Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-332g-xh34-5c96

больше 3 лет назад

Moodle Privilege escalation in quiz web services

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-332g-rf22-2vcg

11 месяцев назад

A path traversal vulnerability exists in the latest version of stangirard/quivr. This vulnerability allows an attacker to upload files to arbitrary paths in an S3 bucket by manipulating the file path in the upload request.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-332g-mj6w-rc2r

9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: dm stats: check for and propagate alloc_percpu failure Check alloc_precpu()'s return value and return an error from dm_stats_init() if it fails. Update alloc_dev() to fail if dm_stats_init() does. Otherwise, a NULL pointer dereference will occur in dm_stats_cleanup() even if dm-stats isn't being actively used.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-332g-g9j2-2jvj

больше 3 лет назад

IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 196944.

EPSS: Низкий
github логотип

GHSA-332f-rmrv-v5x8

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in index.php in moziloWiki 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) action and (2) page parameters.

EPSS: Низкий
github логотип

GHSA-332f-m55f-3h9q

около 4 лет назад

Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated user who has complete access to the Reports module.

EPSS: Низкий
github логотип

GHSA-332f-h579-gp2q

около 2 лет назад

Microsoft ODBC Driver Remote Code Execution Vulnerability

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-332f-6793-cv8m

больше 3 лет назад

SQL injection vulnerability in the A-Reserve and A-Reserve for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-332c-xwph-rhqj

больше 3 лет назад

The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, and nProtect Anti-Virus 2011-01-17.01 allows remote attackers to bypass malware detection via an ELF file with a ustar character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.

EPSS: Низкий
github логотип

GHSA-332c-x93c-2rh6

5 месяцев назад

Insertion of Sensitive Information Into Sent Data vulnerability in Benjamin Intal Stackable allows Retrieve Embedded Sensitive Data. This issue affects Stackable: from n/a through 3.18.1.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-332c-j8m4-x9m8

больше 3 лет назад

An issue was discovered in gpac 0.8.0. The gf_hinter_track_process function in isom_hinter_track_process.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file

EPSS: Низкий
github логотип

GHSA-3329-vq9j-w245

7 месяцев назад

A vulnerability, which was classified as critical, has been found in code-projects Crime Reporting System 1.0. Affected by this issue is some unknown functionality of the file /policelogin.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 7.3
EPSS: Низкий
github логотип

GHSA-3329-pjwv-fjpg

около 5 лет назад

Hostname spoofing via backslashes in URL

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3329-ghmp-jmv5

около 1 месяца назад

Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran.myeval

EPSS: Низкий
github логотип

GHSA-3329-3jrm-gfjj

почти 4 года назад

Multiple SQL injection vulnerabilities in eFiction 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) let parameter in a viewlist action to authors.php and (2) sid parameter to viewstory.php.

EPSS: Низкий
github логотип

GHSA-3328-rg6c-hh5q

7 месяцев назад

IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26209.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3327-r9wv-3g4p

2 месяца назад

A NULL pointer dereference in the ADTSAudioFileServerMediaSubsession::createNewRTPSink() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS file.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3327-jr93-7hq3

больше 3 лет назад

Drupal access bypass vulnerability

CVSS3: 8.1
EPSS: Низкий
github логотип

GHSA-3326-qx8r-678q

больше 3 лет назад

When a user opens manipulated Windows Bitmap (.bmp, 2d.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3326-hgrw-85c4

почти 4 года назад

PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.2 and earlier allows remote attackers to execute arbitrary code via a URL in the absolute_path parameter.

EPSS: Средний

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-332g-xh34-5c96

Moodle Privilege escalation in quiz web services

CVSS3: 4.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-332g-rf22-2vcg

A path traversal vulnerability exists in the latest version of stangirard/quivr. This vulnerability allows an attacker to upload files to arbitrary paths in an S3 bucket by manipulating the file path in the upload request.

CVSS3: 4.3
0%
Низкий
11 месяцев назад
github логотип
GHSA-332g-mj6w-rc2r

In the Linux kernel, the following vulnerability has been resolved: dm stats: check for and propagate alloc_percpu failure Check alloc_precpu()'s return value and return an error from dm_stats_init() if it fails. Update alloc_dev() to fail if dm_stats_init() does. Otherwise, a NULL pointer dereference will occur in dm_stats_cleanup() even if dm-stats isn't being actively used.

CVSS3: 5.5
0%
Низкий
9 месяцев назад
github логотип
GHSA-332g-g9j2-2jvj

IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 196944.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-332f-rmrv-v5x8

Cross-site scripting (XSS) vulnerability in index.php in moziloWiki 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) action and (2) page parameters.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-332f-m55f-3h9q

Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated user who has complete access to the Reports module.

10%
Низкий
около 4 лет назад
github логотип
GHSA-332f-h579-gp2q

Microsoft ODBC Driver Remote Code Execution Vulnerability

CVSS3: 8.8
1%
Низкий
около 2 лет назад
github логотип
GHSA-332f-6793-cv8m

SQL injection vulnerability in the A-Reserve and A-Reserve for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors.

CVSS3: 9.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-332c-xwph-rhqj

The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, and nProtect Anti-Virus 2011-01-17.01 allows remote attackers to bypass malware detection via an ELF file with a ustar character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.

5%
Низкий
больше 3 лет назад
github логотип
GHSA-332c-x93c-2rh6

Insertion of Sensitive Information Into Sent Data vulnerability in Benjamin Intal Stackable allows Retrieve Embedded Sensitive Data. This issue affects Stackable: from n/a through 3.18.1.

CVSS3: 4.3
0%
Низкий
5 месяцев назад
github логотип
GHSA-332c-j8m4-x9m8

An issue was discovered in gpac 0.8.0. The gf_hinter_track_process function in isom_hinter_track_process.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3329-vq9j-w245

A vulnerability, which was classified as critical, has been found in code-projects Crime Reporting System 1.0. Affected by this issue is some unknown functionality of the file /policelogin.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 7.3
0%
Низкий
7 месяцев назад
github логотип
GHSA-3329-pjwv-fjpg

Hostname spoofing via backslashes in URL

CVSS3: 6.5
1%
Низкий
около 5 лет назад
github логотип
GHSA-3329-ghmp-jmv5

Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran.myeval

около 1 месяца назад
github логотип
GHSA-3329-3jrm-gfjj

Multiple SQL injection vulnerabilities in eFiction 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) let parameter in a viewlist action to authors.php and (2) sid parameter to viewstory.php.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3328-rg6c-hh5q

IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26209.

CVSS3: 7.8
0%
Низкий
7 месяцев назад
github логотип
GHSA-3327-r9wv-3g4p

A NULL pointer dereference in the ADTSAudioFileServerMediaSubsession::createNewRTPSink() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS file.

CVSS3: 6.5
0%
Низкий
2 месяца назад
github логотип
GHSA-3327-jr93-7hq3

Drupal access bypass vulnerability

CVSS3: 8.1
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3326-qx8r-678q

When a user opens manipulated Windows Bitmap (.bmp, 2d.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.

CVSS3: 5.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3326-hgrw-85c4

PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.2 and earlier allows remote attackers to execute arbitrary code via a URL in the absolute_path parameter.

15%
Средний
почти 4 года назад

Уязвимостей на страницу