Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-3grj-f27w-vx6x

больше 3 лет назад

Prospecta Master Data Online (MDO) allows CSRF.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3grj-6wj3-qgc3

больше 3 лет назад

Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the Primetime SDK functionality related to the profile metadata of the media stream. Successful exploitation could lead to arbitrary code execution.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3grh-xhcf-mgx4

больше 3 лет назад

An information-disclosure flaw was found in the way that gluster-block before 0.5.1 logs the output from gluster-block CLI operations. This includes recording passwords to the cmd_history.log file which is world-readable. This flaw allows local users to obtain sensitive information by reading the log file. The highest threat from this vulnerability is to data confidentiality.

EPSS: Низкий
github логотип

GHSA-3grg-fvvv-2qrm

9 месяцев назад

A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges. This vulnerability is due to insufficient validation of authorizations for authenticated users. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to elevate privileges to privilege level 15. To exploit this vulnerability, the attacker must have valid credentials for a user account with privilege level 5 or higher. Read-only DM users are assigned privilege level 5.

CVSS3: 8.3
EPSS: Низкий
github логотип

GHSA-3grg-4gwx-fp3c

больше 2 лет назад

VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.

CVSS3: 6.7
EPSS: Низкий
github логотип

GHSA-3grc-fgh6-g5gp

больше 7 лет назад

Directory Traversal in http_static_simple

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3grc-cj2m-fpc6

9 месяцев назад

Deserialization of Untrusted Data vulnerability in themeton Acerola allows Object Injection. This issue affects Acerola: from n/a through 1.6.5.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3gr9-x3xp-765c

больше 3 лет назад

The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted vendorLength field in an ogg file.

EPSS: Низкий
github логотип

GHSA-3gr9-x3j4-6cvh

больше 3 лет назад

Untrusted search path vulnerability in Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3gr8-wv6w-r2h8

больше 3 лет назад

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. The vulnerability is due to insufficient condition checks in the part of the code that handles CAPWAP keepalive requests. An attacker could exploit this vulnerability by sending a crafted CAPWAP keepalive packet to a vulnerable Cisco WLC device. A successful exploit could allow the attacker to retrieve the contents of device memory, which could lead to the disclosure of confidential information.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3gr8-qjqc-www6

больше 2 лет назад

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_first_name' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a a page containing the shortcode when the submission id is present in the query string. Note that getting the JavaScript to execute requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-3gr8-4rjx-crp8

около 1 года назад

File Upload vulnerability in change-image.php in Anuj Kumar's Boat Booking System version 1.0 allows local attackers to upload a malicious PHP script via the Image Upload Mechanism parameter.

CVSS3: 7.2
EPSS: Низкий
github логотип

GHSA-3gr7-wwrx-664v

больше 1 года назад

Out-of-bounds write in parsing h.264 format in a specific mode in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3gr6-26j4-g5xq

почти 2 года назад

D-Link DAP-2622 DDP Set Date-Time Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20086.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3gr5-qjr2-qff6

больше 3 лет назад

Untrusted search path vulnerability in ABB Panel Builder 800 5.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

CVSS3: 7.2
EPSS: Низкий
github логотип

GHSA-3gr5-mvfp-p295

больше 3 лет назад

Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3gr4-8q4g-6f4q

12 месяцев назад

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Distance Rate Shipping for WooCommerce allows Blind SQL Injection. This issue affects Distance Rate Shipping for WooCommerce: from n/a through 1.3.4.

CVSS3: 8.5
EPSS: Низкий
github логотип

GHSA-3gr3-rr4m-976p

около 1 года назад

Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3gr3-h64r-fqg7

больше 3 лет назад

The IPv6 implementation in Microsoft Windows 8, Windows Server 2012, and Windows RT does not properly validate packets, which allows remote attackers to cause a denial of service (system hang) via crafted ICMPv6 Router Advertisement packets, aka "TCP/IP Version 6 (IPv6) Denial of Service Vulnerability."

EPSS: Средний
github логотип

GHSA-3gr3-g4vv-xf2r

больше 3 лет назад

Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS3: 8.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3grj-f27w-vx6x

Prospecta Master Data Online (MDO) allows CSRF.

