Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 689

Количество 312 689

github логотип

GHSA-3cp6-5m44-6hcm

около 2 лет назад

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. When using UTL_ENCODE, an authenticated user can read any large object, regardless of that user's permissions.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3cp5-cfv6-4x6r

больше 1 года назад

Incorrect access control in the fingerprint authentication mechanism of Phone Cleaner: Boost & Clean v2.2.0 allows attackers to bypass fingerprint authentication due to the use of a deprecated API.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3cp5-5cq5-76jp

больше 3 лет назад

In audio ipi, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478101; Issue ID: ALPS06478101.

CVSS3: 6.4
EPSS: Низкий
github логотип

GHSA-3cp5-553c-2v9c

около 3 лет назад

A vulnerability, which was classified as problematic, has been found in Dot Tech Smart Campus System. Affected by this issue is some unknown functionality of the file /services/Card/findUser. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214778 is the identifier assigned to this vulnerability.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3cp2-4fv4-fx43

почти 4 года назад

Session fixation vulnerability in Plogger allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

EPSS: Низкий
github логотип

GHSA-3cmx-whgg-cr4j

больше 3 лет назад

A cross-site request forgery (CSRF) in index.php/Dswjcms/User/tfAdd of Dswjcms 1.6.4 allows authenticated attackers to arbitrarily add administrator users.

EPSS: Низкий
github логотип

GHSA-3cmx-q8hq-64c3

3 месяца назад

OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) in /user/user-move.php.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-3cmw-x7g9-558m

больше 1 года назад

Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger these vulnerabilities.This instance of the vulnerability occurs within the `Protected_Logical_Write_Reply` function

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3cmw-hjwc-9rp2

почти 4 года назад

Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."

EPSS: Высокий
github логотип

GHSA-3cmv-p7jw-h3fg

больше 3 лет назад

A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked OAuthToken to log into the API Server with the leaked token.

EPSS: Низкий
github логотип

GHSA-3cmr-mvgm-pmfq

больше 1 года назад

FFRI AMC versions 3.4.0 to 3.5.3 and some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 allow a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an environment where the notification program setting is enabled and the executable file path is set to a batch file (.bat) or command file (.cmd) extension.

CVSS3: 6.4
EPSS: Низкий
github логотип

GHSA-3cmr-m8h4-f7xj

около 2 месяцев назад

RuoYi versions 4.8.1 and earlier is affected by a stored XSS vulnerability in the /system/menu/edit endpoint. While the endpoint is protected by an XSS filter, the protection can be bypassed. Additionally, because the menu is shared across all users, any user with menu modification permissions can impact all users by exploiting this stored XSS vulnerability.

CVSS3: 4.6
EPSS: Низкий
github логотип

GHSA-3cmq-9cqr-3jc4

почти 2 года назад

In setParameter of MtpPacket.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS3: 7.5
EPSS: Средний
github логотип

GHSA-3cmq-72j9-674j

11 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: seccomp: passthrough uretprobe systemcall without filtering When attaching uretprobes to processes running inside docker, the attached process is segfaulted when encountering the retprobe. The reason is that now that uretprobe is a system call the default seccomp filters in docker block it as they only allow a specific set of known syscalls. This is true for other userspace applications which use seccomp to control their syscall surface. Since uretprobe is a "kernel implementation detail" system call which is not used by userspace application code directly, it is impractical and there's very little point in forcing all userspace applications to explicitly allow it in order to avoid crashing tracked processes. Pass this systemcall through seccomp without depending on configuration. Note: uretprobe is currently only x86_64 and isn't expected to ever be supported in i386. [kees: minimized changes for easier back...

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3cmq-696r-cgp7

почти 4 года назад

SQL injection vulnerability in msg.php in AlstraSoft Video Share Enterprise allows remote authenticated users to execute arbitrary SQL commands via the id parameter.

EPSS: Низкий
github логотип

GHSA-3cmq-42w4-c529

больше 3 лет назад

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3cmp-fvxf-q58q

больше 3 лет назад

GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. This is fixed in 11.5.1.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-3cmp-c3h3-9xgc

больше 3 лет назад

IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control Center 5.4.x before 5.4.2.1 iFix09 allow local users to decrypt the master key via unspecified vectors.

CVSS3: 5.1
EPSS: Низкий
github логотип

GHSA-3cmp-6g7x-v2gr

почти 4 года назад

A "range check error" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114.

EPSS: Низкий
github логотип

GHSA-3cmm-mg55-9jrh

почти 4 года назад

SQL injection vulnerability in user_login.asp in PreProjects.com Pre Hotels & Resorts Management System allows remote attackers to execute arbitrary SQL commands via the login page.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3cp6-5m44-6hcm

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. When using UTL_ENCODE, an authenticated user can read any large object, regardless of that user's permissions.

