Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-3f9c-9c8w-rrr6

больше 3 лет назад

Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3f99-xvp7-g4c7

больше 3 лет назад

IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. IBM X-Force ID: 130735.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3f99-rhv8-qg8h

больше 3 лет назад

The Web Browser & Explorer (aka com.explore.web.browser) application 2.0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

EPSS: Низкий
github логотип

GHSA-3f99-hvg4-qjwj

больше 4 лет назад

Insecure random number generation in keypair

CVSS3: 8.7
EPSS: Низкий
github логотип

GHSA-3f98-v8mx-8cr7

почти 4 года назад

The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object.

EPSS: Низкий
github логотип

GHSA-3f98-9h78-w5jh

больше 3 лет назад

Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with "SecurityLevel None" and with empty "AuthFile" options) via a crafted UDP packet.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3f97-rj68-2pjf

больше 5 лет назад

Malicious Package in buffe2-xor

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3f97-7pgv-gmgr

больше 3 лет назад

Magento affected by a business logic error in the placeOrder graphql mutation

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3f96-f7jm-vmvm

больше 3 лет назад

The mDNS snooping functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.4.1.54 and earlier does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) via crafted mDNS packets, aka Bug ID CSCue04153.

EPSS: Низкий
github логотип

GHSA-3f95-w5h5-fq86

больше 5 лет назад

Prototype Pollution in mergify

EPSS: Низкий
github логотип

GHSA-3f95-r44v-8mrg

почти 4 года назад

Command injection in simple-git

CVSS3: 8.1
EPSS: Низкий
github логотип

GHSA-3f95-mxq2-2f63

почти 2 года назад

Gradio Local File Inclusion vulnerability

CVSS3: 7.5
EPSS: Высокий
github логотип

GHSA-3f95-hm4q-h8pq

почти 4 года назад

Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability."

EPSS: Средний
github логотип

GHSA-3f95-cpcf-8h94

больше 3 лет назад

SQL injection vulnerability in function.php in MigasCMS 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the categorie parameter in a catalogo action. NOTE: some of these details are obtained from third party information.

EPSS: Низкий
github логотип

GHSA-3f95-9gfm-mcx4

больше 3 лет назад

IBM Security Verify Information Queue 10.0.2 could allow an authenticated user to cause a denial of service with a specially crafted HTTP request.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3f94-qwfc-p8gc

почти 4 года назад

Buffer overflow in eXeScope 6.50 allows user-assisted remote attackers to execute arbitrary code via a crafted executable (.exe) file.

EPSS: Средний
github логотип

GHSA-3f94-mp5w-652q

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in admin/edituser.php in CMS Made Simple 1.10.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter (aka the Email Address field in the Edit User template).

EPSS: Низкий
github логотип

GHSA-3f94-44jv-m2pq

больше 3 лет назад

Mailcwp remote file upload vulnerability incomplete fix v1.100

CVSS3: 9.8
EPSS: Средний
github логотип

GHSA-3f93-cwjr-ppr2

больше 3 лет назад

Adobe After Effects version 18.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

EPSS: Низкий
github логотип

GHSA-3f93-cvr2-mcrh

2 месяца назад

In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4805.

CVSS3: 7.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3f9c-9c8w-rrr6

Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php.

CVSS3: 9.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3f99-xvp7-g4c7

IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. IBM X-Force ID: 130735.

CVSS3: 6.5
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3f99-rhv8-qg8h

The Web Browser & Explorer (aka com.explore.web.browser) application 2.0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3f99-hvg4-qjwj

Insecure random number generation in keypair

CVSS3: 8.7
0%
Низкий
больше 4 лет назад
github логотип
GHSA-3f98-v8mx-8cr7

The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object.

7%
Низкий
почти 4 года назад
github логотип
GHSA-3f98-9h78-w5jh

Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with "SecurityLevel None" and with empty "AuthFile" options) via a crafted UDP packet.

CVSS3: 7.5
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3f97-rj68-2pjf

Malicious Package in buffe2-xor

CVSS3: 9.8
больше 5 лет назад
github логотип
GHSA-3f97-7pgv-gmgr

Magento affected by a business logic error in the placeOrder graphql mutation

CVSS3: 6.5
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3f96-f7jm-vmvm

The mDNS snooping functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.4.1.54 and earlier does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) via crafted mDNS packets, aka Bug ID CSCue04153.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3f95-w5h5-fq86

Prototype Pollution in mergify

больше 5 лет назад
github логотип
GHSA-3f95-r44v-8mrg

Command injection in simple-git

CVSS3: 8.1
1%
Низкий
почти 4 года назад
github логотип
GHSA-3f95-mxq2-2f63

Gradio Local File Inclusion vulnerability

CVSS3: 7.5
82%
Высокий
почти 2 года назад
github логотип
GHSA-3f95-hm4q-h8pq

Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability."

31%
Средний
почти 4 года назад
github логотип
GHSA-3f95-cpcf-8h94

SQL injection vulnerability in function.php in MigasCMS 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the categorie parameter in a catalogo action. NOTE: some of these details are obtained from third party information.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3f95-9gfm-mcx4

IBM Security Verify Information Queue 10.0.2 could allow an authenticated user to cause a denial of service with a specially crafted HTTP request.

CVSS3: 6.5
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3f94-qwfc-p8gc

Buffer overflow in eXeScope 6.50 allows user-assisted remote attackers to execute arbitrary code via a crafted executable (.exe) file.

22%
Средний
почти 4 года назад
github логотип
GHSA-3f94-mp5w-652q

Cross-site scripting (XSS) vulnerability in admin/edituser.php in CMS Made Simple 1.10.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter (aka the Email Address field in the Edit User template).

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3f94-44jv-m2pq

Mailcwp remote file upload vulnerability incomplete fix v1.100

CVSS3: 9.8
16%
Средний
больше 3 лет назад
github логотип
GHSA-3f93-cwjr-ppr2

Adobe After Effects version 18.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3f93-cvr2-mcrh

In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4805.

CVSS3: 7.8
0%
Низкий
2 месяца назад

Уязвимостей на страницу