Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-32q5-2wwg-3v4v

больше 1 года назад

The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uu_fetch_sharecounts function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-32q4-86g8-6637

около 2 лет назад

Stored Cross Site Scripting in beetl-bbs

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-32q4-6g3f-wq36

больше 1 года назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS allows Stored XSS.This issue affects WP SMS: from n/a through 6.5.1.

CVSS3: 5.9
EPSS: Низкий
github логотип

GHSA-32q2-gv5x-j2pp

больше 3 лет назад

Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation of Privileges (takeover of administrator account).

EPSS: Низкий
github логотип

GHSA-32px-xrqr-6c5g

5 месяцев назад

The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized limited plugin install due to a missing capability check on the 'blaze_demo_importer_install_plugin' function in all versions up to, and including, 1.0.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate a limited number of specific plugins. The News Kit Elementor Addons plugin and a BlazeThemes theme must be installed and activated in order to exploit the vulnerability.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-32px-gjp5-9f34

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin 2.8.26 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit_time parameter in the CF7DBPluginSubmissions page to wp-admin/admin.php.

EPSS: Низкий
github логотип

GHSA-32pw-pqgj-75hm

больше 3 лет назад

Adobe Animate version 21.0.6 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

EPSS: Низкий
github логотип

GHSA-32pv-q2cq-cp4v

около 3 лет назад

A vulnerability classified as critical was found in Movie Ticket Booking System. This vulnerability affects unknown code of the file booking.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214624.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-32pv-j8mv-f3hg

больше 3 лет назад

Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 do not properly handle Office Art containers that have invalid records, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PowerPoint document with a container that triggers certain access to an uninitialized object, aka "OfficeArt Atom RCE Vulnerability."

EPSS: Средний
github логотип

GHSA-32pr-wg5j-9rwr

больше 3 лет назад

A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-32pr-mxf9-qhx8

больше 2 лет назад

Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to improper input validation of user input to the service_start, service_stop, and service_restart modules of the software. This could allow an attacker to start, stop, or restart arbitrary services running on the server.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-32pr-fhrf-3qp7

больше 3 лет назад

Use after free in WebRTC in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

EPSS: Низкий
github логотип

GHSA-32pr-8mxp-r53q

больше 3 лет назад

VMware Workstation (16.x prior to 16.2.4) contains an unprotected storage of credentials vulnerability. A malicious actor with local user privileges to the victim machine may exploit this vulnerability leading to the disclosure of user passwords of the remote server connected through VMware Workstation.

CVSS3: 5.9
EPSS: Низкий
github логотип

GHSA-32pq-c6vh-9cq5

больше 2 лет назад

Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions.

CVSS3: 8.4
EPSS: Низкий
github логотип

GHSA-32pp-737v-fvr3

больше 3 лет назад

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.

EPSS: Низкий
github логотип

GHSA-32pp-2qph-whhh

почти 3 года назад

A vulnerability was found in novel-plus 3.6.2. It has been classified as critical. This affects an unknown part of the file /common/sysFile/list. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223737 was assigned to this vulnerability.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-32pm-mq37-w9xm

больше 1 года назад

The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions like export_forms(), import_forms(), update_fb_options(), and many more in all versions up to, and including, 3.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify forms and various other settings.

CVSS3: 6.3
EPSS: Низкий
github логотип

GHSA-32pm-63j6-22qc

около 1 года назад

Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote Mouse Server by Emote Interactive can be abused by attackers to inject OS commands over theproduct's custom control protocol. A Metasploit module was written and tested against version 4.110, the current version when this CVE was reserved.

CVSS3: 9.8
EPSS: Средний
github логотип

GHSA-32pj-3qhw-8xrh

8 месяцев назад

A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /script/academic/division-system of the component Division System Page. The manipulation of the argument Division leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 2.4
EPSS: Низкий
github логотип

GHSA-32ph-rfjm-xcxh

около 3 лет назад

An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.

