Project. When a user clicks on the project name to access it, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-3q7h-hq7j-vcqg

почти 4 года назад

Squid Internet Object Cache 1.1.20 allows users to bypass access control lists (ACLs) by encoding the URL with hexadecimal escape sequences.

EPSS: Низкий
github логотип

GHSA-3q7g-rhcq-jgwp

больше 1 года назад

Improper conditions check in some Intel(R) Data Center GPU Max Series 1100 and 1550 products may allow a privileged user to potentially enable denial of service via local access.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3q7f-w8fr-368v

больше 3 лет назад

Cross-Site Request Forgery in Jenkins XPath Configuration Viewer Plugin

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-3q7c-mxc6-45v4

почти 3 года назад

The WCFM Marketplace plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.11 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying shipping method details, modifying products, deleting arbitrary posts, and more, via a forged request granted they can trick a site's administrator into performing an action such as clicking on a link.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3q79-wmhj-39pr

8 месяцев назад

The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries' caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher (Marc Montpas) escalated it to an Unauthenticated Stored XSS

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-3q79-qjgh-rgjv

12 месяцев назад

Nagios XI 2024R1.2.2 is susceptible to a stored Cross-Site Scripting (XSS) vulnerability in the Tools page. This flaw allows an attacker to inject malicious scripts into the Tools interface, which are then stored and executed in the context of other users accessing the page.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-3q79-gjf7-rwwf

больше 3 лет назад

ZStack is open source IaaS(infrastructure as a service) software aiming to automate datacenters, managing resources of compute, storage, and networking all by APIs. Affected versions of ZStack REST API are vulnerable to post-authentication Remote Code Execution (RCE) via bypass of the Groovy shell sandbox. The REST API exposes the GET zstack/v1/batch-queries?script endpoint which is backed up by the BatchQueryAction class. Messages are represented by the APIBatchQueryMsg, dispatched to the QueryFacadeImpl facade and handled by the BatchQuery class. The HTTP request parameter script is mapped to the APIBatchQueryMsg.script property and evaluated as a Groovy script in BatchQuery.query the evaluation of the user-controlled Groovy script is sandboxed by SandboxTransformer which will apply the restrictions defined in the registered (sandbox.register()) GroovyInterceptor. Even though the sandbox heavily restricts the receiver types to a small set of allowed types, the sandbox is non effec...

CVSS3: 9.9
EPSS: Низкий
github логотип

GHSA-3q79-7347-5532

10 месяцев назад

Deserialization of Untrusted Data vulnerability in djjmz Social Counter allows Object Injection. This issue affects Social Counter: from n/a through 2.0.5.

CVSS3: 7.2
EPSS: Низкий
github логотип

GHSA-3q78-4j93-p8qr

больше 1 года назад

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function.

CVSS3: 8
EPSS: Низкий
github логотип

GHSA-3q77-f5cm-vr2m

около 1 года назад

Insecure Permissions vulnerability in SecureSTATION v.2.5.5.3116-S50-SMA-B20160811A and before allows a physically proximate attacker to obtain sensitive information via the modification of user credentials.

CVSS3: 4.6
EPSS: Низкий
github логотип

GHSA-3q77-c23g-8p2h

больше 3 лет назад

A Reflected XSS was found in the server selection box inside the login page at: enginemanager/loginfailed.html in Wowza Streaming Engine <= 4.x.x.

EPSS: Низкий
github логотип

GHSA-3q77-54x6-434x

больше 1 года назад

Secure Boot Security Feature Bypass Vulnerability

CVSS3: 8
EPSS: Низкий
github логотип

GHSA-3q76-jq6m-573p

больше 2 лет назад

Archive_Tar contains Potential RCE if filename starts with phar://

CVSS3: 8.8
EPSS: Средний
github логотип

GHSA-3q76-jpjg-96ff

почти 3 года назад

A vulnerability in the bidirectional forwarding detection (BFD) hardware offload feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of malformed BFD packets that are received on line cards where the BFD hardware offload feature is enabled. An attacker could exploit this vulnerability by sending a crafted IPv4 BFD packet to an affected device. A successful exploit could allow the attacker to cause line card exceptions or a hard reset, resulting in loss of traffic over that line card while the line card reloads.

CVSS3: 7.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3q7q-248p-fr45

SQL injection vulnerability in viewcat.php in the WF-Links (wflinks) 1.03 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter.

2%
Низкий
почти 4 года назад
github логотип
GHSA-3q7p-8frq-qm6c

An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120004 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an arbitrary write primitive that can lead to code execution or escalation of privileges.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3q7m-vm36-hj4m

Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3q7m-cr8v-q45g

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Post Type Builder (PTB) allows Reflected XSS.This issue affects Post Type Builder (PTB): from n/a through 2.0.8.

