Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-3f89-5qh9-mvf8

больше 3 лет назад

Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS.

EPSS: Низкий
github логотип

GHSA-3f88-vcg8-m5ph

почти 2 года назад

Stored cross-site scripting vulnerability exists in CGIs included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-3f87-h53g-6x57

около 4 лет назад

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197794.

EPSS: Низкий
github логотип

GHSA-3f87-66x4-f3p7

больше 3 лет назад

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS3: 8.8
EPSS: Критический
github логотип

GHSA-3f86-x5fq-f2xm

почти 4 года назад

Cross-site scripting (XSS) vulnerability in ldap_test.cgi in Barracuda Spam Firewall (BSF) before 3.5.11.025 allows remote attackers to inject arbitrary web script or HTML via the email parameter.

EPSS: Низкий
github логотип

GHSA-3f85-g95j-3rp7

около 1 года назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jay Krishnan G JK Html To Pdf allows Stored XSS.This issue affects JK Html To Pdf: from n/a through 1.0.0.

CVSS3: 7.1
EPSS: Низкий
github логотип

GHSA-3f85-ch4h-849r

10 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: x86/resctrl: Fix allocation of cleanest CLOSID on platforms with no monitors Commit 6eac36bb9eb0 ("x86/resctrl: Allocate the cleanest CLOSID by searching closid_num_dirty_rmid") added logic that causes resctrl to search for the CLOSID with the fewest dirty cache lines when creating a new control group, if requested by the arch code. This depends on the values read from the llc_occupancy counters. The logic is applicable to architectures where the CLOSID effectively forms part of the monitoring identifier and so do not allow complete freedom to choose an unused monitoring identifier for a given CLOSID. This support missed that some platforms may not have these counters. This causes a NULL pointer dereference when creating a new control group as the array was not allocated by dom_data_init(). As this feature isn't necessary on platforms that don't have cache occupancy monitors, add this to the check that occu...

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3f85-2f76-jm35

почти 4 года назад

Wordline HIDCCEMonitorSVC before v5.2.4.3 contains an unquoted service path which allows attackers to escalate privileges to the system level.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3f84-rpwh-47g6

больше 1 года назад

Waitress vulnerable to DoS leading to high CPU usage/resource exhaustion

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3f84-j5xw-c967

больше 3 лет назад

UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3f84-gf8q-ggcq

больше 3 лет назад

IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not invalidate a session upon a logout action, which allows remote attackers to bypass authentication by leveraging an unattended workstation.

EPSS: Низкий
github логотип

GHSA-3f84-67w6-pvm9

почти 4 года назад

The LDAP bind function in Exchange 5.5 has a buffer overflow that allows a remote attacker to conduct a denial of service or execute commands.

EPSS: Низкий
github логотип

GHSA-3f83-v3jg-8cf4

почти 4 года назад

PHP remote file inclusion vulnerability in includes/header.php in Groone GLinks 2.1 allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.

EPSS: Низкий
github логотип

GHSA-3f82-v3qw-53q7

больше 3 лет назад

Passwords transmitted in plain text by Jenkins Stash Branch Parameter Plugin

CVSS3: 3.1
EPSS: Низкий
github логотип

GHSA-3f7x-wq77-2867

почти 4 года назад

Directory traversal vulnerability in navigator/navigator_ok.php in Pagode 0.5.8 allows remote attackers to read and possibly delete arbitrary files via a .. (dot dot) in the asolute parameter.

EPSS: Низкий
github логотип

GHSA-3f7x-wmqw-jp3f

больше 2 лет назад

In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310805; Issue ID: ALPS07310805.

CVSS3: 6.7
EPSS: Низкий
github логотип

GHSA-3f7x-rf2q-c7q4

больше 3 лет назад

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability than CVE-2014-3804 and CVE-2014-3805.

EPSS: Средний
github логотип

GHSA-3f7x-qm4p-6qjv

больше 3 лет назад

cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577).

EPSS: Низкий
github логотип

GHSA-3f7x-cmp2-m6m3

почти 4 года назад

An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of input validation in calls to eb_div in sr_port/eb_muldiv.c allows attackers to crash the application by performing a divide by zero.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3f7x-84v6-xqm2

около 1 года назад

Missing Authorization vulnerability in Xfinity Soft Content Cloner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Content Cloner: from n/a through 1.0.1.

