Количество 312 573
Количество 312 573
GHSA-32ph-p8jx-rv5r
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter.
GHSA-32pg-9428-4x59
An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the update API documentation feature of the API Publisher.
GHSA-32pg-5795-jh5m
Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse.
GHSA-32pf-q5pw-hg4f
radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section.
GHSA-32pf-5hm5-f9mf
Multiple cross-site scripting (XSS) vulnerabilities in Activities pages in the Mobile subsystem in IBM Lotus Connections 2.5.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
GHSA-32pc-xphx-q4f6
Gunicorn contains Improper Neutralization of CRLF sequences in HTTP headers
GHSA-32pc-g2wc-v836
NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue for a critical function by an adjacent network . A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering.
GHSA-32p9-x7g8-8m43
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
GHSA-32p9-vr87-6gx3
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_first_name' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about arbitrary form submissions, including the submitter's first name.
GHSA-32p9-v6w3-v6fj
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file upload process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained and/or altered or arbitrary code may be executed by a crafted HTTP request to specific functions of the product from a device connected to the LAN side.
GHSA-32p9-9c2j-m88v
PHP remote file inclusion vulnerability in plugins/main.php in Php AMX 0.9.0, when register_globals is enabled or magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plug_path parameter.
GHSA-32p9-664j-q6j6
libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.
GHSA-32p8-xhh6-v239
SQL injection vulnerability in index.php in the Quiz (com_quiz) 0.81 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a user_tst_shw action.
GHSA-32p8-qq6w-3v8c
Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++.
GHSA-32p7-7q74-w9jv
An issue found in DepositGame v.1.0 allows an attacker to gain sensitive information via the GetBonusWithdraw and withdraw functions.
GHSA-32p5-w624-64gp
A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.49_multi_TDE01. Affected by this issue is the function formSetDeviceName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252128. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
GHSA-32p5-cp5f-35r6
Rejected reason: NON Security Issue.
GHSA-32p4-jg2m-x4r7
Directory traversal vulnerability in phprocketaddin in Total PC Solutions PHP Rocket Add-in for FrontPage 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.
GHSA-32p4-jcjv-28cx
add_bookmark.php in Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to add arbitrary bookmarks as other users using a modified auth_user_id parameter.
GHSA-32p4-gm2c-wmch
ansible-core Incorrect Authorization vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-32ph-p8jx-rv5r CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter. | CVSS3: 4.8 | 0% Низкий | больше 3 лет назад | |
GHSA-32pg-9428-4x59 An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the update API documentation feature of the API Publisher. | 1% Низкий | больше 3 лет назад | ||
GHSA-32pg-5795-jh5m Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse. | 0% Низкий | почти 4 года назад | ||
GHSA-32pf-q5pw-hg4f radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section. | 0% Низкий | больше 3 лет назад | ||
GHSA-32pf-5hm5-f9mf Multiple cross-site scripting (XSS) vulnerabilities in Activities pages in the Mobile subsystem in IBM Lotus Connections 2.5.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 0% Низкий | почти 4 года назад | ||
GHSA-32pc-xphx-q4f6 Gunicorn contains Improper Neutralization of CRLF sequences in HTTP headers | CVSS3: 7.5 | 1% Низкий | больше 7 лет назад | |
GHSA-32pc-g2wc-v836 NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue for a critical function by an adjacent network . A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering. | CVSS3: 6.8 | 0% Низкий | около 2 лет назад | |
GHSA-32p9-x7g8-8m43 Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | CVSS3: 5.4 | 0% Низкий | 8 месяцев назад | |
GHSA-32p9-vr87-6gx3 The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_first_name' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about arbitrary form submissions, including the submitter's first name. | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад | |
GHSA-32p9-v6w3-v6fj Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file upload process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained and/or altered or arbitrary code may be executed by a crafted HTTP request to specific functions of the product from a device connected to the LAN side. | CVSS3: 8.8 | 1% Низкий | 11 месяцев назад | |
GHSA-32p9-9c2j-m88v PHP remote file inclusion vulnerability in plugins/main.php in Php AMX 0.9.0, when register_globals is enabled or magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plug_path parameter. | 9% Низкий | почти 4 года назад | ||
GHSA-32p9-664j-q6j6 libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF. | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад | |
GHSA-32p8-xhh6-v239 SQL injection vulnerability in index.php in the Quiz (com_quiz) 0.81 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a user_tst_shw action. | 0% Низкий | почти 4 года назад | ||
GHSA-32p8-qq6w-3v8c Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++. | CVSS3: 7.8 | 0% Низкий | больше 3 лет назад | |
GHSA-32p7-7q74-w9jv An issue found in DepositGame v.1.0 allows an attacker to gain sensitive information via the GetBonusWithdraw and withdraw functions. | CVSS3: 9.1 | 0% Низкий | почти 3 года назад | |
GHSA-32p5-w624-64gp A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.49_multi_TDE01. Affected by this issue is the function formSetDeviceName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252128. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS3: 4.7 | 0% Низкий | около 2 лет назад | |
GHSA-32p5-cp5f-35r6 Rejected reason: NON Security Issue. | около 2 лет назад | |||
GHSA-32p4-jg2m-x4r7 Directory traversal vulnerability in phprocketaddin in Total PC Solutions PHP Rocket Add-in for FrontPage 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. | 2% Низкий | почти 4 года назад | ||
GHSA-32p4-jcjv-28cx add_bookmark.php in Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to add arbitrary bookmarks as other users using a modified auth_user_id parameter. | 0% Низкий | почти 4 года назад | ||
GHSA-32p4-gm2c-wmch ansible-core Incorrect Authorization vulnerability | CVSS3: 6.3 | 0% Низкий | больше 1 года назад |
Уязвимостей на страницу