Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-3ghq-3f49-fr98

больше 3 лет назад

Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBit function in mp4mux.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3ghp-2qxv-j2hr

почти 4 года назад

Directory traversal vulnerability in weblog.pl in PerlBlog 1.09b and earlier allows remote attackers to read certain files via the month parameter.

EPSS: Низкий
github логотип

GHSA-3ghj-wv9w-7vp9

около 2 лет назад

Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack.

CVSS3: 9.8
EPSS: Средний
github логотип

GHSA-3ghj-f9w6-vh8h

больше 3 лет назад

SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileview_list action to manageajax.php.

EPSS: Низкий
github логотип

GHSA-3ghh-rm9h-rjcv

почти 4 года назад

Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio 7.5.2 and 7.5.3.15 allows remote attackers to execute arbitrary code via a long ID3 tag in an MP3 file. NOTE: some of these details are obtained from third party information.

EPSS: Средний
github логотип

GHSA-3ghh-mq29-47m6

почти 4 года назад

Cross-site scripting (XSS) vulnerability in index.cgi in ECW-Cart 2.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) kword, (2) max, (3) min, (4) comp, and (5) f parameters.

EPSS: Низкий
github логотип

GHSA-3ghh-4p87-43pm

больше 3 лет назад

An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7, and 8000 PC unit. An unauthorized user with physical access to an affected Alaris PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling the PC unit and accessing the device's flash memory. The Alaris 8015 PC unit, Version 9.7, and the 8000 PC unit store wireless network authentication credentials and other sensitive technical data on internal flash memory. Accessing the internal flash memory of the affected device would require special tools to extract data and carrying out this attack at a healthcare facility would increase the likelihood of detection.

CVSS3: 4.9
EPSS: Низкий
github логотип

GHSA-3ghg-3787-w2xr

около 1 месяца назад

Spree API has Unauthenticated IDOR - Guest Address

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3ghf-mqfr-9xvw

почти 3 года назад

A vulnerability, which was classified as critical, was found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file manage_student.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226272.

CVSS3: 6.3
EPSS: Низкий
github логотип

GHSA-3ghf-f72w-2g9p

почти 4 года назад

AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request

EPSS: Средний
github логотип

GHSA-3ghf-chw5-4mxm

больше 3 лет назад

The Feed Statistics plugin before 4.0 for WordPress has an Open Redirect via the feed-stats-url parameter.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-3ghc-cw76-h292

больше 3 лет назад

Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3ghc-2486-hrxh

почти 2 года назад

In the Linux kernel, the following vulnerability has been resolved: pmdomain: mediatek: fix race conditions with genpd If the power domains are registered first with genpd and *after that* the driver attempts to power them on in the probe sequence, then it is possible that a race condition occurs if genpd tries to power them on in the same time. The same is valid for powering them off before unregistering them from genpd. Attempt to fix race conditions by first removing the domains from genpd and *after that* powering down domains. Also first power up the domains and *after that* register them to genpd.

CVSS3: 4.7
EPSS: Низкий
github логотип

GHSA-3gh8-3438-mqwv

около 1 года назад

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the executor_thread_.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3gh7-q58j-c4hg

больше 3 лет назад

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-3109.

EPSS: Низкий
github логотип

GHSA-3gh7-m3jw-66v6

почти 4 года назад

Cross-site scripting (XSS) vulnerability in the web interface on the central phone server for the Snom 320 SIP Phone allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-3gh7-cv65-5fg2

почти 4 года назад

PHP remote file inclusion vulnerability in toolbar_ext.php in the VehicleManager (com_vehiclemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

EPSS: Низкий
github логотип

GHSA-3gh7-cjxx-xcjw

около 2 месяцев назад

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-3gh7-9gp9-47r9

около 1 года назад

A vulnerability was found in code-projects Blood Bank System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /controllers/updatesettings.php of the component Setting Handler. The manipulation of the argument firstname leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

CVSS3: 3.5
EPSS: Низкий
github логотип

GHSA-3gh6-v5v9-6v9j

больше 2 лет назад

Jetty vulnerable to errant command quoting in CGI Servlet

CVSS3: 3.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3ghq-3f49-fr98

Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBit function in mp4mux.