CVSS3: 8.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-32q5-2wwg-3v4v

The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uu_fetch_sharecounts function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

CVSS3: 9.8
1%
Низкий
больше 1 года назад
github логотип
GHSA-32q4-86g8-6637

Stored Cross Site Scripting in beetl-bbs

CVSS3: 5.4
0%
Низкий
около 2 лет назад
github логотип
GHSA-32q4-6g3f-wq36

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS allows Stored XSS.This issue affects WP SMS: from n/a through 6.5.1.

CVSS3: 5.9
0%
Низкий
больше 1 года назад
github логотип
GHSA-32q2-gv5x-j2pp

Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation of Privileges (takeover of administrator account).

2%
Низкий
больше 3 лет назад
github логотип
GHSA-32px-xrqr-6c5g

The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized limited plugin install due to a missing capability check on the 'blaze_demo_importer_install_plugin' function in all versions up to, and including, 1.0.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate a limited number of specific plugins. The News Kit Elementor Addons plugin and a BlazeThemes theme must be installed and activated in order to exploit the vulnerability.

CVSS3: 4.3
0%
Низкий
5 месяцев назад
github логотип
GHSA-32px-gjp5-9f34

Cross-site scripting (XSS) vulnerability in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin 2.8.26 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit_time parameter in the CF7DBPluginSubmissions page to wp-admin/admin.php.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-32pw-pqgj-75hm

Adobe Animate version 21.0.6 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

9%
Низкий
больше 3 лет назад
github логотип
GHSA-32pv-q2cq-cp4v

A vulnerability classified as critical was found in Movie Ticket Booking System. This vulnerability affects unknown code of the file booking.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214624.

CVSS3: 9.8
0%
Низкий
около 3 лет назад
github логотип
GHSA-32pv-j8mv-f3hg

Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 do not properly handle Office Art containers that have invalid records, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PowerPoint document with a container that triggers certain access to an uninitialized object, aka "OfficeArt Atom RCE Vulnerability."

64%
Средний
больше 3 лет назад
github логотип
GHSA-32pr-wg5j-9rwr

A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-32pr-mxf9-qhx8

Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to improper input validation of user input to the service_start, service_stop, and service_restart modules of the software. This could allow an attacker to start, stop, or restart arbitrary services running on the server.

CVSS3: 6.5
0%
Низкий
больше 2 лет назад
github логотип
GHSA-32pr-fhrf-3qp7

Use after free in WebRTC in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

2%
Низкий
больше 3 лет назад
github логотип
GHSA-32pr-8mxp-r53q

VMware Workstation (16.x prior to 16.2.4) contains an unprotected storage of credentials vulnerability. A malicious actor with local user privileges to the victim machine may exploit this vulnerability leading to the disclosure of user passwords of the remote server connected through VMware Workstation.

CVSS3: 5.9
0%
Низкий
больше 3 лет назад
github логотип
GHSA-32pq-c6vh-9cq5

Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions.

CVSS3: 8.4
0%
Низкий
больше 2 лет назад
github логотип
GHSA-32pp-737v-fvr3

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-32pp-2qph-whhh

A vulnerability was found in novel-plus 3.6.2. It has been classified as critical. This affects an unknown part of the file /common/sysFile/list. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223737 was assigned to this vulnerability.

CVSS3: 8.8
0%
Низкий
почти 3 года назад
github логотип
GHSA-32pm-mq37-w9xm

The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions like export_forms(), import_forms(), update_fb_options(), and many more in all versions up to, and including, 3.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify forms and various other settings.

CVSS3: 6.3
0%
Низкий
больше 1 года назад
github логотип
GHSA-32pm-63j6-22qc

Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote Mouse Server by Emote Interactive can be abused by attackers to inject OS commands over theproduct's custom control protocol. A Metasploit module was written and tested against version 4.110, the current version when this CVE was reserved.

CVSS3: 9.8
58%
Средний
около 1 года назад
github логотип
GHSA-32pj-3qhw-8xrh

A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /script/academic/division-system of the component Division System Page. The manipulation of the argument Division leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 2.4
0%
Низкий
8 месяцев назад
github логотип
GHSA-32ph-rfjm-xcxh

An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.

CVSS3: 8.8
0%
Низкий
около 3 лет назад

Уязвимостей на страницу