CVSS3: 4.3
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3f89-5qh9-mvf8

Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3f88-vcg8-m5ph

Stored cross-site scripting vulnerability exists in CGIs included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser.

CVSS3: 5.4
0%
Низкий
почти 2 года назад
github логотип
GHSA-3f87-h53g-6x57

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197794.

0%
Низкий
около 4 лет назад
github логотип
GHSA-3f87-66x4-f3p7

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS3: 8.8
93%
Критический
больше 3 лет назад
github логотип
GHSA-3f86-x5fq-f2xm

Cross-site scripting (XSS) vulnerability in ldap_test.cgi in Barracuda Spam Firewall (BSF) before 3.5.11.025 allows remote attackers to inject arbitrary web script or HTML via the email parameter.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3f85-g95j-3rp7

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jay Krishnan G JK Html To Pdf allows Stored XSS.This issue affects JK Html To Pdf: from n/a through 1.0.0.

CVSS3: 7.1
0%
Низкий
около 1 года назад
github логотип
GHSA-3f85-ch4h-849r

In the Linux kernel, the following vulnerability has been resolved: x86/resctrl: Fix allocation of cleanest CLOSID on platforms with no monitors Commit 6eac36bb9eb0 ("x86/resctrl: Allocate the cleanest CLOSID by searching closid_num_dirty_rmid") added logic that causes resctrl to search for the CLOSID with the fewest dirty cache lines when creating a new control group, if requested by the arch code. This depends on the values read from the llc_occupancy counters. The logic is applicable to architectures where the CLOSID effectively forms part of the monitoring identifier and so do not allow complete freedom to choose an unused monitoring identifier for a given CLOSID. This support missed that some platforms may not have these counters. This causes a NULL pointer dereference when creating a new control group as the array was not allocated by dom_data_init(). As this feature isn't necessary on platforms that don't have cache occupancy monitors, add this to the check that occu...

CVSS3: 5.5
0%
Низкий
10 месяцев назад
github логотип
GHSA-3f85-2f76-jm35

Wordline HIDCCEMonitorSVC before v5.2.4.3 contains an unquoted service path which allows attackers to escalate privileges to the system level.

CVSS3: 7.8
0%
Низкий
почти 4 года назад
github логотип
GHSA-3f84-rpwh-47g6

Waitress vulnerable to DoS leading to high CPU usage/resource exhaustion

CVSS3: 7.5
1%
Низкий
больше 1 года назад
github логотип
GHSA-3f84-j5xw-c967

UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands.

CVSS3: 9.8
5%
Низкий
больше 3 лет назад
github логотип
GHSA-3f84-gf8q-ggcq

IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not invalidate a session upon a logout action, which allows remote attackers to bypass authentication by leveraging an unattended workstation.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3f84-67w6-pvm9

The LDAP bind function in Exchange 5.5 has a buffer overflow that allows a remote attacker to conduct a denial of service or execute commands.

9%
Низкий
почти 4 года назад
github логотип
GHSA-3f83-v3jg-8cf4

PHP remote file inclusion vulnerability in includes/header.php in Groone GLinks 2.1 allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.

3%
Низкий
почти 4 года назад
github логотип
GHSA-3f82-v3qw-53q7

Passwords transmitted in plain text by Jenkins Stash Branch Parameter Plugin

CVSS3: 3.1
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3f7x-wq77-2867

Directory traversal vulnerability in navigator/navigator_ok.php in Pagode 0.5.8 allows remote attackers to read and possibly delete arbitrary files via a .. (dot dot) in the asolute parameter.

8%
Низкий
почти 4 года назад
github логотип
GHSA-3f7x-wmqw-jp3f

In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310805; Issue ID: ALPS07310805.

CVSS3: 6.7
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3f7x-rf2q-c7q4

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability than CVE-2014-3804 and CVE-2014-3805.

14%
Средний
больше 3 лет назад
github логотип
GHSA-3f7x-qm4p-6qjv

cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577).

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3f7x-cmp2-m6m3

An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of input validation in calls to eb_div in sr_port/eb_muldiv.c allows attackers to crash the application by performing a divide by zero.

CVSS3: 7.5
0%
Низкий
почти 4 года назад
github логотип
GHSA-3f7x-84v6-xqm2

Missing Authorization vulnerability in Xfinity Soft Content Cloner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Content Cloner: from n/a through 1.0.1.

CVSS3: 4.3
0%
Низкий
около 1 года назад

Уязвимостей на страницу