CVSS3: 8.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3ghp-2qxv-j2hr

Directory traversal vulnerability in weblog.pl in PerlBlog 1.09b and earlier allows remote attackers to read certain files via the month parameter.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3ghj-wv9w-7vp9

Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack.

CVSS3: 9.8
22%
Средний
около 2 лет назад
github логотип
GHSA-3ghj-f9w6-vh8h

SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileview_list action to manageajax.php.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3ghh-rm9h-rjcv

Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio 7.5.2 and 7.5.3.15 allows remote attackers to execute arbitrary code via a long ID3 tag in an MP3 file. NOTE: some of these details are obtained from third party information.

23%
Средний
почти 4 года назад
github логотип
GHSA-3ghh-mq29-47m6

Cross-site scripting (XSS) vulnerability in index.cgi in ECW-Cart 2.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) kword, (2) max, (3) min, (4) comp, and (5) f parameters.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3ghh-4p87-43pm

An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7, and 8000 PC unit. An unauthorized user with physical access to an affected Alaris PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling the PC unit and accessing the device's flash memory. The Alaris 8015 PC unit, Version 9.7, and the 8000 PC unit store wireless network authentication credentials and other sensitive technical data on internal flash memory. Accessing the internal flash memory of the affected device would require special tools to extract data and carrying out this attack at a healthcare facility would increase the likelihood of detection.

CVSS3: 4.9
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3ghg-3787-w2xr

Spree API has Unauthenticated IDOR - Guest Address

CVSS3: 7.5
0%
Низкий
около 1 месяца назад
github логотип
GHSA-3ghf-mqfr-9xvw

A vulnerability, which was classified as critical, was found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file manage_student.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226272.

CVSS3: 6.3
0%
Низкий
почти 3 года назад
github логотип
GHSA-3ghf-f72w-2g9p

AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request

26%
Средний
почти 4 года назад
github логотип
GHSA-3ghf-chw5-4mxm

The Feed Statistics plugin before 4.0 for WordPress has an Open Redirect via the feed-stats-url parameter.

CVSS3: 6.1
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3ghc-cw76-h292

Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS3: 8.8
3%
Низкий
больше 3 лет назад
github логотип
GHSA-3ghc-2486-hrxh

In the Linux kernel, the following vulnerability has been resolved: pmdomain: mediatek: fix race conditions with genpd If the power domains are registered first with genpd and *after that* the driver attempts to power them on in the probe sequence, then it is possible that a race condition occurs if genpd tries to power them on in the same time. The same is valid for powering them off before unregistering them from genpd. Attempt to fix race conditions by first removing the domains from genpd and *after that* powering down domains. Also first power up the domains and *after that* register them to genpd.

CVSS3: 4.7
0%
Низкий
почти 2 года назад
github логотип
GHSA-3gh8-3438-mqwv

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the executor_thread_.

CVSS3: 9.8
0%
Низкий
около 1 года назад
github логотип
GHSA-3gh7-q58j-c4hg

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-3109.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3gh7-m3jw-66v6

Cross-site scripting (XSS) vulnerability in the web interface on the central phone server for the Snom 320 SIP Phone allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3gh7-cv65-5fg2

PHP remote file inclusion vulnerability in toolbar_ext.php in the VehicleManager (com_vehiclemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

2%
Низкий
почти 4 года назад
github логотип
GHSA-3gh7-cjxx-xcjw

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVSS3: 5.4
0%
Низкий
около 2 месяцев назад
github логотип
GHSA-3gh7-9gp9-47r9

A vulnerability was found in code-projects Blood Bank System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /controllers/updatesettings.php of the component Setting Handler. The manipulation of the argument firstname leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

CVSS3: 3.5
0%
Низкий
около 1 года назад
github логотип
GHSA-3gh6-v5v9-6v9j

Jetty vulnerable to errant command quoting in CGI Servlet

CVSS3: 3.5
1%
Низкий
больше 2 лет назад

Уязвимостей на страницу