Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-3j44-xcrg-v77q

почти 4 года назад

SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary SQL commands via the selectedCal parameter in a SwitchCal action.

EPSS: Низкий
github логотип

GHSA-3j44-rhhg-r43v

около 1 года назад

The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.1. This is due to missing nonce validation on the reset_installation() function. This makes it possible for unauthenticated attackers to reset the plugin’s installation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-3j43-xpjr-wv7j

больше 3 лет назад

D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/passwd permissions.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3j43-whpc-237r

больше 3 лет назад

The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote authenticated users to execute arbitrary commands via shell metacharacters, as demonstrated by the IP address field in config_date_time.cgi.

EPSS: Низкий
github логотип

GHSA-3j43-9v8v-cp3f

10 месяцев назад

Apollo Router Query Validation Vulnerable to Excessive Resource Consumption via Named Fragment Processing

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3j43-3g85-j77v

больше 3 лет назад

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. This vulnerability is due to insufficient protection of sensitive participant information. An attacker could exploit this vulnerability by browsing the Webex roster. A successful exploit could allow the attacker to gather information about other Webex participants, such as email address and IP address, while waiting in the lobby.

EPSS: Низкий
github логотип

GHSA-3j3x-vgx3-q5cg

больше 3 лет назад

An issue was discovered on August Connect devices. Insecure data transfer between the August app and August Connect during configuration allows attackers to discover home Wi-Fi credentials. This data transfer uses an unencrypted access point for these credentials, and passes them in an HTTP POST, using the AugustWifiDevice class, with data encrypted with a fixed key found obfuscated in the app.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3j3x-mwxq-3rh3

почти 4 года назад

sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query information by setting the sql_debug parameter to (1) index.php and (2) modules.php.

EPSS: Низкий
github логотип

GHSA-3j3x-mggm-xh6q

больше 3 лет назад

Memory leak in the virtio_gpu_set_scanout function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (memory consumption) via a large number of "VIRTIO_GPU_CMD_SET_SCANOUT:" commands.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3j3x-f853-j95p

около 3 лет назад

A vulnerability was found in ForumHulp searchresults. It has been rated as critical. Affected by this issue is the function list_keywords of the file event/listener.php. The manipulation of the argument word leads to sql injection. The name of the patch is dd8a312bb285ad9735a8e1da58e9e955837b7322. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217628.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3j3w-w8v5-3rch

больше 3 лет назад

Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. This occurs because the database containing the users of the web application and the password-recovery secret value is readable.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3j3v-7f8f-v2xp

больше 3 лет назад

Jenkins Aqua Security Scanner Plugin stores credentials in plain text

CVSS3: 3.3
EPSS: Низкий
github логотип

GHSA-3j3r-8qhc-763h

больше 1 года назад

A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3j3r-3g82-m9xh

почти 4 года назад

Buffer overflow in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to execute arbitrary code via a long server name field.

EPSS: Средний
github логотип

GHSA-3j3p-jmq2-47r9

больше 3 лет назад

An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a Popup_SLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text to a .vbs file.

CVSS3: 9.8
EPSS: Средний
github логотип

GHSA-3j3p-9qrf-3242

больше 3 лет назад

messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value.

EPSS: Низкий
github логотип

GHSA-3j3m-xc65-2xvg

около 2 лет назад

The ARMember plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "Default Restriction" feature and view restricted post content.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-3j3m-66xm-qv3v

больше 1 года назад

A vulnerability classified as critical has been found in SourceCodester Lot Reservation Management System 1.0. Affected is an unknown function of the file /admin/index.php?page=manage_lot. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273150 is the identifier assigned to this vulnerability.

CVSS3: 6.3
EPSS: Низкий
github логотип

GHSA-3j3m-56xj-93qf

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in login.jsp in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to inject arbitrary web script or HTML via the url parameter.

EPSS: Низкий
github логотип

GHSA-3j3j-cj56-29p8

больше 3 лет назад

** DISPUTED ** p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted Mach-O file, related to canPack and unpack functions. NOTE: the vendor has stated "there is no security implication whatsoever."

