Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-3mv4-6x34-qw3c

больше 3 лет назад

A floating point exception (divide-by-zero) issue was discovered in SoX in functon read_samples() of voc.c file. An attacker with a crafted file, could cause an application to crash.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3mv4-59rc-qvqm

больше 3 лет назад

WordPress before 5.2.3 allows XSS in post previews by authenticated users.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-3mv3-2f4g-87xm

почти 3 года назад

Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3mrx-hx45-5865

около 1 года назад

Windows USB Video Class System Driver Elevation of Privilege Vulnerability

CVSS3: 6.8
EPSS: Низкий
github логотип

GHSA-3mrx-5p8g-6q5j

больше 3 лет назад

PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors related "serialized data and the last part of the concatenated filename," which creates a file in webroot.

CVSS3: 9.8
EPSS: Средний
github логотип

GHSA-3mrx-4wfm-g48p

почти 3 года назад

An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page.

CVSS3: 6.5
EPSS: Средний
github логотип

GHSA-3mrv-v95f-r4rx

около 4 лет назад

AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3mrv-3jj9-w487

больше 3 лет назад

The Allow SVG Files WordPress plugin through 1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-3mrr-qqw5-mqj9

больше 3 лет назад

The School Manage System, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Path Traversal, allowing attackers to access arbitrary files.

EPSS: Низкий
github логотип

GHSA-3mrr-pqw6-73rq

больше 3 лет назад

Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) _action parameter to group.php or (2) user.php or the (3) location_id parameter to photos.php in php/.

EPSS: Низкий
github логотип

GHSA-3mrr-p6xc-ff4f

около 1 года назад

Cross-Site Request Forgery (CSRF) vulnerability in Somethinkodd.com Development Team EmailShroud allows Reflected XSS.This issue affects EmailShroud: from n/a through 2.2.1.

CVSS3: 7.1
EPSS: Низкий
github логотип

GHSA-3mrr-j3vc-rx62

почти 4 года назад

Multiple directory traversal vulnerabilities in MODx Content Management System 0.9.6.1 allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the as_language parameter to assets/snippets/AjaxSearch/AjaxSearch.php, reached through index-ajax.php; and (2) read arbitrary local files via a .. (dot dot) in the file parameter to assets/js/htcmime.php.

EPSS: Низкий
github логотип

GHSA-3mrr-cw9q-727m

почти 2 года назад

Liferay Vulnerable to Open Redirect via Adaptive Media Administration Page

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-3mrr-8phg-3qw7

больше 3 лет назад

An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. /cgi-bin/support/killps.cgi deletes all data from the device.

EPSS: Средний
github логотип

GHSA-3mrp-wph9-cw58

больше 3 лет назад

Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNames(window). Sites that deploy a sandboxing that depends on enumerating and freezing access to the window object may miss this, allowing their sandboxes to be bypassed. This vulnerability affects Firefox < 68.

CVSS3: 8.3
EPSS: Низкий
github логотип

GHSA-3mrp-qhcj-mwv5

больше 3 лет назад

Duplicate Advisory: Node CLI Allows Arbitrary File Overwrite

CVSS3: 3.5
EPSS: Низкий
github логотип

GHSA-3mrp-3hmp-9cg3

больше 3 лет назад

Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a container with bind mount. Once such a container is spawned, it can be leveraged to break out of the container leading to complete Docker host machine takeover.

EPSS: Низкий
github логотип

GHSA-3mrm-rr7c-34fm

больше 3 лет назад

A vulnerability in one of the diagnostic test CLI commands on Cisco Industrial Ethernet 4010 Series Switches running Cisco IOS Software could allow an authenticated, local attacker to impact the stability of the device. This could result in arbitrary code execution or a denial of service (DoS) condition. The attacker has to have valid user credentials at privilege level 15. The vulnerability is due to a diagnostic test CLI command that allows the attacker to write to the device memory. An attacker could exploit this vulnerability by authenticating to the targeted device and issuing a specific diagnostic test command at the CLI. An exploit could allow the attacker to overwrite system memory locations, which could have a negative impact on the stability of the device. Cisco Bug IDs: CSCvf71150.

CVSS3: 6.7
EPSS: Низкий
github логотип

GHSA-3mrj-9cq7-57cc

почти 4 года назад

move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system.

