Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-3jpq-2j9m-x6ww

почти 4 года назад

Squid proxy server 2.4 and earlier allows remote attackers to cause a denial of service (crash) via a mkdir-only FTP PUT request.

EPSS: Средний
github логотип

GHSA-3jpp-jwvr-524v

больше 3 лет назад

Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template.

EPSS: Низкий
github логотип

GHSA-3jpj-5qjm-m8r4

больше 3 лет назад

Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3jph-mf5x-3hp7

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in File Station in QNAP QTS before 4.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-3jph-fh2f-xg46

4 месяца назад

Rejected reason: Not used

EPSS: Низкий
github логотип

GHSA-3jph-25vj-7g8w

почти 4 года назад

SQL injection vulnerability in Benders Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by the (1) year, (2) month, and (3) day parameters.

EPSS: Низкий
github логотип

GHSA-3jpg-j7r7-3wm6

почти 4 года назад

Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local users to execute arbitrary code by calling wall with a large file as an argument.

EPSS: Низкий
github логотип

GHSA-3jpf-c526-5cw2

почти 3 года назад

AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-3jpf-3f2w-hm6f

7 месяцев назад

The WPBakery Visual Composer WHMCS Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's void_wbwhmcse_laouts_search shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-3jpc-cj42-xvx2

3 месяца назад

A flaw has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. This impacts an unknown function of the file /user/controller.php. Executing manipulation can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.

CVSS3: 7.3
EPSS: Низкий
github логотип

GHSA-3jpc-c4hr-jcph

больше 3 лет назад

Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors related to refusals.

EPSS: Низкий
github логотип

GHSA-3jpc-997v-x927

больше 3 лет назад

A vulnerability has been identified in Mendix Applications using Mendix 9 (All versions >= V9.11 < V9.15), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.3). An expression injection vulnerability was discovered in the Workflow subsystem of Mendix Runtime, that can affect the running applications. The vulnerability could allow a malicious user to leak sensitive information in a certain configuration.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3jp8-9qj5-8cv3

около 3 лет назад

The Ibtana WordPress plugin before 1.1.8.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-3jp7-w958-xwmc

больше 1 года назад

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Bravada bravada allows Stored XSS.This issue affects Bravada: from n/a through 1.1.2.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3jp7-w7p7-xq57

почти 4 года назад

Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies).

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3jp7-754v-mg2q

около 3 лет назад

In ccd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326547; Issue ID: ALPS07326547.

CVSS3: 6.4
EPSS: Низкий
github логотип

GHSA-3jp6-x76c-r4fv

больше 3 лет назад

A Use-after-Free issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Specially crafted .dpb files could exploit a use-after-free vulnerability.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3jp6-q9cg-rvgj

больше 3 лет назад

Missing permission check in Jenkins build-publisher Plugin

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-3jp5-5f8r-q2wg

около 2 месяцев назад

Vuetify has a Prototype Pollution vulnerability

CVSS3: 8.6
EPSS: Низкий
github логотип

GHSA-3jp4-jf35-6mq4

больше 3 лет назад

IBM Security Guardium 11.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196315.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3jpq-2j9m-x6ww

Squid proxy server 2.4 and earlier allows remote attackers to cause a denial of service (crash) via a mkdir-only FTP PUT request.

24%
Средний
почти 4 года назад
github логотип
GHSA-3jpp-jwvr-524v

Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3jpj-5qjm-m8r4

Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected.

CVSS3: 6.5
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3jph-mf5x-3hp7

Cross-site scripting (XSS) vulnerability in File Station in QNAP QTS before 4.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS3: 6.1
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3jph-fh2f-xg46

Rejected reason: Not used

4 месяца назад
github логотип
GHSA-3jph-25vj-7g8w

SQL injection vulnerability in Benders Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by the (1) year, (2) month, and (3) day parameters.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3jpg-j7r7-3wm6

Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local users to execute arbitrary code by calling wall with a large file as an argument.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3jpf-c526-5cw2

AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0.

CVSS3: 6.1
0%
Низкий
почти 3 года назад
github логотип
GHSA-3jpf-3f2w-hm6f

The WPBakery Visual Composer WHMCS Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's void_wbwhmcse_laouts_search shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS3: 5.4
0%
Низкий
7 месяцев назад
github логотип
GHSA-3jpc-cj42-xvx2

A flaw has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. This impacts an unknown function of the file /user/controller.php. Executing manipulation can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.

CVSS3: 7.3
0%
Низкий
3 месяца назад
github логотип
GHSA-3jpc-c4hr-jcph

Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors related to refusals.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3jpc-997v-x927

A vulnerability has been identified in Mendix Applications using Mendix 9 (All versions >= V9.11 < V9.15), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.3). An expression injection vulnerability was discovered in the Workflow subsystem of Mendix Runtime, that can affect the running applications. The vulnerability could allow a malicious user to leak sensitive information in a certain configuration.

CVSS3: 6.5
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3jp8-9qj5-8cv3

The Ibtana WordPress plugin before 1.1.8.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack

CVSS3: 5.4
0%
Низкий
около 3 лет назад
github логотип
GHSA-3jp7-w958-xwmc

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Bravada bravada allows Stored XSS.This issue affects Bravada: from n/a through 1.1.2.

CVSS3: 6.5
0%
Низкий
больше 1 года назад
github логотип
GHSA-3jp7-w7p7-xq57

Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies).

CVSS3: 9.8
1%
Низкий
почти 4 года назад
github логотип
GHSA-3jp7-754v-mg2q

In ccd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326547; Issue ID: ALPS07326547.

CVSS3: 6.4
0%
Низкий
около 3 лет назад
github логотип
GHSA-3jp6-x76c-r4fv

A Use-after-Free issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Specially crafted .dpb files could exploit a use-after-free vulnerability.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3jp6-q9cg-rvgj

Missing permission check in Jenkins build-publisher Plugin

CVSS3: 4.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3jp5-5f8r-q2wg

Vuetify has a Prototype Pollution vulnerability

CVSS3: 8.6
0%
Низкий
около 2 месяцев назад
github логотип
GHSA-3jp4-jf35-6mq4

IBM Security Guardium 11.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196315.

0%
Низкий
больше 3 лет назад

Уязвимостей на страницу