Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-3pvr-773m-5pcf

почти 4 года назад

Insecure method vulnerability in the ImeraIEPlugin ActiveX control (ImeraIEPlugin.dll 1.0.2.54) in Imera TeamLinks Client allows remote attackers to force the download and execution of arbitrary URLs via modified DownloadProtocol, DownloadHost, DownloadPort, and DownloadURI parameters.

EPSS: Низкий
github логотип

GHSA-3pvr-6w33-f6vc

больше 3 лет назад

Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts "subscriber table passwords," (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts "subscriber table passwords."

EPSS: Низкий
github логотип

GHSA-3pvr-5fcv-fj5r

больше 3 лет назад

Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3pvq-p4gr-34c3

почти 4 года назад

The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation".

EPSS: Средний
github логотип

GHSA-3pvq-6579-r4pj

около 3 лет назад

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_exw, at 0x9d01b20c, the value for the `id` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.

CVSS3: 9.9
EPSS: Низкий
github логотип

GHSA-3pvp-q92h-992c

больше 3 лет назад

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpdr_process() that results in an information leak.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3pvm-rcw8-28wj

больше 3 лет назад

An unhandled memory allocation failure in Core/AP4IkmsAtom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS).

EPSS: Низкий
github логотип

GHSA-3pvm-hf79-jr5w

больше 3 лет назад

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. Cisco Bug IDs: CSCvg70904.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-3pvm-h88r-3692

больше 3 лет назад

cPanel before 60.0.25 allows attackers to discover file contents during file copy operations (SEC-185).

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3pvj-q7qj-89fg

7 месяцев назад

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.

CVSS3: 5
EPSS: Низкий
github логотип

GHSA-3pvj-gf5m-rhhf

около 1 года назад

MapUrlToZone Security Feature Bypass Vulnerability

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-3pvh-h2xv-4jw7

почти 2 года назад

PDF-XChange Editor PNG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNG files. Crafted data in a PNG file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18663.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3pvh-8v83-x7v2

больше 3 лет назад

Allowing long password leads to denial of service in polonel/trudesk in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3pvh-4h3w-f294

больше 3 лет назад

There is an invalid free in ReadImage in input-bmp.ci that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3pvh-38hr-8x7c

больше 3 лет назад

The Trend Controls IC protocol through 2022-05-06 allows Cleartext Transmission of Sensitive Information. According to FSCT-2022-0050, there is a Trend Controls Inter-Controller (IC) protocol cleartext transmission of credentials issue. The affected components are characterized as: Inter-Controller (IC) protocol (57612/UDP). The potential impact is: Compromise of credentials. Several Trend Controls building automation controllers utilize the Inter-Controller (IC) protocol in for information exchange and automation purposes. This protocol offers authentication in the form of a 4-digit PIN in order to protect access to sensitive operations like strategy uploads and downloads as well as optional 0-30 character username and password protection for web page access protection. Both the PIN and usernames and passwords are transmitted in cleartext, allowing an attacker with passive interception capabilities to obtain these credentials. Credentials are transmitted in cleartext. An attacker w...

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3pvg-8h3w-fc9m

больше 3 лет назад

Various Lexmark products have stored XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US.

EPSS: Низкий
github логотип

GHSA-3pvf-vxc3-wr36

больше 3 лет назад

Cross-site request forgery (CSRF) vulnerability in news/admin.php in N-13 News 3.4, 3.7, and 4.0 allows remote attackers to hijack the authentication of administrators for requests that create new users via the options action. NOTE: some of these details are obtained from third party information.

EPSS: Низкий
github логотип

GHSA-3pvf-9jm4-6vxf

около 2 лет назад

An issue in urban_project mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-3pvf-92c7-q7p5

больше 1 года назад

Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3pvf-8762-r99w

почти 4 года назад

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability."

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3pvr-773m-5pcf

Insecure method vulnerability in the ImeraIEPlugin ActiveX control (ImeraIEPlugin.dll 1.0.2.54) in Imera TeamLinks Client allows remote attackers to force the download and execution of arbitrary URLs via modified DownloadProtocol, DownloadHost, DownloadPort, and DownloadURI parameters.

4%
Низкий
почти 4 года назад
github логотип
GHSA-3pvr-6w33-f6vc

Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts "subscriber table passwords," (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts "subscriber table passwords."

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3pvr-5fcv-fj5r

Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package.

CVSS3: 7.5
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3pvq-p4gr-34c3

The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation".

11%
Средний
почти 4 года назад
github логотип
GHSA-3pvq-6579-r4pj

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_exw, at 0x9d01b20c, the value for the `id` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.

CVSS3: 9.9
0%
Низкий
около 3 лет назад
github логотип
GHSA-3pvp-q92h-992c

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpdr_process() that results in an information leak.

CVSS3: 7.5
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3pvm-rcw8-28wj

An unhandled memory allocation failure in Core/AP4IkmsAtom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS).

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3pvm-hf79-jr5w

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. Cisco Bug IDs: CSCvg70904.

CVSS3: 6.1
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3pvm-h88r-3692

cPanel before 60.0.25 allows attackers to discover file contents during file copy operations (SEC-185).

CVSS3: 6.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3pvj-q7qj-89fg

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.

CVSS3: 5
0%
Низкий
7 месяцев назад
github логотип
GHSA-3pvj-gf5m-rhhf

MapUrlToZone Security Feature Bypass Vulnerability

CVSS3: 4.3
0%
Низкий
около 1 года назад
github логотип
GHSA-3pvh-h2xv-4jw7

PDF-XChange Editor PNG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNG files. Crafted data in a PNG file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18663.

CVSS3: 7.8
3%
Низкий
почти 2 года назад
github логотип
GHSA-3pvh-8v83-x7v2

Allowing long password leads to denial of service in polonel/trudesk in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.

CVSS3: 6.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3pvh-4h3w-f294

There is an invalid free in ReadImage in input-bmp.ci that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.

CVSS3: 9.8
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3pvh-38hr-8x7c

The Trend Controls IC protocol through 2022-05-06 allows Cleartext Transmission of Sensitive Information. According to FSCT-2022-0050, there is a Trend Controls Inter-Controller (IC) protocol cleartext transmission of credentials issue. The affected components are characterized as: Inter-Controller (IC) protocol (57612/UDP). The potential impact is: Compromise of credentials. Several Trend Controls building automation controllers utilize the Inter-Controller (IC) protocol in for information exchange and automation purposes. This protocol offers authentication in the form of a 4-digit PIN in order to protect access to sensitive operations like strategy uploads and downloads as well as optional 0-30 character username and password protection for web page access protection. Both the PIN and usernames and passwords are transmitted in cleartext, allowing an attacker with passive interception capabilities to obtain these credentials. Credentials are transmitted in cleartext. An attacker w...

CVSS3: 6.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3pvg-8h3w-fc9m

Various Lexmark products have stored XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3pvf-vxc3-wr36

Cross-site request forgery (CSRF) vulnerability in news/admin.php in N-13 News 3.4, 3.7, and 4.0 allows remote attackers to hijack the authentication of administrators for requests that create new users via the options action. NOTE: some of these details are obtained from third party information.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3pvf-9jm4-6vxf

An issue in urban_project mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

CVSS3: 5.3
0%
Низкий
около 2 лет назад
github логотип
GHSA-3pvf-92c7-q7p5

Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability

CVSS3: 5.5
3%
Низкий
больше 1 года назад
github логотип
GHSA-3pvf-8762-r99w

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability."

1%
Низкий
почти 4 года назад

Уязвимостей на страницу