Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-3ch6-5gwg-mwhp

около 2 лет назад

A vulnerability, which was classified as problematic, was found in Acritum Femitter Server 1.04. Affected is an unknown function. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250446 is the identifier assigned to this vulnerability.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-3ch5-gfvr-379v

около 3 лет назад

In windows manager service, there is a missing permission check. This could lead to set up windows manager service with no additional execution privileges needed.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3ch5-6956-fx84

почти 4 года назад

freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary files when an error message displays the first line of the target file.

EPSS: Низкий
github логотип

GHSA-3ch4-xrp6-59fq

больше 1 года назад

Authentication Bypass by Spoofing vulnerability in LionScripts IP Blocker Lite allows Functionality Bypass.This issue affects IP Blocker Lite: from n/a through 11.1.1.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-3ch3-r4cj-23mf

больше 3 лет назад

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Enterprise Server). Supported versions that are affected are 2.7, 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3ch3-mpx2-hj74

10 месяцев назад

Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpf_object__init_prog` function of libbpf.

CVSS3: 6.2
EPSS: Низкий
github логотип

GHSA-3ch3-jhc6-5r8x

около 2 лет назад

yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection

CVSS3: 5
EPSS: Низкий
github логотип

GHSA-3ch2-rrhv-gmp9

больше 3 лет назад

Unspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows remote authenticated users to affect availability via vectors related to DML.

EPSS: Низкий
github логотип

GHSA-3ch2-jxxc-v4xf

5 месяцев назад

@akoskm/create-mcp-server-stdio is vulnerable to MCP Server Command Injection through `exec` API

EPSS: Низкий
github логотип

GHSA-3ch2-635c-gvxq

больше 1 года назад

In the Linux kernel, the following vulnerability has been resolved: ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() The debugfs_create_dir() function returns error pointers. It never returns NULL. So use IS_ERR() to check it.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3cgx-ccxm-mmrm

почти 4 года назад

SQL injection vulnerability in dpage.php in YPN PHP Realty allows remote attackers to execute arbitrary SQL commands via the docID parameter.

EPSS: Низкий
github логотип

GHSA-3cgx-5266-6jv3

около 4 лет назад

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX7500 before 1.0.0.72, R6400 before 1.0.1.68, R6900P before 1.3.2.132, R7000 before 1.0.11.116, R7000P before 1.3.2.132, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 before 1.0.4.66, RAX200 before 1.0.3.106, RS400 before 1.5.1.80, XR300 before 1.0.3.68, MK62 before 1.0.6.110, MR60 before 1.0.6.110, R6400v2 before 1.0.4.106, R8000P before 1.4.1.66, RAX20 before 1.0.2.64, RAX45 before 1.0.2.82, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, R6700v3 before 1.0.4.106, R7900P before 1.4.1.66, RAX15 before 1.0.2.64, RAX50 before 1.0.2.82, RAX75 before 1.0.3.106, RBR750 before 3.2.16.22, RBR850 before 3.2.16.22, RBS750 before 3.2.16.22, RBS850 before 3.2.16.22, RBK752 before 3.2.16.22, and RBK852 before 3.2.16.22.

EPSS: Низкий
github логотип

GHSA-3cgx-3q2g-968r

больше 3 лет назад

IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to "Data from Faulting Address controls subsequent Write Address starting at BabaCAD4Image!ShowPlugInOptions+0x000000000004d75b."

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3cgw-hfw7-wc7j

почти 3 года назад

Duplicate Advisory: Grafana Stored Cross-site Scripting vulnerability

CVSS3: 4.8
EPSS: Низкий
github логотип

GHSA-3cgw-4ww7-p4qf

больше 3 лет назад

ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3cgv-5vhw-844m

больше 3 лет назад

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: SQR). Supported versions that are affected are 8.57, 8.58 and 8.59. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

EPSS: Низкий
github логотип

GHSA-3cgv-5jpj-w2g8

больше 3 лет назад

HIWIN Robot System Software version 3.3.21.9869 does not properly address the terminated command source. As a result, an attacker could craft code to disconnect HRSS and the controller and cause a denial-of-service condition.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3cgr-wxhv-h7xw

почти 4 года назад

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both "X509Data" and "KeyValue" children of the "KeyInfo" tag, which when opened caused LibreOffice to verify using the "KeyValue" but to report verification with the unrelated "X509Data" value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3cgq-54vr-vmgj

почти 4 года назад

FreeProxy before 3.92 Build 1626 allows malicious users to cause a denial of service (infinite loop) via a HOST: header with a hostname and port number that refers to the server itself.

