Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-392p-w329-wxhf

больше 3 лет назад

Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-392p-h7qw-6vx7

больше 3 лет назад

The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouse API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with local administrator privileges. The vulnerability is caused by improper deserialization.

EPSS: Низкий
github логотип

GHSA-392p-62x6-qmrg

почти 4 года назад

Multiple cross-site scripting (XSS) vulnerabilities in XiTi Tracking Script 6 and 7 RC allow remote attackers to inject arbitrary web script or HTML via (1) the xtref parameter in xiti.js and (2) an HTTP Referer header field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

EPSS: Низкий
github логотип

GHSA-392m-pxgq-jvm8

почти 4 года назад

Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin directory, which allows remote attackers to gain sensitive configuration information about the web server by accessing the program.

EPSS: Низкий
github логотип

GHSA-392m-7c7x-9826

около 1 месяца назад

Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.

EPSS: Низкий
github логотип

GHSA-392j-2p2c-c7m3

больше 3 лет назад

A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on the victim's machine. In order to exploit this vulnerability, an attacker requires privileged access on the engineering workstation to modify a Windows registry key which would divert all traffic updates to go through a server in the attacker's possession. A man-in-the-middle attack is then used to complete the exploit.

EPSS: Низкий
github логотип

GHSA-392h-r46j-q24p

около 2 лет назад

OwnCast remote code execution vulnerability

EPSS: Низкий
github логотип

GHSA-392h-pcr9-7j4w

больше 1 года назад

In the Linux kernel, the following vulnerability has been resolved: tracing: Have format file honor EVENT_FILE_FL_FREED When eventfs was introduced, special care had to be done to coordinate the freeing of the file meta data with the files that are exposed to user space. The file meta data would have a ref count that is set when the file is created and would be decremented and freed after the last user that opened the file closed it. When the file meta data was to be freed, it would set a flag (EVENT_FILE_FL_FREED) to denote that the file is freed, and any new references made (like new opens or reads) would fail as it is marked freed. This allowed other meta data to be freed after this flag was set (under the event_mutex). All the files that were dynamically created in the events directory had a pointer to the file meta data and would call event_release() when the last reference to the user space file was closed. This would be the time that it is safe to free the file meta data. ...

CVSS3: 4.7
EPSS: Низкий
github логотип

GHSA-392g-h3h9-82w8

больше 3 лет назад

QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, allows remote authenticated users to gain privileges by registering an executable file, and then waiting for this file to be run in a privileged context after a reboot.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-392c-vjfv-h7wr

около 2 лет назад

Duplicate Advisory: Apache Superset - Elevation of Privilege

CVSS3: 6.3
EPSS: Низкий
github логотип

GHSA-3929-x7hw-wqqf

около 2 лет назад

A vulnerability was found in Beijing Baichuo PatrolFlow 2530Pro up to 20231126. It has been rated as problematic. This issue affects some unknown processing of the file /log/mailsendview.php. The manipulation of the argument file with the input /boot/phpConfig/tb_admin.txt leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247157 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-3926-52rm-j54q

около 4 лет назад

The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms exclusively on the client-side and does not protect authentication attributes sufficiently.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3925-hgw5-wrwv

почти 2 года назад

Cross-Site Scripting (XSS) vulnerability in Hyperion Web Server affecting version 2.0.15. This vulnerability could allow an attacker to execute malicious Javascript code on the client by injecting that code into the URL.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-3925-h58h-pr2m

больше 1 года назад

Memory corruption while handling the PDR in driver for getting the remote heap maps.

CVSS3: 6.7
EPSS: Низкий
github логотип

GHSA-3924-rc4j-fpvm

почти 4 года назад

acroread in Adobe Acrobat Reader 4.05 on Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files.

EPSS: Низкий
github логотип

GHSA-3923-gv2c-8fvh

больше 3 лет назад

SOPlanning 1.45 allows XSS via the Name or Comment to status.php.

EPSS: Низкий
github логотип

GHSA-3923-6jq3-5x25

больше 3 лет назад

The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file.

EPSS: Низкий
github логотип

GHSA-3922-9qpc-xrw2

больше 3 лет назад

Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

EPSS: Низкий
github логотип

GHSA-3922-7hw8-xghx

больше 3 лет назад

Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3922-2r6r-r4fv

10 месяцев назад

MCMS allows arbitrary file uploads in the ueditor component

CVSS3: 9.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-392p-w329-wxhf

Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.

