Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-3338-v9h6-vm4g

больше 1 года назад

Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop SociallyViral.This issue affects SociallyViral: from n/a through 1.0.10.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-3338-hg6j-p3hj

больше 3 лет назад

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportAsXFDF method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6011.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3337-29hg-rgvq

больше 3 лет назад

IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. IBM X-Force ID: 116738.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-3336-h95j-hvvf

больше 3 лет назад

Improper Access Control in Apache CXF

EPSS: Низкий
github логотип

GHSA-3336-3gjj-jp53

11 месяцев назад

The Advanced File Manager — Ultimate WordPress File Manager and Document Library Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.2.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

CVSS3: 6.4
EPSS: Низкий
github логотип

GHSA-3334-vx72-68cw

больше 3 лет назад

In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-3334-f37q-2m8x

больше 3 лет назад

A vulnerability has been identified in LOGO! Soft Comfort (All versions). The vulnerability could allow an attacker to execute arbitrary code if the attacker tricks a legitimate user to open a manipulated project. In order to exploit the vulnerability, a valid user must open a manipulated project file. No further privileges are required on the target system. The vulnerability could compromise the confidentiality, integrity and availability of the engineering station. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3334-49c6-xvm9

больше 3 лет назад

An elevation of privilege vulnerability exists when Microsoft Windows implements predictable memory section names, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0635.

EPSS: Низкий
github логотип

GHSA-332x-qjv9-28mf

10 месяцев назад

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockTcmSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-332w-hvmr-9fqw

больше 3 лет назад

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9625.

EPSS: Низкий
github логотип

GHSA-332w-5chw-jpv3

больше 3 лет назад

A remote code execution vulnerability exists in Microsoft InfoPath when the software fails to properly handle objects in memory, aka "Microsoft InfoPath Remote Code Execution Vulnerability." This affects Microsoft Infopath.

CVSS3: 7.8
EPSS: Средний
github логотип

GHSA-332v-39cw-qwg2

больше 3 лет назад

HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users" group (who may not otherwise have administrator access) to escalate to administrator privileges.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-332r-78jx-2j2m

почти 4 года назад

An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS.

CVSS3: 5.9
EPSS: Низкий
github логотип

GHSA-332q-7ff2-57h2

почти 4 года назад

Prototype Pollution in undefsafe

CVSS3: 6.3
EPSS: Низкий
github логотип

GHSA-332p-x9c3-3hm3

10 месяцев назад

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).When processing a high rate of specific GRE traffic destined to the device, the respective PFE will hang causing traffic forwarding to stop. When this issue occurs the following logs can be observed: <fpc #> MQSS(0): LI-3: Received a parcel with more than 512B accompanying data CHASSISD_FPC_ASIC_ERROR: ASIC Error detected <...> This issue affects Junos OS: * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S8, * 22.2 versions before 22.2R3-S4, * 22.4 versions before 22.4R3-S5, * 23.2 versions before 23.2R2-S2, * 23.4 versions before 23.4R2.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-332p-2wcc-qg7j

почти 4 года назад

Buffer overflow in AIX writesrv command allows local users to obtain root access.

EPSS: Низкий
github логотип

GHSA-332m-xp6m-r638

около 4 лет назад

Imperva Web Application Firewall (WAF) before 2021-12-31 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF.

EPSS: Средний
github логотип

GHSA-332m-5jvr-x53c

больше 3 лет назад

VeryPDF 4.1 has a Memory Overflow leading to Code Execution because pdfocx!CxImageTIF::operator in pdfocx.ocx (used by pdfeditor.exe and pdfcmd.exe) is mishandled.

EPSS: Низкий
github логотип

GHSA-332h-mhjm-x7jm

9 месяцев назад

Divide By Zero vulnerability in davisking dlib allows remote attackers to cause a denial of service via a crafted file. .This issue affects dlib: before <19.24.7.

EPSS: Низкий
github логотип

GHSA-332h-96gg-2p6g

больше 3 лет назад

The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file.

