Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-2x8c-h7r9-r6m6

больше 2 лет назад

A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.

CVSS3: 4.4
EPSS: Низкий
github логотип

GHSA-2x8c-95vh-gfv4

больше 1 года назад

A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().

CVSS3: 8.1
EPSS: Средний
github логотип

GHSA-2x8c-44r6-p2vp

больше 3 лет назад

Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-2x89-ff84-h28p

больше 2 лет назад

Windows GDI Elevation of Privilege Vulnerability

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2x87-6fxf-hx78

больше 3 лет назад

A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette NateMail 3.0.15 allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note that this array is keyed via integers by default, so any string input will be invalid.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-2x86-mm52-25f7

почти 3 года назад

Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2x85-fgw5-6c92

больше 3 лет назад

Unspecified vulnerability in the PeopleSoft Enterprise Portal - Interaction Hub component in Oracle PeopleSoft Products 9.1.00 allows remote authenticated users to affect integrity via unknown vectors related to Enterprise Portal.

EPSS: Низкий
github логотип

GHSA-2x85-3pxc-c227

больше 3 лет назад

The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect use of a signed integer.

EPSS: Низкий
github логотип

GHSA-2x84-7422-962r

больше 3 лет назад

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2x84-5f93-3cpg

больше 3 лет назад

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2x84-5cch-m2hj

больше 1 года назад

A vulnerability, which was classified as critical, has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. This issue affects the function delete_users of the file /classes/Users.php?f=delete. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268139.

CVSS3: 6.3
EPSS: Низкий
github логотип

GHSA-2x83-r56g-cv47

больше 7 лет назад

Improper certificate validation in org.apache.httpcomponents:httpclient

EPSS: Низкий
github логотип

GHSA-2x83-cpgr-4rhm

почти 4 года назад

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows administrators to cause a denial of service by modifying the SIP_AUTHENTICATE_SCHEME value to force authentication of incoming calls, which does not notify the user when an authentication failure occurs.

EPSS: Низкий
github логотип

GHSA-2x7x-86wq-p8fq

около 2 лет назад

Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2x7x-7j2m-xw86

около 1 года назад

A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file partview.php. The manipulation of the argument typeid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 6.3
EPSS: Низкий
github логотип

GHSA-2x7x-45v7-xmvx

больше 3 лет назад

Multiple cross-site request forgery (CSRF) vulnerabilities in Kasseler CMS before 2 r1232 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) groups[] parameter in a send action in the sendmail module or (2) query parameter in a sql_query action in the database module to admin.php, related to CVE-2013-3727.

EPSS: Низкий
github логотип

GHSA-2x7v-w2mv-f3rx

больше 4 лет назад

Improper Authentication in Atlassian Connect Spring Boot

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2x7v-rvcm-4cxf

больше 2 лет назад

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the auth/auth.php resource does not validate the characters received and they are sent unfiltered to the database.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2x7r-m54m-f2pf

больше 2 лет назад

The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site, leading to Remote Code Execution.

CVSS3: 8.8
EPSS: Средний
github логотип

GHSA-2x7r-f4jf-gfj5

3 месяца назад

Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Image Alt Text Generator for WP: from n/a through <= 1.1.5.

CVSS3: 8.2
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2x8c-h7r9-r6m6

A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.

CVSS3: 4.4
0%
Низкий
больше 2 лет назад
github логотип
GHSA-2x8c-95vh-gfv4

A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().

CVSS3: 8.1
26%
Средний
больше 1 года назад
github логотип
GHSA-2x8c-44r6-p2vp

Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455.

CVSS3: 6.1
3%
Низкий
больше 3 лет назад
github логотип
GHSA-2x89-ff84-h28p

Windows GDI Elevation of Privilege Vulnerability

CVSS3: 7.8
0%
Низкий
больше 2 лет назад
github логотип
GHSA-2x87-6fxf-hx78

A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette NateMail 3.0.15 allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note that this array is keyed via integers by default, so any string input will be invalid.

CVSS3: 6.1
6%
Низкий
больше 3 лет назад
github логотип
GHSA-2x86-mm52-25f7

Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVSS3: 8.8
1%
Низкий
почти 3 года назад
github логотип
GHSA-2x85-fgw5-6c92

Unspecified vulnerability in the PeopleSoft Enterprise Portal - Interaction Hub component in Oracle PeopleSoft Products 9.1.00 allows remote authenticated users to affect integrity via unknown vectors related to Enterprise Portal.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2x85-3pxc-c227

The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect use of a signed integer.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2x84-7422-962r

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2x84-5f93-3cpg

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVSS3: 8.8
1%
Низкий
больше 3 лет назад
github логотип
GHSA-2x84-5cch-m2hj

A vulnerability, which was classified as critical, has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. This issue affects the function delete_users of the file /classes/Users.php?f=delete. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268139.

CVSS3: 6.3
0%
Низкий
больше 1 года назад
github логотип
GHSA-2x83-r56g-cv47

Improper certificate validation in org.apache.httpcomponents:httpclient

1%
Низкий
больше 7 лет назад
github логотип
GHSA-2x83-cpgr-4rhm

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows administrators to cause a denial of service by modifying the SIP_AUTHENTICATE_SCHEME value to force authentication of incoming calls, which does not notify the user when an authentication failure occurs.

0%
Низкий
почти 4 года назад
github логотип
GHSA-2x7x-86wq-p8fq

Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management.

CVSS3: 8.8
0%
Низкий
около 2 лет назад
github логотип
GHSA-2x7x-7j2m-xw86

A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file partview.php. The manipulation of the argument typeid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 6.3
0%
Низкий
около 1 года назад
github логотип
GHSA-2x7x-45v7-xmvx

Multiple cross-site request forgery (CSRF) vulnerabilities in Kasseler CMS before 2 r1232 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) groups[] parameter in a send action in the sendmail module or (2) query parameter in a sql_query action in the database module to admin.php, related to CVE-2013-3727.

3%
Низкий
больше 3 лет назад
github логотип
GHSA-2x7v-w2mv-f3rx

Improper Authentication in Atlassian Connect Spring Boot

CVSS3: 8.8
0%
Низкий
больше 4 лет назад
github логотип
GHSA-2x7v-rvcm-4cxf

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the auth/auth.php resource does not validate the characters received and they are sent unfiltered to the database.

CVSS3: 9.8
больше 2 лет назад
github логотип
GHSA-2x7r-m54m-f2pf

The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site, leading to Remote Code Execution.

CVSS3: 8.8
69%
Средний
больше 2 лет назад
github логотип
GHSA-2x7r-f4jf-gfj5

Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Image Alt Text Generator for WP: from n/a through <= 1.1.5.

CVSS3: 8.2
0%
Низкий
3 месяца назад

Уязвимостей на страницу