Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-39xq-q2rq-4395

больше 3 лет назад

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-3159.

EPSS: Средний
github логотип

GHSA-39xq-39v8-2g6g

16 дней назад

In the Linux kernel, the following vulnerability has been resolved: net/sched: act_api: avoid dereferencing ERR_PTR in tcf_idrinfo_destroy syzbot reported a crash in tc_act_in_hw() during netns teardown where tcf_idrinfo_destroy() passed an ERR_PTR(-EBUSY) value as a tc_action pointer, leading to an invalid dereference. Guard against ERR_PTR entries when iterating the action IDR so teardown does not call tc_act_in_hw() on an error pointer.

EPSS: Низкий
github логотип

GHSA-39xp-m58q-6r58

больше 2 лет назад

"FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. Affected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business Edition version 1.4.0, InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2, Zerona / Zerona PLUS versions 3.2.32 to 3.2.36, ActSecure ? versions 3.4.0 to 3.4.6 and 3.5.0, Dual Safe Powered by FFRI yarai version 1.4.1, EDR Plus Pack (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0), and EDR Plus Pack Cloud (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0).

CVSS3: 3.3
EPSS: Низкий
github логотип

GHSA-39xp-frq9-qcrw

больше 1 года назад

The One Click Close Comments plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.7.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-39xj-x95v-6v4r

больше 3 лет назад

Windows Container Manager Service Elevation of Privilege Vulnerability.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-39xj-q4q3-55mp

больше 3 лет назад

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS3: 3.3
EPSS: Низкий
github логотип

GHSA-39xh-x2wj-8255

около 3 лет назад

A vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file /bsms_ci/index.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214588.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-39xg-qc4x-j5fj

почти 4 года назад

PHP remote file inclusion vulnerability in admin/index.php in 6ALBlog allows remote authenticated administrators to execute arbitrary PHP code via a URL in the pg parameter.

EPSS: Низкий
github логотип

GHSA-39xg-8p43-h76x

больше 4 лет назад

Data races in reffers

CVSS3: 4.7
EPSS: Низкий
github логотип

GHSA-39xg-53hj-p9pw

почти 3 года назад

In NanoMQ v0.15.0-0, Heap overflow occurs in read_byte function of mqtt_code.c.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-39xf-p2jj-wm7p

больше 3 лет назад

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hans Matzen's wp-forecast plugin <= 7.5 at WordPress.

CVSS3: 4.8
EPSS: Низкий
github логотип

GHSA-39xf-jpcr-gmh4

почти 4 года назад

A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiEDR versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow an unauthenticated attacker on the network to disguise as and forge messages from other collectors.

CVSS3: 9.1
EPSS: Низкий
github логотип

GHSA-39xf-8w3x-39j6

3 месяца назад

Due to an OS Command Injection vulnerability in SAP Business Connector, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this content enables execution of arbitrary operating system commands. Successful exploitation could lead to full compromise of the system�s confidentiality, integrity, and availability.

CVSS3: 6.8
EPSS: Низкий
github логотип

GHSA-39xf-6q92-9wf9

почти 4 года назад

Off-by-one error in TIN 1.8.0 and earlier might allow attackers to execute arbitrary code via unknown vectors that trigger a buffer overflow.

EPSS: Низкий
github логотип

GHSA-39xc-jm8g-7f9g

почти 4 года назад

PowerPortal 1.x allows remote attackers to gain sensitive information via invalid or missing parameters in HTTP requests to (1) resize.php or (2) modules.php, which reveals the path in an error message.

EPSS: Низкий
github логотип

GHSA-39xc-f34v-wjpw

больше 2 лет назад

A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-39xc-7xp4-xj5v

почти 4 года назад

Directory traversal vulnerability in config.inc.php in phpAbook 0.8.8b and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the userInfo cookie.

EPSS: Низкий
github логотип

GHSA-39xc-77vm-69fc

больше 2 лет назад

A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-39x9-vxp8-rf3h

больше 3 лет назад

SQL injection vulnerability in ZAPms 1.41 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter to product.

EPSS: Низкий
github логотип

GHSA-39x9-qhh7-qf97

больше 3 лет назад

An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8469.

CVSS3: 7.4
EPSS: Средний

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-39xq-q2rq-4395

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-3159.

