Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-3j33-hfwp-pgr4

больше 1 года назад

Authentication Bypass by Spoofing vulnerability in miniorange Malware Scanner allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Malware Scanner: from n/a through 4.7.1.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-3j2x-7h4w-pgjq

около 4 лет назад

An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local attackers to access CPLC information without permission.

CVSS3: 3.3
EPSS: Низкий
github логотип

GHSA-3j2x-69wr-xw23

больше 2 лет назад

Wacom Drivers for Windows Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Tablet Service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16857.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3j2v-wgmf-j8hj

почти 4 года назад

Buffer overflow in the (1) WTHoster and (2) WebDriver modules in WildTangent Web Driver 4.0 allows remote attackers to execute arbitrary code via a long filename.

EPSS: Низкий
github логотип

GHSA-3j2r-4m5c-xw29

7 месяцев назад

IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 could allow a remote user to cause a denial of service by sending an invalid HTTP request to the log reading service.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3j2q-q8wr-v983

10 месяцев назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Chris WP Editor.md – The Perfect WordPress Markdown Editor allows Stored XSS. This issue affects WP Editor.md – The Perfect WordPress Markdown Editor: from n/a through 10.2.1.

CVSS3: 5.9
EPSS: Низкий
github логотип

GHSA-3j2q-9frp-w63j

больше 3 лет назад

Use-after-free vulnerability in the Media Player Network Sharing Service in Microsoft Windows Vista SP1 and SP2 and Windows 7 allows remote attackers to execute arbitrary code via a crafted Real Time Streaming Protocol (RTSP) packet, aka "RTSP Use After Free Vulnerability."

EPSS: Средний
github логотип

GHSA-3j2q-69v3-29gw

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in the WeChat page in Cisco Social Miner 10.0(1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuw60212.

EPSS: Низкий
github логотип

GHSA-3j2q-3qf9-5m6x

3 месяца назад

Inadequate lock protection within Xilinx Run time may allow a local attacker to trigger a Use-After-Free condition potentially resulting in loss of confidentiality or availability

CVSS3: 7.3
EPSS: Низкий
github логотип

GHSA-3j2p-fcwj-8pcw

больше 3 лет назад

NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3j2m-c7pf-qmrp

почти 2 года назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pretty Links Shortlinks by Pretty Links allows Reflected XSS.This issue affects Shortlinks by Pretty Links: from n/a through 3.6.2.

CVSS3: 7.1
EPSS: Низкий
github логотип

GHSA-3j2m-32hq-9hp8

около 4 лет назад

An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3j2j-j29v-24gh

почти 4 года назад

Multiple directory traversal vulnerabilities in iXon CMS 0.30 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme_url parameter to (1) index.php, (2) page.php, (3) search.php, (4) single.php, and (5) archives.php.

EPSS: Низкий
github логотип

GHSA-3j2h-mvc8-98cc

больше 1 года назад

Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can register user accounts without being authenticated from the route "/account/Register/" and in the parameters "UserName=<RANDOMUSER>&Password=<PASSWORD>&ConfirmPassword=<PASSWORD-REPEAT>".

CVSS3: 9.1
EPSS: Низкий
github логотип

GHSA-3j2h-mfvw-w96c

больше 3 лет назад

WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string.

EPSS: Низкий
github логотип

GHSA-3j2h-fq3g-cjhp

почти 4 года назад

Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable.

EPSS: Низкий
github логотип

GHSA-3j2f-58rq-g6p7

больше 2 лет назад

Sureness uses hardcoded key

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3j2c-999x-65vh

больше 3 лет назад

WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on unsafe OS defaults.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3j2c-8pr2-w8qp

24 дня назад

MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service executable files in the MariaDB bin directory. Attackers can replace the mysqld.exe with a malicious executable, which will execute with system privileges when the computer restarts.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3j29-mf87-fv7c

больше 3 лет назад

An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-33352393. References: QC-CR#1101943.

