Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 529

Количество 314 529

github логотип

GHSA-3jq6-fx9w-pjqj

почти 4 года назад

CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded CRLF (%0D%0A) before the FTP command, which causes the commands to be inserted into an authenticated FTP connection established earlier in the same browser session, as demonstrated using a DELE command, a variant or possibly a regression of CVE-2004-1166. NOTE: a trailing "//" can force Internet Explorer to try to reuse an existing authenticated connection.

EPSS: Средний
github логотип

GHSA-3jq5-h4jx-qrg6

больше 2 лет назад

A command injection in the parsing_xml_stasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers (within range of the repeater) to run shell commands as root during the setup process of the repeater, via a crafted SSID. Also, network names containing single quotes (in the range of the repeater) can result in a denial of service.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3jq5-fgc4-p983

больше 3 лет назад

Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote attackers to affect availability via unknown vectors related to Monitoring and Diagnostics.

EPSS: Низкий
github логотип

GHSA-3jq5-7792-2mq3

больше 2 лет назад

Improper encoding or escaping of output in Wing FTP Server (User Web Client) allows Cross-Site Scripting (XSS).This issue affects Wing FTP Server: <= 7.2.0.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-3jq4-6p6j-xq72

почти 4 года назад

SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows remote attackers to hijack cookies in src/redirect.php via unknown vectors. NOTE: while "cookie theft" is frequently associated with XSS, the vendor disclosure is too vague to be certain of this.

EPSS: Низкий
github логотип

GHSA-3jq4-4cch-48hx

3 месяца назад

ZIRA Group WBRM 7.0 is vulnerable to SQL Injection in referenceLookupsByTableNameAndColumnName.

CVSS3: 7.6
EPSS: Низкий
github логотип

GHSA-3jq3-gh97-4gcf

почти 4 года назад

SQL injection vulnerability in includes/module/book/index.inc.php in w3b|cms Gaestebuch Guestbook Module 3.0.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the spam_id parameter.

EPSS: Низкий
github логотип

GHSA-3jq2-28xq-wmh4

3 месяца назад

Multiple parameters in register.php in PHPGurukul Student Record System 3.20 are vulnerable to SQL injection. These include: c-full, fname, mname,lname, gname, ocp, nation, mobno, email, board1, roll1, pyear1, board2, roll2, pyear2, sub1,marks1, sub2, course-short, income, category, ph, country, state, city, padd, cadd, and gender.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3jpx-qjj5-5p7v

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in CA Service Desk Manager (formerly CA Service Desk) 12.9 and 14.1 allows remote attackers to inject arbitrary web script or HTML via the QBE.EQ.REF_NUM parameter.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-3jpx-q28p-5w5v

почти 4 года назад

debconf in Debian GNU/Linux, when configuring mnogosearch in the mnogosearch-common 3.2.31-1 package, uses the world-readable config.dat file instead of the restricted passwords.dat for storing the cleartext database administrator password in the mnogosearch-common/database_admin_pass record, which allows local users to view the password.

EPSS: Низкий
github логотип

GHSA-3jpx-33f8-9xxc

почти 4 года назад

Cross-site scripting (XSS) vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-3jpw-p5mr-c3q9

почти 2 года назад

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS3: 4.9
EPSS: Низкий
github логотип

GHSA-3jpv-xhvh-4638

больше 3 лет назад

Cross-site request forgery (CSRF) vulnerability in the INSERT page in Cisco Prime Infrastructure (PI) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun21868.

EPSS: Низкий
github логотип

GHSA-3jpv-v5qf-r957

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-3jpv-h4fh-v8h9

9 месяцев назад

The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected process crash.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3jpv-997g-jw9h

больше 1 года назад

Improper access control in some Intel(R) DSA software before version 23.4.33 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3jpr-9ppp-96gp

почти 4 года назад

cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.

EPSS: Низкий
github логотип

GHSA-3jpq-2j9m-x6ww

почти 4 года назад

Squid proxy server 2.4 and earlier allows remote attackers to cause a denial of service (crash) via a mkdir-only FTP PUT request.

EPSS: Средний
github логотип

GHSA-3jpp-jwvr-524v

больше 3 лет назад

Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template.

EPSS: Низкий
github логотип

GHSA-3jpj-5qjm-m8r4

больше 3 лет назад

Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected.