66%
Средний
больше 3 лет назад
github логотип
GHSA-39xq-39v8-2g6g

In the Linux kernel, the following vulnerability has been resolved: net/sched: act_api: avoid dereferencing ERR_PTR in tcf_idrinfo_destroy syzbot reported a crash in tc_act_in_hw() during netns teardown where tcf_idrinfo_destroy() passed an ERR_PTR(-EBUSY) value as a tc_action pointer, leading to an invalid dereference. Guard against ERR_PTR entries when iterating the action IDR so teardown does not call tc_act_in_hw() on an error pointer.

0%
Низкий
16 дней назад
github логотип
GHSA-39xp-m58q-6r58

"FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. Affected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business Edition version 1.4.0, InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2, Zerona / Zerona PLUS versions 3.2.32 to 3.2.36, ActSecure ? versions 3.4.0 to 3.4.6 and 3.5.0, Dual Safe Powered by FFRI yarai version 1.4.1, EDR Plus Pack (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0), and EDR Plus Pack Cloud (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0).

CVSS3: 3.3
0%
Низкий
больше 2 лет назад
github логотип
GHSA-39xp-frq9-qcrw

The One Click Close Comments plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.7.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.

CVSS3: 5.3
1%
Низкий
больше 1 года назад
github логотип
GHSA-39xj-x95v-6v4r

Windows Container Manager Service Elevation of Privilege Vulnerability.

CVSS3: 7.8
1%
Низкий
больше 3 лет назад
github логотип
GHSA-39xj-q4q3-55mp

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS3: 3.3
1%
Низкий
больше 3 лет назад
github логотип
GHSA-39xh-x2wj-8255

A vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file /bsms_ci/index.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214588.

CVSS3: 9.8
0%
Низкий
около 3 лет назад
github логотип
GHSA-39xg-qc4x-j5fj

PHP remote file inclusion vulnerability in admin/index.php in 6ALBlog allows remote authenticated administrators to execute arbitrary PHP code via a URL in the pg parameter.

5%
Низкий
почти 4 года назад
github логотип
GHSA-39xg-8p43-h76x

Data races in reffers

CVSS3: 4.7
0%
Низкий
больше 4 лет назад
github логотип
GHSA-39xg-53hj-p9pw

In NanoMQ v0.15.0-0, Heap overflow occurs in read_byte function of mqtt_code.c.

CVSS3: 7.5
0%
Низкий
почти 3 года назад
github логотип
GHSA-39xf-p2jj-wm7p

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hans Matzen's wp-forecast plugin <= 7.5 at WordPress.

CVSS3: 4.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-39xf-jpcr-gmh4

A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiEDR versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow an unauthenticated attacker on the network to disguise as and forge messages from other collectors.

CVSS3: 9.1
1%
Низкий
почти 4 года назад
github логотип
GHSA-39xf-8w3x-39j6

Due to an OS Command Injection vulnerability in SAP Business Connector, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this content enables execution of arbitrary operating system commands. Successful exploitation could lead to full compromise of the system�s confidentiality, integrity, and availability.

CVSS3: 6.8
0%
Низкий
3 месяца назад
github логотип
GHSA-39xf-6q92-9wf9

Off-by-one error in TIN 1.8.0 and earlier might allow attackers to execute arbitrary code via unknown vectors that trigger a buffer overflow.

2%
Низкий
почти 4 года назад
github логотип
GHSA-39xc-jm8g-7f9g

PowerPortal 1.x allows remote attackers to gain sensitive information via invalid or missing parameters in HTTP requests to (1) resize.php or (2) modules.php, which reveals the path in an error message.

0%
Низкий
почти 4 года назад
github логотип
GHSA-39xc-f34v-wjpw

A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.

CVSS3: 9.8
0%
Низкий
больше 2 лет назад
github логотип
GHSA-39xc-7xp4-xj5v

Directory traversal vulnerability in config.inc.php in phpAbook 0.8.8b and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the userInfo cookie.

3%
Низкий
почти 4 года назад
github логотип
GHSA-39xc-77vm-69fc

A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account.

CVSS3: 8.8
0%
Низкий
больше 2 лет назад
github логотип
GHSA-39x9-vxp8-rf3h

SQL injection vulnerability in ZAPms 1.41 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter to product.

3%
Низкий
больше 3 лет назад
github логотип
GHSA-39x9-qhh7-qf97

An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8469.

CVSS3: 7.4
18%
Средний
больше 3 лет назад

Уязвимостей на страницу