Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 212

Количество 314 212

github логотип

GHSA-3m66-pp93-mgcg

почти 4 года назад

Directory traversal vulnerability in includes/xml.php in the Netenberg Fantastico De Luxe module before 2.10.4 r19 for cPanel, when cPanel PHP Register Globals is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) or absolute pathname in the fantasticopath parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

EPSS: Низкий
github логотип

GHSA-3m66-g4vg-fpcq

больше 3 лет назад

An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI. This affects Superfecta through 13.0.4.7, 14.x through 14.0.24, and 15.x through 15.0.2.20.

EPSS: Низкий
github логотип

GHSA-3m65-xvh4-3hm8

больше 1 года назад

A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Network traffic may leak outside a VPN tunnel.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3m65-86mg-45wp

почти 3 года назад

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16171.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3m64-v24q-w9wr

больше 3 лет назад

Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33754, CVE-2021-33780, CVE-2021-34494, CVE-2021-34525.

CVSS3: 8
EPSS: Низкий
github логотип

GHSA-3m64-mc9g-274w

больше 3 лет назад

An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind time-based SQL Injection. The vulnerable parameter is param1.

EPSS: Высокий
github логотип

GHSA-3m64-79r5-56f2

около 1 года назад

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3m63-4rwc-c6p8

около 1 года назад

A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function sub_40662C of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-3m5x-qv26-v6mr

больше 2 лет назад

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3m5x-89wr-x574

больше 3 лет назад

The cloudformation-compatible API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and (1) create a stack via the CreateStack method or (2) update a stack via the UpdateStack method.

EPSS: Низкий
github логотип

GHSA-3m5v-mwj4-jp69

4 месяца назад

The Classified Pro theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'cwp_addons_update_plugin_cb' function in all versions up to, and including, 1.0.14. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins on the affected site's server which may make remote code execution possible. Note: The required nonce for the vulnerability is in the CubeWP Framework plugin.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3m5v-crmw-qqfm

больше 3 лет назад

SQL injection vulnerability in customprofile.php in 2daybiz Matrimonial Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

EPSS: Низкий
github логотип

GHSA-3m5r-wc67-jg8m

почти 4 года назад

Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers to execute arbitrary code via a TFTP request with a long filename.

EPSS: Низкий
github логотип

GHSA-3m5r-vf35-8v65

больше 3 лет назад

A stored cross site scripting (XSS) vulnerability in the /sys/attachment/uploaderServlet component of Landray EKP V12.0.9.R.20160325 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG, SHTML, or MHT file.

EPSS: Низкий
github логотип

GHSA-3m5q-q39v-xf8f

больше 2 лет назад

nocodb SQL Injection vulnerability

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3m5q-4mj3-9362

почти 4 года назад

pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file.

EPSS: Низкий
github логотип

GHSA-3m5m-x34p-6vq4

больше 1 года назад

memory corruption when an invalid firehose patch command is invoked.

CVSS3: 6.8
EPSS: Низкий
github логотип

GHSA-3m5j-rg6q-w4gv

больше 2 лет назад

SQL Injection (SQLi) vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3m5j-r9wr-wr68

больше 3 лет назад

The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-3m5j-q5c3-cr8m

почти 4 года назад

Monkey's Audio before 4.02 allows remote attackers to cause a denial of service (application crash) via a malformed APE file.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3m66-pp93-mgcg

Directory traversal vulnerability in includes/xml.php in the Netenberg Fantastico De Luxe module before 2.10.4 r19 for cPanel, when cPanel PHP Register Globals is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) or absolute pathname in the fantasticopath parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

9%
Низкий
почти 4 года назад
github логотип
GHSA-3m66-g4vg-fpcq

An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI. This affects Superfecta through 13.0.4.7, 14.x through 14.0.24, and 15.x through 15.0.2.20.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3m65-xvh4-3hm8

A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Network traffic may leak outside a VPN tunnel.

CVSS3: 7.5
0%
Низкий
больше 1 года назад
github логотип
GHSA-3m65-86mg-45wp

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16171.

CVSS3: 7.8
2%
Низкий
почти 3 года назад
github логотип
GHSA-3m64-v24q-w9wr

Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33754, CVE-2021-33780, CVE-2021-34494, CVE-2021-34525.

CVSS3: 8
8%
Низкий
больше 3 лет назад
github логотип
GHSA-3m64-mc9g-274w

An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind time-based SQL Injection. The vulnerable parameter is param1.

89%
Высокий
больше 3 лет назад
github логотип
GHSA-3m64-79r5-56f2

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue.

CVSS3: 7.5
0%
Низкий
около 1 года назад
github логотип
GHSA-3m63-4rwc-c6p8

A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function sub_40662C of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 4.3
0%
Низкий
около 1 года назад
github логотип
GHSA-3m5x-qv26-v6mr

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVSS3: 6.5
7%
Низкий
больше 2 лет назад
github логотип
GHSA-3m5x-89wr-x574

The cloudformation-compatible API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and (1) create a stack via the CreateStack method or (2) update a stack via the UpdateStack method.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3m5v-mwj4-jp69

The Classified Pro theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'cwp_addons_update_plugin_cb' function in all versions up to, and including, 1.0.14. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins on the affected site's server which may make remote code execution possible. Note: The required nonce for the vulnerability is in the CubeWP Framework plugin.

CVSS3: 8.8
0%
Низкий
4 месяца назад
github логотип
GHSA-3m5v-crmw-qqfm

SQL injection vulnerability in customprofile.php in 2daybiz Matrimonial Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3m5r-wc67-jg8m

Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers to execute arbitrary code via a TFTP request with a long filename.

5%
Низкий
почти 4 года назад
github логотип
GHSA-3m5r-vf35-8v65

A stored cross site scripting (XSS) vulnerability in the /sys/attachment/uploaderServlet component of Landray EKP V12.0.9.R.20160325 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG, SHTML, or MHT file.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3m5q-q39v-xf8f

nocodb SQL Injection vulnerability

CVSS3: 6.5
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3m5q-4mj3-9362

pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3m5m-x34p-6vq4

memory corruption when an invalid firehose patch command is invoked.

CVSS3: 6.8
0%
Низкий
больше 1 года назад
github логотип
GHSA-3m5j-rg6q-w4gv

SQL Injection (SQLi) vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.

CVSS3: 8.8
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3m5j-r9wr-wr68

The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode.

CVSS3: 5.4
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3m5j-q5c3-cr8m

Monkey's Audio before 4.02 allows remote attackers to cause a denial of service (application crash) via a malformed APE file.

0%
Низкий
почти 4 года назад

Уязвимостей на страницу