CVSS3: 5.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3338-v9h6-vm4g

Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop SociallyViral.This issue affects SociallyViral: from n/a through 1.0.10.

CVSS3: 4.3
0%
Низкий
больше 1 года назад
github логотип
GHSA-3338-hg6j-p3hj

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportAsXFDF method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6011.

CVSS3: 8.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3337-29hg-rgvq

IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. IBM X-Force ID: 116738.

CVSS3: 4.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3336-h95j-hvvf

Improper Access Control in Apache CXF

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3336-3gjj-jp53

The Advanced File Manager — Ultimate WordPress File Manager and Document Library Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.2.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

CVSS3: 6.4
0%
Низкий
11 месяцев назад
github логотип
GHSA-3334-vx72-68cw

In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly.

CVSS3: 5.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3334-f37q-2m8x

A vulnerability has been identified in LOGO! Soft Comfort (All versions). The vulnerability could allow an attacker to execute arbitrary code if the attacker tricks a legitimate user to open a manipulated project. In order to exploit the vulnerability, a valid user must open a manipulated project file. No further privileges are required on the target system. The vulnerability could compromise the confidentiality, integrity and availability of the engineering station. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3334-49c6-xvm9

An elevation of privilege vulnerability exists when Microsoft Windows implements predictable memory section names, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0635.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-332x-qjv9-28mf

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockTcmSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS3: 8.8
0%
Низкий
10 месяцев назад
github логотип
GHSA-332w-hvmr-9fqw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9625.

2%
Низкий
больше 3 лет назад
github логотип
GHSA-332w-5chw-jpv3

A remote code execution vulnerability exists in Microsoft InfoPath when the software fails to properly handle objects in memory, aka "Microsoft InfoPath Remote Code Execution Vulnerability." This affects Microsoft Infopath.

CVSS3: 7.8
34%
Средний
больше 3 лет назад
github логотип
GHSA-332v-39cw-qwg2

HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users" group (who may not otherwise have administrator access) to escalate to administrator privileges.

CVSS3: 8.8
3%
Низкий
больше 3 лет назад
github логотип
GHSA-332r-78jx-2j2m

An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS.

CVSS3: 5.9
0%
Низкий
почти 4 года назад
github логотип
GHSA-332q-7ff2-57h2

Prototype Pollution in undefsafe

CVSS3: 6.3
0%
Низкий
почти 4 года назад
github логотип
GHSA-332p-x9c3-3hm3

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).When processing a high rate of specific GRE traffic destined to the device, the respective PFE will hang causing traffic forwarding to stop. When this issue occurs the following logs can be observed: <fpc #> MQSS(0): LI-3: Received a parcel with more than 512B accompanying data CHASSISD_FPC_ASIC_ERROR: ASIC Error detected <...> This issue affects Junos OS: * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S8, * 22.2 versions before 22.2R3-S4, * 22.4 versions before 22.4R3-S5, * 23.2 versions before 23.2R2-S2, * 23.4 versions before 23.4R2.

CVSS3: 7.5
0%
Низкий
10 месяцев назад
github логотип
GHSA-332p-2wcc-qg7j

Buffer overflow in AIX writesrv command allows local users to obtain root access.

0%
Низкий
почти 4 года назад
github логотип
GHSA-332m-xp6m-r638

Imperva Web Application Firewall (WAF) before 2021-12-31 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF.

36%
Средний
около 4 лет назад
github логотип
GHSA-332m-5jvr-x53c

VeryPDF 4.1 has a Memory Overflow leading to Code Execution because pdfocx!CxImageTIF::operator in pdfocx.ocx (used by pdfeditor.exe and pdfcmd.exe) is mishandled.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-332h-mhjm-x7jm

Divide By Zero vulnerability in davisking dlib allows remote attackers to cause a denial of service via a crafted file. .This issue affects dlib: before <19.24.7.

0%
Низкий
9 месяцев назад
github логотип
GHSA-332h-96gg-2p6g

The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file.

CVSS3: 5.5
0%
Низкий
больше 3 лет назад

Уязвимостей на страницу