Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-394w-f725-94hh

около 1 года назад

Missing Authorization vulnerability in Dreamfox Dreamfox Media Payment gateway per Product for Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dreamfox Media Payment gateway per Product for Woocommerce: from n/a through 3.5.6.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-394v-q6vg-27qq

почти 4 года назад

Multiple SQL injection vulnerabilities in changePW.php in AV Tutorial Script (avtutorial) 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) userid parameters, a different issue than CVE-2007-3630.

EPSS: Низкий
github логотип

GHSA-394v-2hqm-x86g

почти 4 года назад

Stack-based buffer overflow in http.c in Karl Dahlke Edbrowse (aka Command line editor browser) 3.1.3 allows remote attackers to execute arbitrary code by operating an FTP server that sends directory listings with (1) long user names or (2) long group names.

EPSS: Низкий
github логотип

GHSA-394r-gpq6-r6fj

больше 3 лет назад

A SQL injection information disclosure vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to disclose sensitive information on vulnerable installations due to a flaw in the formChangePass class. Authentication is required to exploit this vulnerability.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-394q-589m-ppr4

около 3 лет назад

An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r13p0 through r32p0, Bifrost r1p0 through r40p0, and Valhall r19p0 through r40p0.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-394p-wh86-hccq

больше 2 лет назад

A remotely exploitable command injection vulnerability was found on the Kratos NGC-IDU 9.1.0.4. An attacker can execute arbitrary Linux commands as root by sending crafted TCP requests to the device.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-394m-vxwj-363j

почти 2 года назад

YetiForceCRM Directory Traversal vulnerability

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-394j-x37r-2q27

около 3 лет назад

Ibexa DXP users with the Company admin role can assign any role to any user

EPSS: Низкий
github логотип

GHSA-394j-f4pf-g9c3

почти 4 года назад

Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.

EPSS: Низкий
github логотип

GHSA-394g-x62m-8p96

почти 4 года назад

A command injection vulnerability in the function recv_mesh_info_sync of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet.

EPSS: Низкий
github логотип

GHSA-394g-p2rq-jhvm

больше 3 лет назад

internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.

EPSS: Средний
github логотип

GHSA-394g-2wxx-rv2j

около 1 года назад

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 1.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N).

CVSS3: 1.8
EPSS: Низкий
github логотип

GHSA-394f-8grw-xrm8

почти 4 года назад

Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified "code sequences" that bypass the protection scheme.

EPSS: Низкий
github логотип

GHSA-394c-5j6w-4xmx

почти 4 года назад

ua-parser-js Regular Expression Denial of Service vulnerability

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3949-wvqv-jcq4

больше 3 лет назад

A consistency issue existed in deciding when to show the screen recording indicator. The issue was resolved with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2. A local user may be able to record the screen without a visible screen recording indicator.

EPSS: Низкий
github логотип

GHSA-3949-f494-cm99

почти 4 года назад

Cross-site Scripting in Prism

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3949-74rr-85j5

больше 1 года назад

The function "generate_app_certificates" in lib/app_certificates.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious name.

CVSS3: 9.1
EPSS: Низкий
github логотип

GHSA-3948-x4f5-75xx

почти 4 года назад

The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet.

EPSS: Низкий
github логотип

GHSA-3948-p33j-2mqm

около 3 лет назад

Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.

CVSS3: 7.2
EPSS: Низкий
github логотип

GHSA-3947-v5cg-rpwj

12 месяцев назад

The Uncode Core plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.9.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.

CVSS3: 6.3
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-394w-f725-94hh

Missing Authorization vulnerability in Dreamfox Dreamfox Media Payment gateway per Product for Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dreamfox Media Payment gateway per Product for Woocommerce: from n/a through 3.5.6.

CVSS3: 6.1
0%
Низкий
около 1 года назад
github логотип
GHSA-394v-q6vg-27qq

Multiple SQL injection vulnerabilities in changePW.php in AV Tutorial Script (avtutorial) 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) userid parameters, a different issue than CVE-2007-3630.

0%
Низкий
почти 4 года назад
github логотип
GHSA-394v-2hqm-x86g

Stack-based buffer overflow in http.c in Karl Dahlke Edbrowse (aka Command line editor browser) 3.1.3 allows remote attackers to execute arbitrary code by operating an FTP server that sends directory listings with (1) long user names or (2) long group names.

6%
Низкий
почти 4 года назад
github логотип
GHSA-394r-gpq6-r6fj

A SQL injection information disclosure vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to disclose sensitive information on vulnerable installations due to a flaw in the formChangePass class. Authentication is required to exploit this vulnerability.

CVSS3: 6.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-394q-589m-ppr4

An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r13p0 through r32p0, Bifrost r1p0 through r40p0, and Valhall r19p0 through r40p0.

CVSS3: 8.8
0%
Низкий
около 3 лет назад
github логотип
GHSA-394p-wh86-hccq

A remotely exploitable command injection vulnerability was found on the Kratos NGC-IDU 9.1.0.4. An attacker can execute arbitrary Linux commands as root by sending crafted TCP requests to the device.

CVSS3: 9.8
0%
Низкий
больше 2 лет назад
github логотип
GHSA-394m-vxwj-363j

YetiForceCRM Directory Traversal vulnerability

CVSS3: 6.5
0%
Низкий
почти 2 года назад
github логотип
GHSA-394j-x37r-2q27

Ibexa DXP users with the Company admin role can assign any role to any user

около 3 лет назад
github логотип
GHSA-394j-f4pf-g9c3

Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.

2%
Низкий
почти 4 года назад
github логотип
GHSA-394g-x62m-8p96

A command injection vulnerability in the function recv_mesh_info_sync of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet.

4%
Низкий
почти 4 года назад
github логотип
GHSA-394g-p2rq-jhvm

internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.

22%
Средний
больше 3 лет назад
github логотип
GHSA-394g-2wxx-rv2j

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 1.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N).

CVSS3: 1.8
0%
Низкий
около 1 года назад
github логотип
GHSA-394f-8grw-xrm8

Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified "code sequences" that bypass the protection scheme.

1%
Низкий
почти 4 года назад
github логотип
GHSA-394c-5j6w-4xmx

ua-parser-js Regular Expression Denial of Service vulnerability

CVSS3: 7.5
3%
Низкий
почти 4 года назад
github логотип
GHSA-3949-wvqv-jcq4

A consistency issue existed in deciding when to show the screen recording indicator. The issue was resolved with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2. A local user may be able to record the screen without a visible screen recording indicator.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3949-f494-cm99

Cross-site Scripting in Prism

CVSS3: 7.5
0%
Низкий
почти 4 года назад
github логотип
GHSA-3949-74rr-85j5

The function "generate_app_certificates" in lib/app_certificates.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious name.

CVSS3: 9.1
0%
Низкий
больше 1 года назад
github логотип
GHSA-3948-x4f5-75xx

The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3948-p33j-2mqm

Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.

CVSS3: 7.2
1%
Низкий
около 3 лет назад
github логотип
GHSA-3947-v5cg-rpwj

The Uncode Core plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.9.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.

CVSS3: 6.3
0%
Низкий
12 месяцев назад

Уязвимостей на страницу