Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-3gmp-5h5f-57v9

больше 3 лет назад

In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages.

EPSS: Низкий
github логотип

GHSA-3gmp-3578-r3cq

больше 3 лет назад

The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-6104.

EPSS: Средний
github логотип

GHSA-3gmm-234w-hj94

больше 3 лет назад

The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8689.

CVSS3: 7
EPSS: Низкий
github логотип

GHSA-3gmh-m5h5-5234

больше 3 лет назад

NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-3gmg-v9xp-m3jg

больше 2 лет назад

A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3gmg-v746-gxcr

больше 3 лет назад

Unspecified vulnerability in HP Easy Deploy, as distributed standalone and in HP Easy Tools before 3.0.1.1650, on HP Thin Client t5540, t5740, and t5740e devices and HP Flexible Thin Client t510, t520, t610, t620, and t820 devices allows remote authenticated users to execute arbitrary code via unknown vectors.

EPSS: Низкий
github логотип

GHSA-3gmg-r977-hqcc

около 1 года назад

Unexpected server crash in database driver in M-Files Server before 25.1.14445.5 allows a highly privileged attacker to cause denial of service via configuration change.

CVSS3: 4.9
EPSS: Низкий
github логотип

GHSA-3gmg-2p2p-x5wp

почти 4 года назад

Eltima Software Virtual Serial Port (VSPAX) ActiveX control (VSPort.DLL) allows remote attackers to cause a denial of service via certain function calls, as demonstrated via the (1) Attach, (2) Write, and (3) WriteStr functions.

EPSS: Низкий
github логотип

GHSA-3gmf-fq2f-gwph

около 1 года назад

Mailcow through 2024-11b has a session fixation vulnerability in the web panel. It allows remote attackers to set a session identifier when HSTS is disabled on a victim's browser. After a user logs in, they are authenticated and the session identifier is valid. Then, a remote attacker can access the victim's web panel with the same session identifier.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3gmf-fmhc-5qv9

почти 4 года назад

The tubepress plugin before 1.6.5 for WordPress has XSS.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-3gmf-2qwv-jgjx

больше 3 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS before 2.0.5 allow remote authenticated users, with certain creation privileges, to inject arbitrary web script or HTML via the (1) content parameter in conjunction with a /admin/poll/add PATH_INFO, the (2) meta parameter in conjunction with a /admin/category/add PATH_INFO, and the (3) keyword parameter in conjunction with a /admin/tag/add PATH_INFO.

EPSS: Низкий
github логотип

GHSA-3gmf-2m92-wrxq

3 дня назад

A vulnerability was determined in Free5GC up to 4.1.0. The impacted element is the function establishPfcpSession of the component SMF. Executing a manipulation can lead to null pointer dereference. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. It is best practice to apply a patch to resolve this issue.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-3gm9-q84v-wvvw

почти 3 года назад

Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3gm9-hwp2-84jv

больше 3 лет назад

Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3189.

EPSS: Средний
github логотип

GHSA-3gm9-977v-wxgv

больше 3 лет назад

IrfanView version 4.44 (32bit) has a "Data from Faulting Address controls Branch Selection starting at USER32!wvsprintfA+0x00000000000002f3" issue, which might allow attackers to execute arbitrary code via a crafted file.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3gm8-9xxm-pmhh

больше 3 лет назад

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the webproc endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12104.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3gm8-32vv-q8mp

больше 3 лет назад

Moodle Cross-site Scripting vulnerability in the KSES text cleaning filter

EPSS: Низкий
github логотип

GHSA-3gm8-2237-qv79

больше 3 лет назад

CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-3gm7-x7gh-qcvp

почти 2 года назад

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eae_custom_overlay_switcher’ attribute of the Thumbnail Slider widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS3: 6.4
EPSS: Низкий
github логотип

GHSA-3gm7-v7vw-866c

больше 6 лет назад

XML External Entity (XXE) Injection in Apache Solr

CVSS3: 7.2
EPSS: Критический

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3gmp-5h5f-57v9

In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3gmp-3578-r3cq

The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-6104.