CVSS3: 9.8
1%
Низкий
больше 3 лет назад
github логотип
GHSA-392p-h7qw-6vx7

The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouse API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with local administrator privileges. The vulnerability is caused by improper deserialization.

7%
Низкий
больше 3 лет назад
github логотип
GHSA-392p-62x6-qmrg

Multiple cross-site scripting (XSS) vulnerabilities in XiTi Tracking Script 6 and 7 RC allow remote attackers to inject arbitrary web script or HTML via (1) the xtref parameter in xiti.js and (2) an HTTP Referer header field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

1%
Низкий
почти 4 года назад
github логотип
GHSA-392m-pxgq-jvm8

Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin directory, which allows remote attackers to gain sensitive configuration information about the web server by accessing the program.

0%
Низкий
почти 4 года назад
github логотип
GHSA-392m-7c7x-9826

Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.

около 1 месяца назад
github логотип
GHSA-392j-2p2c-c7m3

A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on the victim's machine. In order to exploit this vulnerability, an attacker requires privileged access on the engineering workstation to modify a Windows registry key which would divert all traffic updates to go through a server in the attacker's possession. A man-in-the-middle attack is then used to complete the exploit.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-392h-r46j-q24p

OwnCast remote code execution vulnerability

2%
Низкий
около 2 лет назад
github логотип
GHSA-392h-pcr9-7j4w

In the Linux kernel, the following vulnerability has been resolved: tracing: Have format file honor EVENT_FILE_FL_FREED When eventfs was introduced, special care had to be done to coordinate the freeing of the file meta data with the files that are exposed to user space. The file meta data would have a ref count that is set when the file is created and would be decremented and freed after the last user that opened the file closed it. When the file meta data was to be freed, it would set a flag (EVENT_FILE_FL_FREED) to denote that the file is freed, and any new references made (like new opens or reads) would fail as it is marked freed. This allowed other meta data to be freed after this flag was set (under the event_mutex). All the files that were dynamically created in the events directory had a pointer to the file meta data and would call event_release() when the last reference to the user space file was closed. This would be the time that it is safe to free the file meta data. ...

CVSS3: 4.7
0%
Низкий
больше 1 года назад
github логотип
GHSA-392g-h3h9-82w8

QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, allows remote authenticated users to gain privileges by registering an executable file, and then waiting for this file to be run in a privileged context after a reboot.

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-392c-vjfv-h7wr

Duplicate Advisory: Apache Superset - Elevation of Privilege

CVSS3: 6.3
около 2 лет назад
github логотип
GHSA-3929-x7hw-wqqf

A vulnerability was found in Beijing Baichuo PatrolFlow 2530Pro up to 20231126. It has been rated as problematic. This issue affects some unknown processing of the file /log/mailsendview.php. The manipulation of the argument file with the input /boot/phpConfig/tb_admin.txt leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247157 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS3: 4.3
0%
Низкий
около 2 лет назад
github логотип
GHSA-3926-52rm-j54q

The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms exclusively on the client-side and does not protect authentication attributes sufficiently.

CVSS3: 9.8
0%
Низкий
около 4 лет назад
github логотип
GHSA-3925-hgw5-wrwv

Cross-Site Scripting (XSS) vulnerability in Hyperion Web Server affecting version 2.0.15. This vulnerability could allow an attacker to execute malicious Javascript code on the client by injecting that code into the URL.

CVSS3: 5.4
0%
Низкий
почти 2 года назад
github логотип
GHSA-3925-h58h-pr2m

Memory corruption while handling the PDR in driver for getting the remote heap maps.

CVSS3: 6.7
0%
Низкий
больше 1 года назад
github логотип
GHSA-3924-rc4j-fpvm

acroread in Adobe Acrobat Reader 4.05 on Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3923-gv2c-8fvh

SOPlanning 1.45 allows XSS via the Name or Comment to status.php.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3923-6jq3-5x25

The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3922-9qpc-xrw2

Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3922-7hw8-xghx

Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.

CVSS3: 8.8
2%
Низкий
больше 3 лет назад
github логотип
GHSA-3922-2r6r-r4fv

MCMS allows arbitrary file uploads in the ueditor component

CVSS3: 9.8
1%
Низкий
10 месяцев назад

Уязвимостей на страницу