CVSS3: 7.1
0%
Низкий
почти 2 года назад
github логотип
GHSA-3q7m-4q8x-8gvg

Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3q7m-2c53-555m

A stored cross-site scripting (XSS) vulnerability in the Project name of REDCap through 15.0.0 allows authenticated users to inject malicious scripts into the name field of a Project. When a user clicks on the project name to access it, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts.

CVSS3: 5.4
0%
Низкий
около 1 года назад
github логотип
GHSA-3q7h-hq7j-vcqg

Squid Internet Object Cache 1.1.20 allows users to bypass access control lists (ACLs) by encoding the URL with hexadecimal escape sequences.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3q7g-rhcq-jgwp

Improper conditions check in some Intel(R) Data Center GPU Max Series 1100 and 1550 products may allow a privileged user to potentially enable denial of service via local access.

CVSS3: 6.5
0%
Низкий
больше 1 года назад
github логотип
GHSA-3q7f-w8fr-368v

Cross-Site Request Forgery in Jenkins XPath Configuration Viewer Plugin

CVSS3: 4.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3q7c-mxc6-45v4

The WCFM Marketplace plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.11 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying shipping method details, modifying products, deleting arbitrary posts, and more, via a forged request granted they can trick a site's administrator into performing an action such as clicking on a link.

CVSS3: 8.8
0%
Низкий
почти 3 года назад
github логотип
GHSA-3q79-wmhj-39pr

The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries' caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher (Marc Montpas) escalated it to an Unauthenticated Stored XSS

CVSS3: 6.1
0%
Низкий
8 месяцев назад
github логотип
GHSA-3q79-qjgh-rgjv

Nagios XI 2024R1.2.2 is susceptible to a stored Cross-Site Scripting (XSS) vulnerability in the Tools page. This flaw allows an attacker to inject malicious scripts into the Tools interface, which are then stored and executed in the context of other users accessing the page.

CVSS3: 6.1
4%
Низкий
12 месяцев назад
github логотип
GHSA-3q79-gjf7-rwwf

ZStack is open source IaaS(infrastructure as a service) software aiming to automate datacenters, managing resources of compute, storage, and networking all by APIs. Affected versions of ZStack REST API are vulnerable to post-authentication Remote Code Execution (RCE) via bypass of the Groovy shell sandbox. The REST API exposes the GET zstack/v1/batch-queries?script endpoint which is backed up by the BatchQueryAction class. Messages are represented by the APIBatchQueryMsg, dispatched to the QueryFacadeImpl facade and handled by the BatchQuery class. The HTTP request parameter script is mapped to the APIBatchQueryMsg.script property and evaluated as a Groovy script in BatchQuery.query the evaluation of the user-controlled Groovy script is sandboxed by SandboxTransformer which will apply the restrictions defined in the registered (sandbox.register()) GroovyInterceptor. Even though the sandbox heavily restricts the receiver types to a small set of allowed types, the sandbox is non effec...

CVSS3: 9.9
2%
Низкий
больше 3 лет назад
github логотип
GHSA-3q79-7347-5532

Deserialization of Untrusted Data vulnerability in djjmz Social Counter allows Object Injection. This issue affects Social Counter: from n/a through 2.0.5.

CVSS3: 7.2
0%
Низкий
10 месяцев назад
github логотип
GHSA-3q78-4j93-p8qr

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function.

CVSS3: 8
0%
Низкий
больше 1 года назад
github логотип
GHSA-3q77-f5cm-vr2m

Insecure Permissions vulnerability in SecureSTATION v.2.5.5.3116-S50-SMA-B20160811A and before allows a physically proximate attacker to obtain sensitive information via the modification of user credentials.

CVSS3: 4.6
0%
Низкий
около 1 года назад
github логотип
GHSA-3q77-c23g-8p2h

A Reflected XSS was found in the server selection box inside the login page at: enginemanager/loginfailed.html in Wowza Streaming Engine <= 4.x.x.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3q77-54x6-434x

Secure Boot Security Feature Bypass Vulnerability

CVSS3: 8
2%
Низкий
больше 1 года назад
github логотип
GHSA-3q76-jq6m-573p

Archive_Tar contains Potential RCE if filename starts with phar://

CVSS3: 8.8
29%
Средний
больше 2 лет назад
github логотип
GHSA-3q76-jpjg-96ff

A vulnerability in the bidirectional forwarding detection (BFD) hardware offload feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of malformed BFD packets that are received on line cards where the BFD hardware offload feature is enabled. An attacker could exploit this vulnerability by sending a crafted IPv4 BFD packet to an affected device. A successful exploit could allow the attacker to cause line card exceptions or a hard reset, resulting in loss of traffic over that line card while the line card reloads.

CVSS3: 7.5
1%
Низкий
почти 3 года назад

Уязвимостей на страницу