Количество 312 573
Количество 312 573
GHSA-36j6-7qfp-m37f
Muslim Matrimonial Script 3.02 has SQL Injection via the success-story.php succid parameter.
GHSA-36j5-qc55-8r3p
Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to modify the other users profiles via unspecified vectors.
GHSA-36j5-fm62-h365
Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Nextend Smart Slider 3 plugin <= 3.5.1.9 versions.
GHSA-36j5-c4mc-2jx6
Buffer overflow in MTink in the printer-filters-utils package allows local users to execute arbitrary code via a long HOME environment variable.
GHSA-36j4-jjhr-3m5r
SAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information. The attacker could obtain the username and password when creating an RFC destination. After successful exploitation, an attacker can read the sensitive information but cannot modify or delete the data.
GHSA-36j3-xxf7-4pqg
Android WebView Universal Cross-site Scripting
GHSA-36j3-pwc5-6487
Buffer overflow in rpc.yppasswdd (yppasswd server) in AIX allows attackers to gain unauthorized access via a long string. NOTE: due to lack of details in the vendor advisory, it is not clear if this is the same issue as CVE-2001-0779.
GHSA-36j3-2772-j983
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Fancy Text', 'Filter Gallery', 'Sticky Video', 'Content Ticker', 'Woo Product Gallery', & 'Twitter Feed' widgets in all versions up to, and including, 5.9.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
GHSA-36hw-x3cc-m258
Magento Improper Access Control vulnerability
GHSA-36hw-4hmf-h6cg
SQL injection vulnerability in the web application in Farol allows remote attackers to execute arbitrary SQL commands via the email parameter to tkmonitor/estrutura/login/Login.actions.php.
GHSA-36hv-fqvj-3wq3
The PMA_Bookmark_get function in libraries/bookmark.lib.php in phpMyAdmin 2.11.x before 2.11.11.3, and 3.3.x before 3.3.9.2, does not properly restrict bookmark queries, which makes it easier for remote authenticated users to trigger another user's execution of a SQL query by creating a bookmark.
GHSA-36hv-f25w-387h
The WordPress Slider Block Gutenslider plugin before 5.2.0 does not escape the minWidth attribute of a Gutenburg block, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks
GHSA-36hv-3xjg-vwph
A vulnerability, which was classified as critical, was found in PHPGurukul Cyber Cafe Management System 1.0. This affects an unknown part of the file /adminprofile.php. The manipulation of the argument mobilenumber leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
GHSA-36hr-2pgw-4595
Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain access to the application database.
GHSA-36hq-xx3q-26mm
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the gre_ip and the gre_mask variables.
GHSA-36hq-v2fc-rpqp
Jenkins Folders Plugin information disclosure vulnerability
GHSA-36hq-fr9w-frm9
Cross-site scripting (XSS) vulnerability in the admin-login panel (admin/index.cgi) in Cosmoshop allows remote attackers to inject arbitrary web script or HTML via the username field (u_name parameter).
GHSA-36hp-jr8h-556f
Authentication Bypass
GHSA-36hp-4x3g-phrg
Apache Tomcat's CookieExample Vulnerable to XSS
GHSA-36hm-qxxp-pg3m
Preact has JSON VNode Injection issue
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-36j6-7qfp-m37f Muslim Matrimonial Script 3.02 has SQL Injection via the success-story.php succid parameter. | CVSS3: 9.8 | 3% Низкий | больше 3 лет назад | |
GHSA-36j5-qc55-8r3p Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to modify the other users profiles via unspecified vectors. | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад | |
GHSA-36j5-fm62-h365 Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Nextend Smart Slider 3 plugin <= 3.5.1.9 versions. | CVSS3: 5.4 | 0% Низкий | почти 3 года назад | |
GHSA-36j5-c4mc-2jx6 Buffer overflow in MTink in the printer-filters-utils package allows local users to execute arbitrary code via a long HOME environment variable. | 1% Низкий | почти 4 года назад | ||
GHSA-36j4-jjhr-3m5r SAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information. The attacker could obtain the username and password when creating an RFC destination. After successful exploitation, an attacker can read the sensitive information but cannot modify or delete the data. | CVSS3: 6 | 0% Низкий | больше 1 года назад | |
GHSA-36j3-xxf7-4pqg Android WebView Universal Cross-site Scripting | CVSS3: 6.5 | 1% Низкий | больше 5 лет назад | |
GHSA-36j3-pwc5-6487 Buffer overflow in rpc.yppasswdd (yppasswd server) in AIX allows attackers to gain unauthorized access via a long string. NOTE: due to lack of details in the vendor advisory, it is not clear if this is the same issue as CVE-2001-0779. | 1% Низкий | почти 4 года назад | ||
GHSA-36j3-2772-j983 The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Fancy Text', 'Filter Gallery', 'Sticky Video', 'Content Ticker', 'Woo Product Gallery', & 'Twitter Feed' widgets in all versions up to, and including, 5.9.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | CVSS3: 6.4 | 0% Низкий | больше 1 года назад | |
GHSA-36hw-x3cc-m258 Magento Improper Access Control vulnerability | CVSS3: 8.1 | 0% Низкий | 12 месяцев назад | |
GHSA-36hw-4hmf-h6cg SQL injection vulnerability in the web application in Farol allows remote attackers to execute arbitrary SQL commands via the email parameter to tkmonitor/estrutura/login/Login.actions.php. | 1% Низкий | больше 3 лет назад | ||
GHSA-36hv-fqvj-3wq3 The PMA_Bookmark_get function in libraries/bookmark.lib.php in phpMyAdmin 2.11.x before 2.11.11.3, and 3.3.x before 3.3.9.2, does not properly restrict bookmark queries, which makes it easier for remote authenticated users to trigger another user's execution of a SQL query by creating a bookmark. | 3% Низкий | больше 3 лет назад | ||
GHSA-36hv-f25w-387h The WordPress Slider Block Gutenslider plugin before 5.2.0 does not escape the minWidth attribute of a Gutenburg block, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks | 0% Низкий | больше 3 лет назад | ||
GHSA-36hv-3xjg-vwph A vulnerability, which was classified as critical, was found in PHPGurukul Cyber Cafe Management System 1.0. This affects an unknown part of the file /adminprofile.php. The manipulation of the argument mobilenumber leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | CVSS3: 7.3 | 0% Низкий | 9 месяцев назад | |
GHSA-36hr-2pgw-4595 Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain access to the application database. | CVSS3: 7.8 | 0% Низкий | больше 3 лет назад | |
GHSA-36hq-xx3q-26mm Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the gre_ip and the gre_mask variables. | CVSS3: 7.2 | 0% Низкий | больше 2 лет назад | |
GHSA-36hq-v2fc-rpqp Jenkins Folders Plugin information disclosure vulnerability | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад | |
GHSA-36hq-fr9w-frm9 Cross-site scripting (XSS) vulnerability in the admin-login panel (admin/index.cgi) in Cosmoshop allows remote attackers to inject arbitrary web script or HTML via the username field (u_name parameter). | 0% Низкий | больше 3 лет назад | ||
GHSA-36hp-jr8h-556f Authentication Bypass | 94% Критический | почти 5 лет назад | ||
GHSA-36hp-4x3g-phrg Apache Tomcat's CookieExample Vulnerable to XSS | 6% Низкий | почти 4 года назад | ||
GHSA-36hm-qxxp-pg3m Preact has JSON VNode Injection issue | 0% Низкий | около 1 месяца назад |
Уязвимостей на страницу