CVSS3: 7.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3j44-xcrg-v77q

SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary SQL commands via the selectedCal parameter in a SwitchCal action.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3j44-rhhg-r43v

The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.1. This is due to missing nonce validation on the reset_installation() function. This makes it possible for unauthenticated attackers to reset the plugin’s installation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS3: 5.4
0%
Низкий
около 1 года назад
github логотип
GHSA-3j43-xpjr-wv7j

D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/passwd permissions.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3j43-whpc-237r

The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote authenticated users to execute arbitrary commands via shell metacharacters, as demonstrated by the IP address field in config_date_time.cgi.

3%
Низкий
больше 3 лет назад
github логотип
GHSA-3j43-9v8v-cp3f

Apollo Router Query Validation Vulnerable to Excessive Resource Consumption via Named Fragment Processing

CVSS3: 7.5
0%
Низкий
10 месяцев назад
github логотип
GHSA-3j43-3g85-j77v

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. This vulnerability is due to insufficient protection of sensitive participant information. An attacker could exploit this vulnerability by browsing the Webex roster. A successful exploit could allow the attacker to gather information about other Webex participants, such as email address and IP address, while waiting in the lobby.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3j3x-vgx3-q5cg

An issue was discovered on August Connect devices. Insecure data transfer between the August app and August Connect during configuration allows attackers to discover home Wi-Fi credentials. This data transfer uses an unencrypted access point for these credentials, and passes them in an HTTP POST, using the AugustWifiDevice class, with data encrypted with a fixed key found obfuscated in the app.

CVSS3: 9.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3j3x-mwxq-3rh3

sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query information by setting the sql_debug parameter to (1) index.php and (2) modules.php.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3j3x-mggm-xh6q

Memory leak in the virtio_gpu_set_scanout function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (memory consumption) via a large number of "VIRTIO_GPU_CMD_SET_SCANOUT:" commands.

CVSS3: 5.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3j3x-f853-j95p

A vulnerability was found in ForumHulp searchresults. It has been rated as critical. Affected by this issue is the function list_keywords of the file event/listener.php. The manipulation of the argument word leads to sql injection. The name of the patch is dd8a312bb285ad9735a8e1da58e9e955837b7322. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217628.

CVSS3: 9.8
1%
Низкий
около 3 лет назад
github логотип
GHSA-3j3w-w8v5-3rch

Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. This occurs because the database containing the users of the web application and the password-recovery secret value is readable.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3j3v-7f8f-v2xp

Jenkins Aqua Security Scanner Plugin stores credentials in plain text

CVSS3: 3.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3j3r-8qhc-763h

A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products.

CVSS3: 7.5
0%
Низкий
больше 1 года назад
github логотип
GHSA-3j3r-3g82-m9xh

Buffer overflow in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to execute arbitrary code via a long server name field.

19%
Средний
почти 4 года назад
github логотип
GHSA-3j3p-jmq2-47r9

An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a Popup_SLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text to a .vbs file.

CVSS3: 9.8
18%
Средний
больше 3 лет назад
github логотип
GHSA-3j3p-9qrf-3242

messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3j3m-xc65-2xvg

The ARMember plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "Default Restriction" feature and view restricted post content.

CVSS3: 5.3
0%
Низкий
около 2 лет назад
github логотип
GHSA-3j3m-66xm-qv3v

A vulnerability classified as critical has been found in SourceCodester Lot Reservation Management System 1.0. Affected is an unknown function of the file /admin/index.php?page=manage_lot. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273150 is the identifier assigned to this vulnerability.

CVSS3: 6.3
0%
Низкий
больше 1 года назад
github логотип
GHSA-3j3m-56xj-93qf

Cross-site scripting (XSS) vulnerability in login.jsp in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to inject arbitrary web script or HTML via the url parameter.

5%
Низкий
больше 3 лет назад
github логотип
GHSA-3j3j-cj56-29p8

** DISPUTED ** p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted Mach-O file, related to canPack and unpack functions. NOTE: the vendor has stated "there is no security implication whatsoever."

CVSS3: 7.8
0%
Низкий
больше 3 лет назад

Уязвимостей на страницу