CVSS3: 6.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3jq6-fx9w-pjqj

CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded CRLF (%0D%0A) before the FTP command, which causes the commands to be inserted into an authenticated FTP connection established earlier in the same browser session, as demonstrated using a DELE command, a variant or possibly a regression of CVE-2004-1166. NOTE: a trailing "//" can force Internet Explorer to try to reuse an existing authenticated connection.

23%
Средний
почти 4 года назад
github логотип
GHSA-3jq5-h4jx-qrg6

A command injection in the parsing_xml_stasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers (within range of the repeater) to run shell commands as root during the setup process of the repeater, via a crafted SSID. Also, network names containing single quotes (in the range of the repeater) can result in a denial of service.

CVSS3: 8.8
2%
Низкий
больше 2 лет назад
github логотип
GHSA-3jq5-fgc4-p983

Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote attackers to affect availability via unknown vectors related to Monitoring and Diagnostics.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3jq5-7792-2mq3

Improper encoding or escaping of output in Wing FTP Server (User Web Client) allows Cross-Site Scripting (XSS).This issue affects Wing FTP Server: <= 7.2.0.

CVSS3: 5.4
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3jq4-6p6j-xq72

SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows remote attackers to hijack cookies in src/redirect.php via unknown vectors. NOTE: while "cookie theft" is frequently associated with XSS, the vendor disclosure is too vague to be certain of this.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3jq4-4cch-48hx

ZIRA Group WBRM 7.0 is vulnerable to SQL Injection in referenceLookupsByTableNameAndColumnName.

CVSS3: 7.6
0%
Низкий
3 месяца назад
github логотип
GHSA-3jq3-gh97-4gcf

SQL injection vulnerability in includes/module/book/index.inc.php in w3b|cms Gaestebuch Guestbook Module 3.0.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the spam_id parameter.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3jq2-28xq-wmh4

Multiple parameters in register.php in PHPGurukul Student Record System 3.20 are vulnerable to SQL injection. These include: c-full, fname, mname,lname, gname, ocp, nation, mobno, email, board1, roll1, pyear1, board2, roll2, pyear2, sub1,marks1, sub2, course-short, income, category, ph, country, state, city, padd, cadd, and gender.

CVSS3: 6.5
0%
Низкий
3 месяца назад
github логотип
GHSA-3jpx-qjj5-5p7v

Cross-site scripting (XSS) vulnerability in CA Service Desk Manager (formerly CA Service Desk) 12.9 and 14.1 allows remote attackers to inject arbitrary web script or HTML via the QBE.EQ.REF_NUM parameter.

CVSS3: 6.1
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3jpx-q28p-5w5v

debconf in Debian GNU/Linux, when configuring mnogosearch in the mnogosearch-common 3.2.31-1 package, uses the world-readable config.dat file instead of the restricted passwords.dat for storing the cleartext database administrator password in the mnogosearch-common/database_admin_pass record, which allows local users to view the password.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3jpx-33f8-9xxc

Cross-site scripting (XSS) vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3jpw-p5mr-c3q9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS3: 4.9
0%
Низкий
почти 2 года назад
github логотип
GHSA-3jpv-xhvh-4638

Cross-site request forgery (CSRF) vulnerability in the INSERT page in Cisco Prime Infrastructure (PI) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun21868.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3jpv-v5qf-r957

Cross-site scripting (XSS) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS3: 6.1
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3jpv-h4fh-v8h9

The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected process crash.

CVSS3: 6.5
0%
Низкий
9 месяцев назад
github логотип
GHSA-3jpv-997g-jw9h

Improper access control in some Intel(R) DSA software before version 23.4.33 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS3: 7.8
0%
Низкий
больше 1 года назад
github логотип
GHSA-3jpr-9ppp-96gp

cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.

5%
Низкий
почти 4 года назад
github логотип
GHSA-3jpq-2j9m-x6ww

Squid proxy server 2.4 and earlier allows remote attackers to cause a denial of service (crash) via a mkdir-only FTP PUT request.

24%
Средний
почти 4 года назад
github логотип
GHSA-3jpp-jwvr-524v

Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3jpj-5qjm-m8r4

Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected.

CVSS3: 6.5
1%
Низкий
больше 3 лет назад

Уязвимостей на страницу