CVSS3: 6.5
0%
Низкий
около 2 лет назад
github логотип
GHSA-3cp5-cfv6-4x6r

Incorrect access control in the fingerprint authentication mechanism of Phone Cleaner: Boost & Clean v2.2.0 allows attackers to bypass fingerprint authentication due to the use of a deprecated API.

CVSS3: 9.8
0%
Низкий
больше 1 года назад
github логотип
GHSA-3cp5-5cq5-76jp

In audio ipi, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478101; Issue ID: ALPS06478101.

CVSS3: 6.4
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3cp5-553c-2v9c

A vulnerability, which was classified as problematic, has been found in Dot Tech Smart Campus System. Affected by this issue is some unknown functionality of the file /services/Card/findUser. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214778 is the identifier assigned to this vulnerability.

CVSS3: 7.5
0%
Низкий
около 3 лет назад
github логотип
GHSA-3cp2-4fv4-fx43

Session fixation vulnerability in Plogger allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3cmx-whgg-cr4j

A cross-site request forgery (CSRF) in index.php/Dswjcms/User/tfAdd of Dswjcms 1.6.4 allows authenticated attackers to arbitrarily add administrator users.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3cmx-q8hq-64c3

OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) in /user/user-move.php.

CVSS3: 6.1
0%
Низкий
3 месяца назад
github логотип
GHSA-3cmw-x7g9-558m

Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger these vulnerabilities.This instance of the vulnerability occurs within the `Protected_Logical_Write_Reply` function

CVSS3: 7.5
0%
Низкий
больше 1 года назад
github логотип
GHSA-3cmw-hjwc-9rp2

Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."

83%
Высокий
почти 4 года назад
github логотип
GHSA-3cmv-p7jw-h3fg

A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked OAuthToken to log into the API Server with the leaked token.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3cmr-mvgm-pmfq

FFRI AMC versions 3.4.0 to 3.5.3 and some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 allow a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an environment where the notification program setting is enabled and the executable file path is set to a batch file (.bat) or command file (.cmd) extension.

CVSS3: 6.4
1%
Низкий
больше 1 года назад
github логотип
GHSA-3cmr-m8h4-f7xj

RuoYi versions 4.8.1 and earlier is affected by a stored XSS vulnerability in the /system/menu/edit endpoint. While the endpoint is protected by an XSS filter, the protection can be bypassed. Additionally, because the menu is shared across all users, any user with menu modification permissions can impact all users by exploiting this stored XSS vulnerability.

CVSS3: 4.6
0%
Низкий
около 2 месяцев назад
github логотип
GHSA-3cmq-9cqr-3jc4

In setParameter of MtpPacket.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS3: 7.5
18%
Средний
почти 2 года назад
github логотип
GHSA-3cmq-72j9-674j

In the Linux kernel, the following vulnerability has been resolved: seccomp: passthrough uretprobe systemcall without filtering When attaching uretprobes to processes running inside docker, the attached process is segfaulted when encountering the retprobe. The reason is that now that uretprobe is a system call the default seccomp filters in docker block it as they only allow a specific set of known syscalls. This is true for other userspace applications which use seccomp to control their syscall surface. Since uretprobe is a "kernel implementation detail" system call which is not used by userspace application code directly, it is impractical and there's very little point in forcing all userspace applications to explicitly allow it in order to avoid crashing tracked processes. Pass this systemcall through seccomp without depending on configuration. Note: uretprobe is currently only x86_64 and isn't expected to ever be supported in i386. [kees: minimized changes for easier back...

CVSS3: 5.5
0%
Низкий
11 месяцев назад
github логотип
GHSA-3cmq-696r-cgp7

SQL injection vulnerability in msg.php in AlstraSoft Video Share Enterprise allows remote authenticated users to execute arbitrary SQL commands via the id parameter.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3cmq-42w4-c529

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3cmp-fvxf-q58q

GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. This is fixed in 11.5.1.

CVSS3: 5.4
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3cmp-c3h3-9xgc

IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control Center 5.4.x before 5.4.2.1 iFix09 allow local users to decrypt the master key via unspecified vectors.

CVSS3: 5.1
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3cmp-6g7x-v2gr

A "range check error" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3cmm-mg55-9jrh

SQL injection vulnerability in user_login.asp in PreProjects.com Pre Hotels & Resorts Management System allows remote attackers to execute arbitrary SQL commands via the login page.

0%
Низкий
почти 4 года назад

Уязвимостей на страницу