EPSS: Низкий
github логотип

GHSA-3mrh-hhw4-729x

почти 4 года назад

Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3mv4-6x34-qw3c

A floating point exception (divide-by-zero) issue was discovered in SoX in functon read_samples() of voc.c file. An attacker with a crafted file, could cause an application to crash.

CVSS3: 5.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3mv4-59rc-qvqm

WordPress before 5.2.3 allows XSS in post previews by authenticated users.

CVSS3: 5.4
4%
Низкий
больше 3 лет назад
github логотип
GHSA-3mv3-2f4g-87xm

Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution.

CVSS3: 7.8
0%
Низкий
почти 3 года назад
github логотип
GHSA-3mrx-hx45-5865

Windows USB Video Class System Driver Elevation of Privilege Vulnerability

CVSS3: 6.8
0%
Низкий
около 1 года назад
github логотип
GHSA-3mrx-5p8g-6q5j

PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors related "serialized data and the last part of the concatenated filename," which creates a file in webroot.

CVSS3: 9.8
47%
Средний
больше 3 лет назад
github логотип
GHSA-3mrx-4wfm-g48p

An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page.

CVSS3: 6.5
21%
Средний
почти 3 года назад
github логотип
GHSA-3mrv-v95f-r4rx

AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c.

CVSS3: 6.5
0%
Низкий
около 4 лет назад
github логотип
GHSA-3mrv-3jj9-w487

The Allow SVG Files WordPress plugin through 1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads

CVSS3: 5.4
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3mrr-qqw5-mqj9

The School Manage System, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Path Traversal, allowing attackers to access arbitrary files.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3mrr-pqw6-73rq

Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) _action parameter to group.php or (2) user.php or the (3) location_id parameter to photos.php in php/.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3mrr-p6xc-ff4f

Cross-Site Request Forgery (CSRF) vulnerability in Somethinkodd.com Development Team EmailShroud allows Reflected XSS.This issue affects EmailShroud: from n/a through 2.2.1.

CVSS3: 7.1
0%
Низкий
около 1 года назад
github логотип
GHSA-3mrr-j3vc-rx62

Multiple directory traversal vulnerabilities in MODx Content Management System 0.9.6.1 allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the as_language parameter to assets/snippets/AjaxSearch/AjaxSearch.php, reached through index-ajax.php; and (2) read arbitrary local files via a .. (dot dot) in the file parameter to assets/js/htcmime.php.

9%
Низкий
почти 4 года назад
github логотип
GHSA-3mrr-cw9q-727m

Liferay Vulnerable to Open Redirect via Adaptive Media Administration Page

CVSS3: 6.1
0%
Низкий
почти 2 года назад
github логотип
GHSA-3mrr-8phg-3qw7

An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. /cgi-bin/support/killps.cgi deletes all data from the device.

41%
Средний
больше 3 лет назад
github логотип
GHSA-3mrp-wph9-cw58

Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNames(window). Sites that deploy a sandboxing that depends on enumerating and freezing access to the window object may miss this, allowing their sandboxes to be bypassed. This vulnerability affects Firefox < 68.

CVSS3: 8.3
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3mrp-qhcj-mwv5

Duplicate Advisory: Node CLI Allows Arbitrary File Overwrite

CVSS3: 3.5
больше 3 лет назад
github логотип
GHSA-3mrp-3hmp-9cg3

Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a container with bind mount. Once such a container is spawned, it can be leveraged to break out of the container leading to complete Docker host machine takeover.

5%
Низкий
больше 3 лет назад
github логотип
GHSA-3mrm-rr7c-34fm

A vulnerability in one of the diagnostic test CLI commands on Cisco Industrial Ethernet 4010 Series Switches running Cisco IOS Software could allow an authenticated, local attacker to impact the stability of the device. This could result in arbitrary code execution or a denial of service (DoS) condition. The attacker has to have valid user credentials at privilege level 15. The vulnerability is due to a diagnostic test CLI command that allows the attacker to write to the device memory. An attacker could exploit this vulnerability by authenticating to the targeted device and issuing a specific diagnostic test command at the CLI. An exploit could allow the attacker to overwrite system memory locations, which could have a negative impact on the stability of the device. Cisco Bug IDs: CSCvf71150.

CVSS3: 6.7
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3mrj-9cq7-57cc

move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system.

7%
Низкий
почти 4 года назад
github логотип
GHSA-3mrh-hhw4-729x

Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie.

0%
Низкий
почти 4 года назад

Уязвимостей на страницу