Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-33cw-rfhq-85q4

около 3 лет назад

Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-33cw-f6c5-2rv7

около 1 года назад

A vulnerability classified as critical was found in code-projects Simple Car Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument uname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 7.3
EPSS: Низкий
github логотип

GHSA-33cw-2rgg-pqmh

почти 4 года назад

SQL injection vulnerability in intouch.lib.php in inTouch 0.5.1 Alpha allows remote attackers to execute arbitrary SQL commands via the user parameter.

EPSS: Низкий
github логотип

GHSA-33cv-rf7v-r5m4

больше 3 лет назад

The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office 2007 SP3; Office 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6; Skype for Business 2016; Lync 2010; Lync 2013 SP1; Live Meeting 2007 Console; and Silverlight 5 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability."

EPSS: Средний
github логотип

GHSA-33cr-xf9m-fqqr

больше 3 лет назад

Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-33cr-m232-xqch

11 месяцев назад

cheqd-node affected by Non-deterministic JSON Unmarshalling of IBC Acknowledgement

EPSS: Низкий
github логотип

GHSA-33cr-5mgj-3gg9

больше 3 лет назад

An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by leveraging the mishandling of Populate on Demand (PoD) Physical-to-Machine (P2M) errors.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-33cr-4mvf-fj5r

больше 3 лет назад

IBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 128689.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-33cp-wjp9-mgp2

4 месяца назад

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00421149; Issue ID: MSV-3728.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-33cp-qrcq-xvp4

почти 4 года назад

Format string vulnerability in Novell Modular Authentication Services (NMAS) in the Novell Client 4.91 SP2 and SP3 allows users with physical access to read stack and memory contents via format string specifiers in the Username field of the logon window.

EPSS: Низкий
github логотип

GHSA-33cj-w75f-49m2

больше 3 лет назад

Magento 2 Community Edition Server-Side Request Forgery vulnerability

CVSS3: 7.2
EPSS: Низкий
github логотип

GHSA-33cj-qgm7-jr34

около 1 года назад

Missing Authorization vulnerability in Azzaroco WP SuperBackup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SuperBackup: from n/a through 2.3.3.

CVSS3: 7.4
EPSS: Низкий
github логотип

GHSA-33cj-hx68-hxx3

больше 3 лет назад

Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, url) passed to the webpagetest-master/www/benchmarks/trendurl.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-33cj-4m4m-jhxc

больше 3 лет назад

A NULL pointer dereference was discovered in ic_predict of libfaad/ic_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-33cg-4pq4-gv4q

больше 3 лет назад

Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via a crafted internationalization-file URL.

EPSS: Низкий
github логотип

GHSA-33cf-w34p-g6pj

больше 3 лет назад

A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Kernel versions before 5.10 may be vulnerable to this issue.

EPSS: Низкий
github логотип

GHSA-33cf-9f58-g423

почти 4 года назад

The Transmission Control Protocol (TCP) allows remote attackers to cause a denial of service (bandwidth consumption) by sending ACK messages for packets that have not yet been received (optimistic ACKs), which can cause the sender to increase its transmission rate until it fills available bandwidth.

EPSS: Низкий
github логотип

GHSA-33cf-32gf-rq6j

больше 2 лет назад

An issue in the __nss_database_lookup component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-33cc-g8rq-488v

почти 4 года назад

Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.

EPSS: Низкий
github логотип

GHSA-33cc-g737-2r5g

около 2 лет назад

A vulnerability, which was classified as critical, has been found in Beijing Baichuo Smart S40 Management Platform up to 20240126. Affected by this issue is some unknown functionality of the file /useratte/web.php of the component Import Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252992. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS3: 4.7
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-33cw-rfhq-85q4

Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet.

CVSS3: 9.8
0%
Низкий
около 3 лет назад
github логотип
GHSA-33cw-f6c5-2rv7

A vulnerability classified as critical was found in code-projects Simple Car Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument uname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 7.3
0%
Низкий
около 1 года назад
github логотип
GHSA-33cw-2rgg-pqmh

SQL injection vulnerability in intouch.lib.php in inTouch 0.5.1 Alpha allows remote attackers to execute arbitrary SQL commands via the user parameter.

1%
Низкий
почти 4 года назад
github логотип
GHSA-33cv-rf7v-r5m4

The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office 2007 SP3; Office 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6; Skype for Business 2016; Lync 2010; Lync 2013 SP1; Live Meeting 2007 Console; and Silverlight 5 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability."

44%
Средний
больше 3 лет назад
github логотип
GHSA-33cr-xf9m-fqqr

Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

CVSS3: 8.8
1%
Низкий
больше 3 лет назад
github логотип
GHSA-33cr-m232-xqch

cheqd-node affected by Non-deterministic JSON Unmarshalling of IBC Acknowledgement

11 месяцев назад
github логотип
GHSA-33cr-5mgj-3gg9

An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by leveraging the mishandling of Populate on Demand (PoD) Physical-to-Machine (P2M) errors.

CVSS3: 8.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-33cr-4mvf-fj5r

IBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 128689.

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-33cp-wjp9-mgp2

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00421149; Issue ID: MSV-3728.

CVSS3: 7.8
0%
Низкий
4 месяца назад
github логотип
GHSA-33cp-qrcq-xvp4

Format string vulnerability in Novell Modular Authentication Services (NMAS) in the Novell Client 4.91 SP2 and SP3 allows users with physical access to read stack and memory contents via format string specifiers in the Username field of the logon window.

0%
Низкий
почти 4 года назад
github логотип
GHSA-33cj-w75f-49m2

Magento 2 Community Edition Server-Side Request Forgery vulnerability

CVSS3: 7.2
0%
Низкий
больше 3 лет назад
github логотип
GHSA-33cj-qgm7-jr34

Missing Authorization vulnerability in Azzaroco WP SuperBackup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SuperBackup: from n/a through 2.3.3.

CVSS3: 7.4
0%
Низкий
около 1 года назад
github логотип
GHSA-33cj-hx68-hxx3

Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, url) passed to the webpagetest-master/www/benchmarks/trendurl.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

CVSS3: 6.1
0%
Низкий
больше 3 лет назад
github логотип
GHSA-33cj-4m4m-jhxc

A NULL pointer dereference was discovered in ic_predict of libfaad/ic_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

CVSS3: 5.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-33cg-4pq4-gv4q

Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via a crafted internationalization-file URL.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-33cf-w34p-g6pj

A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Kernel versions before 5.10 may be vulnerable to this issue.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-33cf-9f58-g423

The Transmission Control Protocol (TCP) allows remote attackers to cause a denial of service (bandwidth consumption) by sending ACK messages for packets that have not yet been received (optimistic ACKs), which can cause the sender to increase its transmission rate until it fills available bandwidth.

5%
Низкий
почти 4 года назад
github логотип
GHSA-33cf-32gf-rq6j

An issue in the __nss_database_lookup component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVSS3: 7.5
0%
Низкий
больше 2 лет назад
github логотип
GHSA-33cc-g8rq-488v

Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.

5%
Низкий
почти 4 года назад
github логотип
GHSA-33cc-g737-2r5g

A vulnerability, which was classified as critical, has been found in Beijing Baichuo Smart S40 Management Platform up to 20240126. Affected by this issue is some unknown functionality of the file /useratte/web.php of the component Import Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252992. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS3: 4.7
0%
Низкий
около 2 лет назад

Уязвимостей на страницу