55%
Средний
больше 3 лет назад
github логотип
GHSA-3gmm-234w-hj94

The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8689.

CVSS3: 7
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3gmh-m5h5-5234

NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression.

CVSS3: 5.3
3%
Низкий
больше 3 лет назад
github логотип
GHSA-3gmg-v9xp-m3jg

A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services.

CVSS3: 6.5
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3gmg-v746-gxcr

Unspecified vulnerability in HP Easy Deploy, as distributed standalone and in HP Easy Tools before 3.0.1.1650, on HP Thin Client t5540, t5740, and t5740e devices and HP Flexible Thin Client t510, t520, t610, t620, and t820 devices allows remote authenticated users to execute arbitrary code via unknown vectors.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3gmg-r977-hqcc

Unexpected server crash in database driver in M-Files Server before 25.1.14445.5 allows a highly privileged attacker to cause denial of service via configuration change.

CVSS3: 4.9
0%
Низкий
около 1 года назад
github логотип
GHSA-3gmg-2p2p-x5wp

Eltima Software Virtual Serial Port (VSPAX) ActiveX control (VSPort.DLL) allows remote attackers to cause a denial of service via certain function calls, as demonstrated via the (1) Attach, (2) Write, and (3) WriteStr functions.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3gmf-fq2f-gwph

Mailcow through 2024-11b has a session fixation vulnerability in the web panel. It allows remote attackers to set a session identifier when HSTS is disabled on a victim's browser. After a user logs in, they are authenticated and the session identifier is valid. Then, a remote attacker can access the victim's web panel with the same session identifier.

CVSS3: 7.5
0%
Низкий
около 1 года назад
github логотип
GHSA-3gmf-fmhc-5qv9

The tubepress plugin before 1.6.5 for WordPress has XSS.

CVSS3: 6.1
0%
Низкий
почти 4 года назад
github логотип
GHSA-3gmf-2qwv-jgjx

Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS before 2.0.5 allow remote authenticated users, with certain creation privileges, to inject arbitrary web script or HTML via the (1) content parameter in conjunction with a /admin/poll/add PATH_INFO, the (2) meta parameter in conjunction with a /admin/category/add PATH_INFO, and the (3) keyword parameter in conjunction with a /admin/tag/add PATH_INFO.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3gmf-2m92-wrxq

A vulnerability was determined in Free5GC up to 4.1.0. The impacted element is the function establishPfcpSession of the component SMF. Executing a manipulation can lead to null pointer dereference. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. It is best practice to apply a patch to resolve this issue.

CVSS3: 5.3
0%
Низкий
3 дня назад
github логотип
GHSA-3gm9-q84v-wvvw

Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS3: 7.8
3%
Низкий
почти 3 года назад
github логотип
GHSA-3gm9-hwp2-84jv

Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3189.

25%
Средний
больше 3 лет назад
github логотип
GHSA-3gm9-977v-wxgv

IrfanView version 4.44 (32bit) has a "Data from Faulting Address controls Branch Selection starting at USER32!wvsprintfA+0x00000000000002f3" issue, which might allow attackers to execute arbitrary code via a crafted file.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3gm8-9xxm-pmhh

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the webproc endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12104.

CVSS3: 8.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3gm8-32vv-q8mp

Moodle Cross-site Scripting vulnerability in the KSES text cleaning filter

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3gm8-2237-qv79

CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string.

CVSS3: 5.4
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3gm7-x7gh-qcvp

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eae_custom_overlay_switcher’ attribute of the Thumbnail Slider widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS3: 6.4
0%
Низкий
почти 2 года назад
github логотип
GHSA-3gm7-v7vw-866c

XML External Entity (XXE) Injection in Apache Solr

CVSS3: 7.2
93%
Критический
больше 6 лет назад

Уязвимостей на страницу