Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-3c7r-cq4g-xq6v

почти 4 года назад

Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpATM) 1.20 allow remote attackers to execute arbitrary PHP code via the include_location parameter in (1) activate.php, (2) configure.php, (3) fileop.php, (4) getimg.php, (5) ipblocked.php, (6) register.php, (7) showrecent.php, (8) showtophits.php, (9) usrmanag.php, (10) viewer_bottom.php, (11) viewer_content.php, and (12) viewer_top.php. NOTE: The login.php and confirm.php vectors are already covered by CVE-2006-4594.

EPSS: Низкий
github логотип

GHSA-3c7q-vpq8-rccq

больше 3 лет назад

A malicious application may be able to execute arbitrary code with kernel privileges. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An out-of-bounds write issue was addressed with improved bounds checking.

EPSS: Низкий
github логотип

GHSA-3c7q-4gwj-vc33

почти 4 года назад

SQL injection vulnerability in sign_in.aspx in WebStore (Online Store Application Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter.

EPSS: Низкий
github логотип

GHSA-3c7p-vv5r-cmr5

почти 4 года назад

Incorrect Authorization in Apache Solr

CVSS3: 9.8
EPSS: Высокий
github логотип

GHSA-3c7p-pp83-vmm8

больше 3 лет назад

A remote URL redirection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.

EPSS: Низкий
github логотип

GHSA-3c7p-7jhh-gw98

больше 3 лет назад

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4737.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3c7h-926p-7f94

около 2 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs The driver lacks the cleanup of failed transfers of URBs. This reduces the number of available URBs per error by 1. This leads to reduced performance and ultimately to a complete stop of the transmission. If the sending of a bulk URB fails do proper cleanup: - increase netdev stats - mark the echo_sbk as free - free the driver's context and do accounting - wake the send queue

EPSS: Низкий
github логотип

GHSA-3c7g-p9jx-8cgm

больше 3 лет назад

GeniXCMS Cross-site Scripting (XSS) via the Menu ID field

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-3c7g-8x9w-wjqp

больше 3 лет назад

Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors.

EPSS: Низкий
github логотип

GHSA-3c7g-7r78-c425

больше 1 года назад

An arbitrary file upload vulnerability in the Ueditor component of productinfoquick v1.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3c7g-3984-748r

почти 4 года назад

Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow.

EPSS: Высокий
github логотип

GHSA-3c7c-p4m9-gwhc

почти 3 года назад

Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3c7c-8hj4-v9qh

больше 1 года назад

In versions of the PEADM Forge Module prior to 3.24.0 a security misconfiguration was discovered.

EPSS: Низкий
github логотип

GHSA-3c7c-8h8f-3p6v

больше 3 лет назад

Use After Free in GitHub repository vim/vim prior to 8.2.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3c79-rgf5-v4gg

почти 4 года назад

Stack-based buffer overflow in the request handling implementation in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary code via an unspecified string field.

EPSS: Средний
github логотип

GHSA-3c78-wrg5-fqxr

больше 1 года назад

The issue was addressed with improved memory handling. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17. An app may be able to execute arbitrary code with kernel privileges.

CVSS3: 6.6
EPSS: Низкий
github логотип

GHSA-3c78-m682-8wp9

больше 3 лет назад

ChakraCore RCE Vulnerability

CVSS3: 7.5
EPSS: Средний
github логотип

GHSA-3c77-w2fc-xqrh

почти 4 года назад

Multiple cross-site scripting (XSS) vulnerabilities in the Gateway component in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-3c77-6pw4-hr87

больше 1 года назад

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares.

CVSS3: 8.3
EPSS: Низкий
github логотип

GHSA-3c76-p447-jmg2

больше 1 года назад

HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers.

CVSS3: 5.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3c7r-cq4g-xq6v

Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpATM) 1.20 allow remote attackers to execute arbitrary PHP code via the include_location parameter in (1) activate.php, (2) configure.php, (3) fileop.php, (4) getimg.php, (5) ipblocked.php, (6) register.php, (7) showrecent.php, (8) showtophits.php, (9) usrmanag.php, (10) viewer_bottom.php, (11) viewer_content.php, and (12) viewer_top.php. NOTE: The login.php and confirm.php vectors are already covered by CVE-2006-4594.

2%
Низкий
почти 4 года назад
github логотип
GHSA-3c7q-vpq8-rccq

A malicious application may be able to execute arbitrary code with kernel privileges. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An out-of-bounds write issue was addressed with improved bounds checking.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3c7q-4gwj-vc33

SQL injection vulnerability in sign_in.aspx in WebStore (Online Store Application Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3c7p-vv5r-cmr5

Incorrect Authorization in Apache Solr

CVSS3: 9.8
85%
Высокий
почти 4 года назад
github логотип
GHSA-3c7p-pp83-vmm8

A remote URL redirection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3c7p-7jhh-gw98

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4737.

CVSS3: 6.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3c7h-926p-7f94

In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs The driver lacks the cleanup of failed transfers of URBs. This reduces the number of available URBs per error by 1. This leads to reduced performance and ultimately to a complete stop of the transmission. If the sending of a bulk URB fails do proper cleanup: - increase netdev stats - mark the echo_sbk as free - free the driver's context and do accounting - wake the send queue

0%
Низкий
около 2 месяцев назад
github логотип
GHSA-3c7g-p9jx-8cgm

GeniXCMS Cross-site Scripting (XSS) via the Menu ID field

CVSS3: 6.1
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3c7g-8x9w-wjqp

Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors.

9%
Низкий
больше 3 лет назад
github логотип
GHSA-3c7g-7r78-c425

An arbitrary file upload vulnerability in the Ueditor component of productinfoquick v1.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.

CVSS3: 9.8
0%
Низкий
больше 1 года назад
github логотип
GHSA-3c7g-3984-748r

Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow.

87%
Высокий
почти 4 года назад
github логотип
GHSA-3c7c-p4m9-gwhc

Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault.

CVSS3: 6.5
0%
Низкий
почти 3 года назад
github логотип
GHSA-3c7c-8hj4-v9qh

In versions of the PEADM Forge Module prior to 3.24.0 a security misconfiguration was discovered.

0%
Низкий
больше 1 года назад
github логотип
GHSA-3c7c-8h8f-3p6v

Use After Free in GitHub repository vim/vim prior to 8.2.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3c79-rgf5-v4gg

Stack-based buffer overflow in the request handling implementation in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary code via an unspecified string field.

13%
Средний
почти 4 года назад
github логотип
GHSA-3c78-wrg5-fqxr

The issue was addressed with improved memory handling. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17. An app may be able to execute arbitrary code with kernel privileges.

CVSS3: 6.6
0%
Низкий
больше 1 года назад
github логотип
GHSA-3c78-m682-8wp9

ChakraCore RCE Vulnerability

CVSS3: 7.5
24%
Средний
больше 3 лет назад
github логотип
GHSA-3c77-w2fc-xqrh

Multiple cross-site scripting (XSS) vulnerabilities in the Gateway component in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3c77-6pw4-hr87

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares.

CVSS3: 8.3
1%
Низкий
больше 1 года назад
github логотип
GHSA-3c76-p447-jmg2

HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers.

CVSS3: 5.8
0%
Низкий
больше 1 года назад

Уязвимостей на страницу