Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-3mrg-xv6v-4r9j

больше 3 лет назад

service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command.

EPSS: Средний
github логотип

GHSA-3mrg-mh24-hx37

почти 2 года назад

Missing Authorization vulnerability in appsbd Vitepos.This issue affects Vitepos: from n/a through 3.0.1.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-3mrf-mhch-542p

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters.

EPSS: Средний
github логотип

GHSA-3mrf-6r8f-wh4j

почти 4 года назад

USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code execution because of /v2/quantum/save-data-upload-big-file Java deserialization. NOTE: this is not an Oracle Corporation product.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3mrc-6j78-v932

почти 3 года назад

A vulnerability, which was classified as problematic, has been found in Jianming Antivirus 16.2.2022.418. Affected by this issue is some unknown functionality in the library kvcore.sys of the component IoControlCode Handler. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224012.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3mr8-x6wp-2wc6

3 месяца назад

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research.  We recommend all Web Help Desk customers apply the patch, which is now available.  We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3mr8-9w83-x659

больше 3 лет назад

Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field. .

CVSS3: 8.8
EPSS: Средний
github логотип

GHSA-3mr8-75r8-g586

около 1 месяца назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vernon Systems Limited eHive Search ehive-search allows Reflected XSS.This issue affects eHive Search: from n/a through <= 2.5.0.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-3mr8-6hjm-446f

больше 3 лет назад

The DNS query log in Pi-hole before 5.2.2 is vulnerable to stored XSS. An attacker with the ability to directly or indirectly query DNS with a malicious hostname can cause arbitrary JavaScript to execute when the Pi-hole administrator visits the Query Log or Long-term data Query Log page.

EPSS: Низкий
github логотип

GHSA-3mr7-v482-7rj9

11 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix null pointer dereference of pointer perfmon In the unlikely event that pointer perfmon is null the WARN_ON return path occurs after the pointer has already been deferenced. Fix this by only dereferencing perfmon after it has been null checked.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3mr5-fmfr-f954

больше 3 лет назад

PHPJabbers Night Club Booking Software has stored XSS in the name parameter in the reservations tab.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-3mr3-hmmq-cq24

8 месяцев назад

A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been rated as critical. This issue affects the function formRoute of the file /boafrm/formRoute. The manipulation of the argument subnet leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3mr3-f7hf-395x

больше 1 года назад

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Tutor LMS allows Path Traversal.This issue affects Tutor LMS: from n/a through 2.7.1.

CVSS3: 4.9
EPSS: Низкий
github логотип

GHSA-3mr3-3p23-6j2j

почти 4 года назад

Buffer overflow in the fun_ladd function in funmath.cpp in TinyMUX before 20070126 might allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors related to lists of numbers.

EPSS: Средний
github логотип

GHSA-3mr2-8x9w-g877

больше 3 лет назад

dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library.

EPSS: Низкий
github логотип

GHSA-3mqx-wvrm-6827

больше 3 лет назад

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

EPSS: Низкий
github логотип

GHSA-3mqx-q3cf-pfj3

больше 3 лет назад

UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System (UCS) through 3.0(2d) allow local users to obtain OS root access via crafted CLI input, aka Bug ID CSCuz91263.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3mqx-hc7r-v3c4

больше 3 лет назад

An uncontrolled resource consumption flaw has been discovered in redhat-certification in the way documents are loaded. A remote attacker may provide an existing but invalid XML file which would be opened and never closed, possibly producing a Denial of Service.

CVSS3: 6.2
EPSS: Низкий
github логотип

GHSA-3mqx-ggcf-qxwg

около 2 лет назад

An integer overflow vulnerability exists in the LXT2 lxt2_rd_trace value elements allocation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3mqx-4h5c-2wjr

больше 1 года назад

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Creative Motion, Will Bontrager Software, LLC Woody ad snippets allows Stored XSS.This issue affects Woody ad snippets: from n/a through 2.4.10.

CVSS3: 5.9
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3mrg-xv6v-4r9j

service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command.

13%
Средний
больше 3 лет назад
github логотип
GHSA-3mrg-mh24-hx37

Missing Authorization vulnerability in appsbd Vitepos.This issue affects Vitepos: from n/a through 3.0.1.

