Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-3gp3-gf57-5q6x

около 1 года назад

The PDF Builder for WooCommerce. Create invoices,packing slips and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.2.136 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-3gp2-q8q7-chf9

больше 3 лет назад

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A man in the middle can recover a system's Personal Key when a client attempts to make a LAN connection. The Personal Key is transmitted over the network while only being encrypted via a substitution cipher.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-3gp2-fxr9-ph7v

больше 3 лет назад

Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 in admin/changedata.php via the redirect_url parameter and the headers_sent function.

EPSS: Низкий
github логотип

GHSA-3gmx-64g9-pc2q

больше 3 лет назад

Use-after-free vulnerability in the accessibility feature in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

EPSS: Низкий
github логотип

GHSA-3gmx-3pqv-qcgj

больше 3 лет назад

ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values, the security of the device is reduced, and it may face the risk of attack.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3gmw-m22w-rmhw

почти 4 года назад

Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability."

EPSS: Средний
github логотип

GHSA-3gmw-94gw-rjrr

больше 3 лет назад

Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS).

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-3gmv-r52p-22c8

больше 3 лет назад

TitanHQ WebTitan Gateway has incorrect certificate validation for the TLS interception feature.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3gmv-cppr-wxpg

больше 3 лет назад

Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3gmr-wv4w-9w4q

больше 3 лет назад

Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3gmr-q2mv-97r5

почти 4 года назад

clogin.php in Benchmark Designs' WHM AutoPilot 2.4.5 and earlier allows remote attackers to obtain plaintext username and password credentials by using the clogin_e and base64_encode functions to encode the desired user ID in the c parameter, then read the plaintext values in the resulting form.

EPSS: Низкий
github логотип

GHSA-3gmq-p7p4-9w39

больше 3 лет назад

Cisco IOS XR 4.1.2 through 5.1.1 on ASR 9000 devices, when a Trident-based line card is used, allows remote attackers to cause a denial of service (NP chip and line card reload) via malformed IPv6 packets, aka Bug ID CSCun71928.

EPSS: Низкий
github логотип

GHSA-3gmq-723w-c34c

больше 3 лет назад

SQL injection vulnerability in Employee/login.asp in Pre ASP Job Board allows remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password parameters, as reachable from Employee/emp_login.asp. NOTE: some of these details are obtained from third party information.

EPSS: Низкий
github логотип

GHSA-3gmp-5h5f-57v9

больше 3 лет назад

In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages.

EPSS: Низкий
github логотип

GHSA-3gmp-3578-r3cq

больше 3 лет назад

The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-6104.

EPSS: Средний
github логотип

GHSA-3gmm-234w-hj94

больше 3 лет назад

The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8689.

CVSS3: 7
EPSS: Низкий
github логотип

GHSA-3gmh-m5h5-5234

больше 3 лет назад

NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-3gmg-v9xp-m3jg

больше 2 лет назад

A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3gmg-v746-gxcr

больше 3 лет назад

Unspecified vulnerability in HP Easy Deploy, as distributed standalone and in HP Easy Tools before 3.0.1.1650, on HP Thin Client t5540, t5740, and t5740e devices and HP Flexible Thin Client t510, t520, t610, t620, and t820 devices allows remote authenticated users to execute arbitrary code via unknown vectors.

EPSS: Низкий
github логотип

GHSA-3gmg-r977-hqcc

около 1 года назад

Unexpected server crash in database driver in M-Files Server before 25.1.14445.5 allows a highly privileged attacker to cause denial of service via configuration change.

CVSS3: 4.9
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3gp3-gf57-5q6x

The PDF Builder for WooCommerce. Create invoices,packing slips and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.2.136 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVSS3: 6.1
1%
Низкий
около 1 года назад
github логотип
GHSA-3gp2-q8q7-chf9

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A man in the middle can recover a system's Personal Key when a client attempts to make a LAN connection. The Personal Key is transmitted over the network while only being encrypted via a substitution cipher.

CVSS3: 5.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3gp2-fxr9-ph7v

Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 in admin/changedata.php via the redirect_url parameter and the headers_sent function.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3gmx-64g9-pc2q

Use-after-free vulnerability in the accessibility feature in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3gmx-3pqv-qcgj

ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values, the security of the device is reduced, and it may face the risk of attack.

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3gmw-m22w-rmhw

Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability."

52%
Средний
почти 4 года назад
github логотип
GHSA-3gmw-94gw-rjrr

Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS).

CVSS3: 5.4
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3gmv-r52p-22c8

TitanHQ WebTitan Gateway has incorrect certificate validation for the TLS interception feature.

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3gmv-cppr-wxpg

Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

CVSS3: 7.8
3%
Низкий
больше 3 лет назад
github логотип
GHSA-3gmr-wv4w-9w4q

Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user.

CVSS3: 8.8
2%
Низкий
больше 3 лет назад
github логотип
GHSA-3gmr-q2mv-97r5

clogin.php in Benchmark Designs' WHM AutoPilot 2.4.5 and earlier allows remote attackers to obtain plaintext username and password credentials by using the clogin_e and base64_encode functions to encode the desired user ID in the c parameter, then read the plaintext values in the resulting form.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3gmq-p7p4-9w39

Cisco IOS XR 4.1.2 through 5.1.1 on ASR 9000 devices, when a Trident-based line card is used, allows remote attackers to cause a denial of service (NP chip and line card reload) via malformed IPv6 packets, aka Bug ID CSCun71928.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3gmq-723w-c34c

SQL injection vulnerability in Employee/login.asp in Pre ASP Job Board allows remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password parameters, as reachable from Employee/emp_login.asp. NOTE: some of these details are obtained from third party information.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3gmp-5h5f-57v9

In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3gmp-3578-r3cq

The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-6104.

55%
Средний
больше 3 лет назад
github логотип
GHSA-3gmm-234w-hj94

The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8689.

CVSS3: 7
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3gmh-m5h5-5234

NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression.

CVSS3: 5.3
3%
Низкий
больше 3 лет назад
github логотип
GHSA-3gmg-v9xp-m3jg

A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services.

CVSS3: 6.5
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3gmg-v746-gxcr

Unspecified vulnerability in HP Easy Deploy, as distributed standalone and in HP Easy Tools before 3.0.1.1650, on HP Thin Client t5540, t5740, and t5740e devices and HP Flexible Thin Client t510, t520, t610, t620, and t820 devices allows remote authenticated users to execute arbitrary code via unknown vectors.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3gmg-r977-hqcc

Unexpected server crash in database driver in M-Files Server before 25.1.14445.5 allows a highly privileged attacker to cause denial of service via configuration change.

CVSS3: 4.9
0%
Низкий
около 1 года назад

Уязвимостей на страницу