CVSS3: 4.7
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3j33-hfwp-pgr4

Authentication Bypass by Spoofing vulnerability in miniorange Malware Scanner allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Malware Scanner: from n/a through 4.7.1.

CVSS3: 5.3
0%
Низкий
больше 1 года назад
github логотип
GHSA-3j2x-7h4w-pgjq

An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local attackers to access CPLC information without permission.

CVSS3: 3.3
0%
Низкий
около 4 лет назад
github логотип
GHSA-3j2x-69wr-xw23

Wacom Drivers for Windows Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Tablet Service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16857.

CVSS3: 7.8
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3j2v-wgmf-j8hj

Buffer overflow in the (1) WTHoster and (2) WebDriver modules in WildTangent Web Driver 4.0 allows remote attackers to execute arbitrary code via a long filename.

10%
Низкий
почти 4 года назад
github логотип
GHSA-3j2r-4m5c-xw29

IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 could allow a remote user to cause a denial of service by sending an invalid HTTP request to the log reading service.

CVSS3: 7.5
0%
Низкий
7 месяцев назад
github логотип
GHSA-3j2q-q8wr-v983

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Chris WP Editor.md &#8211; The Perfect WordPress Markdown Editor allows Stored XSS. This issue affects WP Editor.md &#8211; The Perfect WordPress Markdown Editor: from n/a through 10.2.1.

CVSS3: 5.9
0%
Низкий
10 месяцев назад
github логотип
GHSA-3j2q-9frp-w63j

Use-after-free vulnerability in the Media Player Network Sharing Service in Microsoft Windows Vista SP1 and SP2 and Windows 7 allows remote attackers to execute arbitrary code via a crafted Real Time Streaming Protocol (RTSP) packet, aka "RTSP Use After Free Vulnerability."

44%
Средний
больше 3 лет назад
github логотип
GHSA-3j2q-69v3-29gw

Cross-site scripting (XSS) vulnerability in the WeChat page in Cisco Social Miner 10.0(1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuw60212.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3j2q-3qf9-5m6x

Inadequate lock protection within Xilinx Run time may allow a local attacker to trigger a Use-After-Free condition potentially resulting in loss of confidentiality or availability

CVSS3: 7.3
0%
Низкий
3 месяца назад
github логотип
GHSA-3j2p-fcwj-8pcw

NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance.

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3j2m-c7pf-qmrp

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pretty Links Shortlinks by Pretty Links allows Reflected XSS.This issue affects Shortlinks by Pretty Links: from n/a through 3.6.2.

CVSS3: 7.1
0%
Низкий
почти 2 года назад
github логотип
GHSA-3j2m-32hq-9hp8

An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size.

CVSS3: 5.5
0%
Низкий
около 4 лет назад
github логотип
GHSA-3j2j-j29v-24gh

Multiple directory traversal vulnerabilities in iXon CMS 0.30 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme_url parameter to (1) index.php, (2) page.php, (3) search.php, (4) single.php, and (5) archives.php.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3j2h-mvc8-98cc

Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can register user accounts without being authenticated from the route "/account/Register/" and in the parameters "UserName=<RANDOMUSER>&Password=<PASSWORD>&ConfirmPassword=<PASSWORD-REPEAT>".

CVSS3: 9.1
1%
Низкий
больше 1 года назад
github логотип
GHSA-3j2h-mfvw-w96c

WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3j2h-fq3g-cjhp

Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3j2f-58rq-g6p7

Sureness uses hardcoded key

CVSS3: 9.8
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3j2c-999x-65vh

WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on unsafe OS defaults.

CVSS3: 5.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3j2c-8pr2-w8qp

MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service executable files in the MariaDB bin directory. Attackers can replace the mysqld.exe with a malicious executable, which will execute with system privileges when the computer restarts.

CVSS3: 7.8
0%
Низкий
24 дня назад
github логотип
GHSA-3j29-mf87-fv7c

An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-33352393. References: QC-CR#1101943.

CVSS3: 4.7
0%
Низкий
больше 3 лет назад

Уязвимостей на страницу