Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-323m-j8jx-g8pq

больше 2 лет назад

Ericsson Network Manager (ENM), versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect HTTP Header Injection can lead to redirection of the submitted request to domain out of control of ENM deployment. The attacker would need admin/elevated access to exploit the vulnerability

CVSS3: 4.8
EPSS: Низкий
github логотип

GHSA-323m-cw2j-43x4

больше 3 лет назад

XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=file&targetObjId=fileFolder-2&targetObjIdChild=[XSS] attack.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-323h-xxg4-72gc

26 дней назад

Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVSS3: 8.4
EPSS: Низкий
github логотип

GHSA-323h-xv5h-r9j9

больше 3 лет назад

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-323h-r7fc-3rm2

6 месяцев назад

Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel Fluent Support allows Cross Site Request Forgery. This issue affects Fluent Support: from n/a through 1.9.1.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-323f-mg66-x3jg

почти 3 года назад

The Widgets on Pages WordPress plugin through 1.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-3239-92hh-5wpq

больше 3 лет назад

On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 a domain name cached within the DNS Cache of TMM may continue to be resolved by the cache even after the parent server revokes the record, if the DNS Cache is receiving a stream of requests for the cached name.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-3238-v6wp-xx67

около 1 года назад

An issue in the atom_get_int component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3238-3xx2-28gw

больше 3 лет назад

Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug.

EPSS: Низкий
github логотип

GHSA-3237-qqm7-mfv7

около 2 месяцев назад

Information Leak of Memory in getimagesize

EPSS: Низкий
github логотип

GHSA-3237-mfpp-3f69

почти 4 года назад

Multiple SQL injection vulnerabilities in index.php in Pirates of The Caribbean in the E-Gold Game Series allow remote attackers to execute arbitrary SQL commands via the (1) x and (2) y parameters.

EPSS: Низкий
github логотип

GHSA-3236-525j-98r4

больше 3 лет назад

The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file.

EPSS: Низкий
github логотип

GHSA-3233-rgx3-c2wh

больше 7 лет назад

Moderate severity vulnerability that affects mustache

EPSS: Низкий
github логотип

GHSA-3233-8p6g-fxq5

почти 4 года назад

Foreman before 1.1 allows remote attackers to execute arbitrary code via a crafted YAML object to the (1) fact or (2) report import API.

EPSS: Низкий
github логотип

GHSA-3232-c8xr-84gw

больше 3 лет назад

The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files.

EPSS: Низкий
github логотип

GHSA-322x-jv5h-cvjh

больше 3 лет назад

Jenkins Ansible Plugin man in the middle vulnerability

CVSS3: 5.6
EPSS: Низкий
github логотип

GHSA-322w-f24m-rgpr

больше 3 лет назад

Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-322v-vh2g-qvpv

10 месяцев назад

Mattermost Fails to Restrict Certain Operations on System Admins

CVSS3: 4.7
EPSS: Низкий
github логотип

GHSA-322v-p3jc-7hrg

почти 4 года назад

Cross-Site Request Forgery in Anchor CMS

CVSS3: 4.5
EPSS: Низкий
github логотип

GHSA-322v-gpc6-pf9f

около 1 года назад

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 41736.

CVSS3: 5.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-323m-j8jx-g8pq

Ericsson Network Manager (ENM), versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect HTTP Header Injection can lead to redirection of the submitted request to domain out of control of ENM deployment. The attacker would need admin/elevated access to exploit the vulnerability

CVSS3: 4.8
0%
Низкий
больше 2 лет назад
github логотип
GHSA-323m-cw2j-43x4

XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=file&targetObjId=fileFolder-2&targetObjIdChild=[XSS] attack.

CVSS3: 6.1
0%
Низкий
больше 3 лет назад
github логотип
GHSA-323h-xxg4-72gc

Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVSS3: 8.4
0%
Низкий
26 дней назад
github логотип
GHSA-323h-xv5h-r9j9

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-323h-r7fc-3rm2

Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel Fluent Support allows Cross Site Request Forgery. This issue affects Fluent Support: from n/a through 1.9.1.

CVSS3: 4.3
0%
Низкий
6 месяцев назад
github логотип
GHSA-323f-mg66-x3jg

The Widgets on Pages WordPress plugin through 1.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

CVSS3: 5.4
1%
Низкий
почти 3 года назад
github логотип
GHSA-3239-92hh-5wpq

On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 a domain name cached within the DNS Cache of TMM may continue to be resolved by the cache even after the parent server revokes the record, if the DNS Cache is receiving a stream of requests for the cached name.

CVSS3: 5.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3238-v6wp-xx67

An issue in the atom_get_int component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVSS3: 7.5
0%
Низкий
около 1 года назад
github логотип
GHSA-3238-3xx2-28gw

Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3237-qqm7-mfv7

Information Leak of Memory in getimagesize

0%
Низкий
около 2 месяцев назад
github логотип
GHSA-3237-mfpp-3f69

Multiple SQL injection vulnerabilities in index.php in Pirates of The Caribbean in the E-Gold Game Series allow remote attackers to execute arbitrary SQL commands via the (1) x and (2) y parameters.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3236-525j-98r4

The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3233-rgx3-c2wh

Moderate severity vulnerability that affects mustache

больше 7 лет назад
github логотип
GHSA-3233-8p6g-fxq5

Foreman before 1.1 allows remote attackers to execute arbitrary code via a crafted YAML object to the (1) fact or (2) report import API.

3%
Низкий
почти 4 года назад
github логотип
GHSA-3232-c8xr-84gw

The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-322x-jv5h-cvjh

Jenkins Ansible Plugin man in the middle vulnerability

CVSS3: 5.6
0%
Низкий
больше 3 лет назад
github логотип
GHSA-322w-f24m-rgpr

Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-322v-vh2g-qvpv

Mattermost Fails to Restrict Certain Operations on System Admins

CVSS3: 4.7
0%
Низкий
10 месяцев назад
github логотип
GHSA-322v-p3jc-7hrg

Cross-Site Request Forgery in Anchor CMS

CVSS3: 4.5
0%
Низкий
почти 4 года назад
github логотип
GHSA-322v-gpc6-pf9f

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 41736.

CVSS3: 5.5
0%
Низкий
около 1 года назад

Уязвимостей на страницу