EPSS: Низкий
github логотип

GHSA-3cgp-mpf6-c8vw

больше 2 лет назад

An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2, which leads to developers being able to create pipeline schedules on protected branches even if they don't have access to merge

CVSS3: 4.3
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3ch6-5gwg-mwhp

A vulnerability, which was classified as problematic, was found in Acritum Femitter Server 1.04. Affected is an unknown function. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250446 is the identifier assigned to this vulnerability.

CVSS3: 4.3
0%
Низкий
около 2 лет назад
github логотип
GHSA-3ch5-gfvr-379v

In windows manager service, there is a missing permission check. This could lead to set up windows manager service with no additional execution privileges needed.

CVSS3: 7.8
0%
Низкий
около 3 лет назад
github логотип
GHSA-3ch5-6956-fx84

freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary files when an error message displays the first line of the target file.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3ch4-xrp6-59fq

Authentication Bypass by Spoofing vulnerability in LionScripts IP Blocker Lite allows Functionality Bypass.This issue affects IP Blocker Lite: from n/a through 11.1.1.

CVSS3: 5.3
0%
Низкий
больше 1 года назад
github логотип
GHSA-3ch3-r4cj-23mf

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Enterprise Server). Supported versions that are affected are 2.7, 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

CVSS3: 7.5
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3ch3-mpx2-hj74

Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpf_object__init_prog` function of libbpf.

CVSS3: 6.2
0%
Низкий
10 месяцев назад
github логотип
GHSA-3ch3-jhc6-5r8x

yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection

CVSS3: 5
0%
Низкий
около 2 лет назад
github логотип
GHSA-3ch2-rrhv-gmp9

Unspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows remote authenticated users to affect availability via vectors related to DML.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3ch2-jxxc-v4xf

@akoskm/create-mcp-server-stdio is vulnerable to MCP Server Command Injection through `exec` API

0%
Низкий
5 месяцев назад
github логотип
GHSA-3ch2-635c-gvxq

In the Linux kernel, the following vulnerability has been resolved: ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() The debugfs_create_dir() function returns error pointers. It never returns NULL. So use IS_ERR() to check it.

CVSS3: 5.5
больше 1 года назад
github логотип
GHSA-3cgx-ccxm-mmrm

SQL injection vulnerability in dpage.php in YPN PHP Realty allows remote attackers to execute arbitrary SQL commands via the docID parameter.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3cgx-5266-6jv3

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX7500 before 1.0.0.72, R6400 before 1.0.1.68, R6900P before 1.3.2.132, R7000 before 1.0.11.116, R7000P before 1.3.2.132, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 before 1.0.4.66, RAX200 before 1.0.3.106, RS400 before 1.5.1.80, XR300 before 1.0.3.68, MK62 before 1.0.6.110, MR60 before 1.0.6.110, R6400v2 before 1.0.4.106, R8000P before 1.4.1.66, RAX20 before 1.0.2.64, RAX45 before 1.0.2.82, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, R6700v3 before 1.0.4.106, R7900P before 1.4.1.66, RAX15 before 1.0.2.64, RAX50 before 1.0.2.82, RAX75 before 1.0.3.106, RBR750 before 3.2.16.22, RBR850 before 3.2.16.22, RBS750 before 3.2.16.22, RBS850 before 3.2.16.22, RBK752 before 3.2.16.22, and RBK852 before 3.2.16.22.

2%
Низкий
около 4 лет назад
github логотип
GHSA-3cgx-3q2g-968r

IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to "Data from Faulting Address controls subsequent Write Address starting at BabaCAD4Image!ShowPlugInOptions+0x000000000004d75b."

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3cgw-hfw7-wc7j

Duplicate Advisory: Grafana Stored Cross-site Scripting vulnerability

CVSS3: 4.8
почти 3 года назад
github логотип
GHSA-3cgw-4ww7-p4qf

ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c.

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3cgv-5vhw-844m

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: SQR). Supported versions that are affected are 8.57, 8.58 and 8.59. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3cgv-5jpj-w2g8

HIWIN Robot System Software version 3.3.21.9869 does not properly address the terminated command source. As a result, an attacker could craft code to disconnect HRSS and the controller and cause a denial-of-service condition.

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3cgr-wxhv-h7xw

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both "X509Data" and "KeyValue" children of the "KeyInfo" tag, which when opened caused LibreOffice to verify using the "KeyValue" but to report verification with the unrelated "X509Data" value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5.

CVSS3: 7.5
0%
Низкий
почти 4 года назад
github логотип
GHSA-3cgq-54vr-vmgj

FreeProxy before 3.92 Build 1626 allows malicious users to cause a denial of service (infinite loop) via a HOST: header with a hostname and port number that refers to the server itself.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3cgp-mpf6-c8vw

An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2, which leads to developers being able to create pipeline schedules on protected branches even if they don't have access to merge

CVSS3: 4.3
0%
Низкий
больше 2 лет назад

Уязвимостей на страницу