Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-3pmh-24wp-xpf4

около 2 месяцев назад

Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-3pmf-hv4c-6384

6 месяцев назад

The Easy restaurant menu manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the nsc_eprm_save_menu() function. This makes it possible for unauthenticated attackers to upload a menu file via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-3pmf-5hr9-r9r6

12 месяцев назад

Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 were discovered to store passwords in plaintext.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3pmc-r5wv-mxp3

больше 3 лет назад

Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the file in /data.

EPSS: Низкий
github логотип

GHSA-3pm8-h8w8-chv6

больше 3 лет назад

UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack.

EPSS: Низкий
github логотип

GHSA-3pm6-mjgp-f4mr

больше 2 лет назад

A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as critical. This issue affects some unknown processing of the file login.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The identifier VDB-243617 was assigned to this vulnerability.

CVSS3: 7.3
EPSS: Низкий
github логотип

GHSA-3pm5-qmcr-c546

больше 3 лет назад

Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the userName parameter in the local user creation functionality. This is fixed in version 2.6.1_Windows.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-3pm5-9xjq-m3q6

почти 4 года назад

Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3, allow remote attackers to execute arbitrary code via a crafted parameter size.

EPSS: Средний
github логотип

GHSA-3pm4-p625-gqmh

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in the lz_tracking_set_sessid function in templates/jscript/jstrack.tpl in LiveZilla 3.2.0.2 allows remote attackers to inject arbitrary web script or HTML via the livezilla parameter in a track action to server.php.

EPSS: Низкий
github логотип

GHSA-3pm4-j65g-c8hx

12 месяцев назад

The Forminator Forms WordPress plugin before 1.38.3 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVSS3: 4.8
EPSS: Низкий
github логотип

GHSA-3pm4-hp5q-g8qj

больше 3 лет назад

cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request.

EPSS: Низкий
github логотип

GHSA-3pm4-f769-q6pg

больше 3 лет назад

The Login Window component in Apple OS X before 10.11 does not ensure that the screen is locked at the intended time, which allows physically proximate attackers to obtain access by visiting an unattended workstation.

EPSS: Низкий
github логотип

GHSA-3pm4-9c7g-c576

почти 2 года назад

A vulnerability was found in Campcodes Online Job Finder System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/applicants/index.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257387.

CVSS3: 6.3
EPSS: Низкий
github логотип

GHSA-3pm3-vpvc-2wpp

почти 3 года назад

OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.

CVSS3: 9.8
EPSS: Критический
github логотип

GHSA-3pm3-qxfx-hhfp

больше 3 лет назад

The monetize plugin through 1.03 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=monetize-zones-new.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3pm3-j3ch-958q

больше 3 лет назад

Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3pjx-73rp-9mcr

больше 3 лет назад

The PFE daemon in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service via an unspecified connection request to the "host-OS."

EPSS: Низкий
github логотип

GHSA-3pjx-2q2j-9q65

почти 2 года назад

An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows path traversal.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3pjw-h9v6-f5x8

больше 3 лет назад

spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3pjv-vr3x-68m5

больше 3 лет назад

The uncleYiba/photo_tag repository through 2020-08-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

CVSS3: 9.3
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3pmh-24wp-xpf4

Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)

CVSS3: 4.3
0%
Низкий
около 2 месяцев назад
github логотип
GHSA-3pmf-hv4c-6384

The Easy restaurant menu manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the nsc_eprm_save_menu() function. This makes it possible for unauthenticated attackers to upload a menu file via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS3: 4.3
0%
Низкий
6 месяцев назад
github логотип
GHSA-3pmf-5hr9-r9r6

Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 were discovered to store passwords in plaintext.

CVSS3: 7.5
0%
Низкий
12 месяцев назад
github логотип
GHSA-3pmc-r5wv-mxp3

Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the file in /data.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3pm8-h8w8-chv6

UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3pm6-mjgp-f4mr

A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as critical. This issue affects some unknown processing of the file login.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The identifier VDB-243617 was assigned to this vulnerability.

CVSS3: 7.3
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3pm5-qmcr-c546

Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the userName parameter in the local user creation functionality. This is fixed in version 2.6.1_Windows.

CVSS3: 5.4
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3pm5-9xjq-m3q6

Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3, allow remote attackers to execute arbitrary code via a crafted parameter size.

31%
Средний
почти 4 года назад
github логотип
GHSA-3pm4-p625-gqmh

Cross-site scripting (XSS) vulnerability in the lz_tracking_set_sessid function in templates/jscript/jstrack.tpl in LiveZilla 3.2.0.2 allows remote attackers to inject arbitrary web script or HTML via the livezilla parameter in a track action to server.php.

5%
Низкий
больше 3 лет назад
github логотип
GHSA-3pm4-j65g-c8hx

The Forminator Forms WordPress plugin before 1.38.3 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVSS3: 4.8
0%
Низкий
12 месяцев назад
github логотип
GHSA-3pm4-hp5q-g8qj

cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request.

4%
Низкий
больше 3 лет назад
github логотип
GHSA-3pm4-f769-q6pg

The Login Window component in Apple OS X before 10.11 does not ensure that the screen is locked at the intended time, which allows physically proximate attackers to obtain access by visiting an unattended workstation.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3pm4-9c7g-c576

A vulnerability was found in Campcodes Online Job Finder System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/applicants/index.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257387.

CVSS3: 6.3
0%
Низкий
почти 2 года назад
github логотип
GHSA-3pm3-vpvc-2wpp

OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.

CVSS3: 9.8
93%
Критический
почти 3 года назад
github логотип
GHSA-3pm3-qxfx-hhfp

The monetize plugin through 1.03 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=monetize-zones-new.

CVSS3: 6.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3pm3-j3ch-958q

Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection.

CVSS3: 8.8
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3pjx-73rp-9mcr

The PFE daemon in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service via an unspecified connection request to the "host-OS."

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3pjx-2q2j-9q65

An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows path traversal.

CVSS3: 9.8
0%
Низкий
почти 2 года назад
github логотип
GHSA-3pjw-h9v6-f5x8

spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak.

CVSS3: 8.8
2%
Низкий
больше 3 лет назад
github логотип
GHSA-3pjv-vr3x-68m5

The uncleYiba/photo_tag repository through 2020-08-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

CVSS3: 9.3
0%
Низкий
больше 3 лет назад

Уязвимостей на страницу