CVSS3: 4.3
0%
Низкий
почти 2 года назад
github логотип
GHSA-3mrf-mhch-542p

Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters.

14%
Средний
больше 3 лет назад
github логотип
GHSA-3mrf-6r8f-wh4j

USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code execution because of /v2/quantum/save-data-upload-big-file Java deserialization. NOTE: this is not an Oracle Corporation product.

CVSS3: 8.8
2%
Низкий
почти 4 года назад
github логотип
GHSA-3mrc-6j78-v932

A vulnerability, which was classified as problematic, has been found in Jianming Antivirus 16.2.2022.418. Affected by this issue is some unknown functionality in the library kvcore.sys of the component IoControlCode Handler. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224012.

CVSS3: 5.5
0%
Низкий
почти 3 года назад
github логотип
GHSA-3mr8-x6wp-2wc6

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research.  We recommend all Web Help Desk customers apply the patch, which is now available.  We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.

CVSS3: 9.8
5%
Низкий
3 месяца назад
github логотип
GHSA-3mr8-9w83-x659

Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field. .

CVSS3: 8.8
10%
Средний
больше 3 лет назад
github логотип
GHSA-3mr8-75r8-g586

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vernon Systems Limited eHive Search ehive-search allows Reflected XSS.This issue affects eHive Search: from n/a through <= 2.5.0.

CVSS3: 6.1
0%
Низкий
около 1 месяца назад
github логотип
GHSA-3mr8-6hjm-446f

The DNS query log in Pi-hole before 5.2.2 is vulnerable to stored XSS. An attacker with the ability to directly or indirectly query DNS with a malicious hostname can cause arbitrary JavaScript to execute when the Pi-hole administrator visits the Query Log or Long-term data Query Log page.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3mr7-v482-7rj9

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix null pointer dereference of pointer perfmon In the unlikely event that pointer perfmon is null the WARN_ON return path occurs after the pointer has already been deferenced. Fix this by only dereferencing perfmon after it has been null checked.

CVSS3: 5.5
0%
Низкий
11 месяцев назад
github логотип
GHSA-3mr5-fmfr-f954

PHPJabbers Night Club Booking Software has stored XSS in the name parameter in the reservations tab.

CVSS3: 6.1
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3mr3-hmmq-cq24

A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been rated as critical. This issue affects the function formRoute of the file /boafrm/formRoute. The manipulation of the argument subnet leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 8.8
0%
Низкий
8 месяцев назад
github логотип
GHSA-3mr3-f7hf-395x

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Tutor LMS allows Path Traversal.This issue affects Tutor LMS: from n/a through 2.7.1.

CVSS3: 4.9
1%
Низкий
больше 1 года назад
github логотип
GHSA-3mr3-3p23-6j2j

Buffer overflow in the fun_ladd function in funmath.cpp in TinyMUX before 20070126 might allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors related to lists of numbers.

21%
Средний
почти 4 года назад
github логотип
GHSA-3mr2-8x9w-g877

dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3mqx-wvrm-6827

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

3%
Низкий
больше 3 лет назад
github логотип
GHSA-3mqx-q3cf-pfj3

UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System (UCS) through 3.0(2d) allow local users to obtain OS root access via crafted CLI input, aka Bug ID CSCuz91263.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3mqx-hc7r-v3c4

An uncontrolled resource consumption flaw has been discovered in redhat-certification in the way documents are loaded. A remote attacker may provide an existing but invalid XML file which would be opened and never closed, possibly producing a Denial of Service.

CVSS3: 6.2
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3mqx-ggcf-qxwg

An integer overflow vulnerability exists in the LXT2 lxt2_rd_trace value elements allocation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability.

CVSS3: 7.8
0%
Низкий
около 2 лет назад
github логотип
GHSA-3mqx-4h5c-2wjr

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Creative Motion, Will Bontrager Software, LLC Woody ad snippets allows Stored XSS.This issue affects Woody ad snippets: from n/a through 2.4.10.

CVSS3: 5.9
0%
Низкий
больше 1 года назад

Уязвимостей на страницу