CVSS3: 6.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3grj-6wj3-qgc3

Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the Primetime SDK functionality related to the profile metadata of the media stream. Successful exploitation could lead to arbitrary code execution.

CVSS3: 9.8
2%
Низкий
больше 3 лет назад
github логотип
GHSA-3grh-xhcf-mgx4

An information-disclosure flaw was found in the way that gluster-block before 0.5.1 logs the output from gluster-block CLI operations. This includes recording passwords to the cmd_history.log file which is world-readable. This flaw allows local users to obtain sensitive information by reading the log file. The highest threat from this vulnerability is to data confidentiality.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3grg-fvvv-2qrm

A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges. This vulnerability is due to insufficient validation of authorizations for authenticated users. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to elevate privileges to privilege level 15. To exploit this vulnerability, the attacker must have valid credentials for a user account with privilege level 5 or higher. Read-only DM users are assigned privilege level 5.

CVSS3: 8.3
0%
Низкий
9 месяцев назад
github логотип
GHSA-3grg-4gwx-fp3c

VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.

CVSS3: 6.7
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3grc-fgh6-g5gp

Directory Traversal in http_static_simple

CVSS3: 7.5
1%
Низкий
больше 7 лет назад
github логотип
GHSA-3grc-cj2m-fpc6

Deserialization of Untrusted Data vulnerability in themeton Acerola allows Object Injection. This issue affects Acerola: from n/a through 1.6.5.

CVSS3: 9.8
0%
Низкий
9 месяцев назад
github логотип
GHSA-3gr9-x3xp-765c

The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted vendorLength field in an ogg file.

4%
Низкий
больше 3 лет назад
github логотип
GHSA-3gr9-x3j4-6cvh

Untrusted search path vulnerability in Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

CVSS3: 7.8
4%
Низкий
больше 3 лет назад
github логотип
GHSA-3gr8-wv6w-r2h8

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. The vulnerability is due to insufficient condition checks in the part of the code that handles CAPWAP keepalive requests. An attacker could exploit this vulnerability by sending a crafted CAPWAP keepalive packet to a vulnerable Cisco WLC device. A successful exploit could allow the attacker to retrieve the contents of device memory, which could lead to the disclosure of confidential information.

CVSS3: 7.5
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3gr8-qjqc-www6

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_first_name' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a a page containing the shortcode when the submission id is present in the query string. Note that getting the JavaScript to execute requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database.

CVSS3: 5.4
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3gr8-4rjx-crp8

File Upload vulnerability in change-image.php in Anuj Kumar's Boat Booking System version 1.0 allows local attackers to upload a malicious PHP script via the Image Upload Mechanism parameter.

CVSS3: 7.2
0%
Низкий
около 1 года назад
github логотип
GHSA-3gr7-wwrx-664v

Out-of-bounds write in parsing h.264 format in a specific mode in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.

CVSS3: 7.5
4%
Низкий
больше 1 года назад
github логотип
GHSA-3gr6-26j4-g5xq

D-Link DAP-2622 DDP Set Date-Time Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20086.

CVSS3: 8.8
2%
Низкий
почти 2 года назад
github логотип
GHSA-3gr5-qjr2-qff6

Untrusted search path vulnerability in ABB Panel Builder 800 5.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

CVSS3: 7.2
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3gr5-mvfp-p295

Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS3: 8.8
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3gr4-8q4g-6f4q

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Distance Rate Shipping for WooCommerce allows Blind SQL Injection. This issue affects Distance Rate Shipping for WooCommerce: from n/a through 1.3.4.

CVSS3: 8.5
0%
Низкий
12 месяцев назад
github логотип
GHSA-3gr3-rr4m-976p

Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.

CVSS3: 7.8
0%
Низкий
около 1 года назад
github логотип
GHSA-3gr3-h64r-fqg7

The IPv6 implementation in Microsoft Windows 8, Windows Server 2012, and Windows RT does not properly validate packets, which allows remote attackers to cause a denial of service (system hang) via crafted ICMPv6 Router Advertisement packets, aka "TCP/IP Version 6 (IPv6) Denial of Service Vulnerability."

45%
Средний
больше 3 лет назад
github логотип
GHSA-3gr3-g4vv-xf2r

Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS3: 8.8
2%
Низкий
больше 3 лет назад

Уязвимостей на страницу