Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-2wm9-x92q-p7jg

около 2 лет назад

An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access commands.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-2wm7-mmgc-qxr3

почти 3 года назад

Magento Open Source allows Incorrect Authorization

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-2wm7-j7c4-c8rq

больше 3 лет назад

In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for FreeBSD), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2wm7-g572-487q

больше 3 лет назад

An issue was discovered in libgig 4.1.0. There is an operator new[] failure (due to a big pSampleLoops heap request) in DLS::Sampler::Sampler in DLS.cpp.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2wm7-744x-3ghp

почти 4 года назад

Buffer overflow in Uptime Client (UpClient) 5.0b7, and possibly other versions, allows local users to gain privileges via a long -p argument.

EPSS: Низкий
github логотип

GHSA-2wm7-6r5c-mjpc

почти 4 года назад

Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the lastrealm variable in the set_tgtkey function.

EPSS: Низкий
github логотип

GHSA-2wm6-xpm3-7mx5

больше 3 лет назад

The kernel-mode drivers in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2wm6-w8f9-5vf4

больше 3 лет назад

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 4 of 6). In some cases, users without project permissions will receive emails after a project move. For private projects, this will disclose the new project namespace to an unauthorized user.

EPSS: Низкий
github логотип

GHSA-2wm6-mgmh-92vr

больше 3 лет назад

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2wm6-3pg4-h6hp

почти 4 года назад

PHP remote file inclusion vulnerability in fonctions_racine.php in OBOphiX 2.7.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin_lib parameter.

EPSS: Низкий
github логотип

GHSA-2wm5-pffj-4758

почти 2 года назад

Improper input validation in IpcTxSndSetLoopbackCtrl in libsec-ril prior to SMR Sep-2023 Release 1 allows local attackers to write out-of-bounds memory.

CVSS3: 5.9
EPSS: Низкий
github логотип

GHSA-2wm5-fq39-m5x5

почти 4 года назад

Unknown vulnerability in the Internet Printing Protocol (IPP) implementation in CUPS before 1.1.19 allows remote attackers to cause a denial of service (CPU consumption from a "busy loop") via certain inputs to the IPP port (TCP 631).

EPSS: Низкий
github логотип

GHSA-2wm5-c3g6-vrfw

больше 3 лет назад

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074.

EPSS: Низкий
github логотип

GHSA-2wm4-qgw2-r6ff

около 1 года назад

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3. A malicious app may be able to access arbitrary files.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-2wm4-f538-3x27

около 1 года назад

A Stored Cross-Site Scripting (XSS) vulnerability was identified affecting Skybox Change Manager versions 13.2.170 and earlier that allows remote authenticated users to store malicious payloads in the affected field that would then execute in an unsuspecting victim's browser.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-2wm3-m74f-6p2x

больше 3 лет назад

An issue was discovered in Zammad before 4.1.1. An attacker with valid agent credentials may send a series of crafted requests that cause an endless loop and thus cause denial of service.

EPSS: Низкий
github логотип

GHSA-2wm3-m6j7-pxcp

7 месяцев назад

IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26083.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2wm3-7hxf-9q6x

больше 1 года назад

The Shoutcast Icecast HTML5 Radio Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'html5radio' shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS3: 6.4
EPSS: Низкий
github логотип

GHSA-2wm3-5p9p-vf46

больше 2 лет назад

A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/?page=user/manage_user. The manipulation of the argument firstname/middlename leads to cross site scripting. The attack can be launched remotely. The identifier VDB-234013 was assigned to this vulnerability.

CVSS3: 3.5
EPSS: Низкий
github логотип

GHSA-2wm2-q986-vfw5

больше 3 лет назад

In Libav 12.3, there is a segmentation fault in vc1_decode_b_mb_intfr in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2wm9-x92q-p7jg

An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access commands.

CVSS3: 5.3
0%
Низкий
около 2 лет назад
github логотип
GHSA-2wm7-mmgc-qxr3

Magento Open Source allows Incorrect Authorization

CVSS3: 4.3
0%
Низкий
почти 3 года назад
github логотип
GHSA-2wm7-j7c4-c8rq

In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for FreeBSD), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.

CVSS3: 9.8
9%
Низкий
больше 3 лет назад
github логотип
GHSA-2wm7-g572-487q

An issue was discovered in libgig 4.1.0. There is an operator new[] failure (due to a big pSampleLoops heap request) in DLS::Sampler::Sampler in DLS.cpp.

CVSS3: 9.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2wm7-744x-3ghp

Buffer overflow in Uptime Client (UpClient) 5.0b7, and possibly other versions, allows local users to gain privileges via a long -p argument.

1%
Низкий
почти 4 года назад
github логотип
GHSA-2wm7-6r5c-mjpc

Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the lastrealm variable in the set_tgtkey function.

3%
Низкий
почти 4 года назад
github логотип
GHSA-2wm6-xpm3-7mx5

The kernel-mode drivers in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

CVSS3: 7.8
1%
Низкий
больше 3 лет назад
github логотип
GHSA-2wm6-w8f9-5vf4

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 4 of 6). In some cases, users without project permissions will receive emails after a project move. For private projects, this will disclose the new project namespace to an unauthorized user.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2wm6-mgmh-92vr

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset.

CVSS3: 7.5
1%
Низкий
больше 3 лет назад
github логотип
GHSA-2wm6-3pg4-h6hp

PHP remote file inclusion vulnerability in fonctions_racine.php in OBOphiX 2.7.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin_lib parameter.

2%
Низкий
почти 4 года назад
github логотип
GHSA-2wm5-pffj-4758

Improper input validation in IpcTxSndSetLoopbackCtrl in libsec-ril prior to SMR Sep-2023 Release 1 allows local attackers to write out-of-bounds memory.

CVSS3: 5.9
0%
Низкий
почти 2 года назад
github логотип
GHSA-2wm5-fq39-m5x5

Unknown vulnerability in the Internet Printing Protocol (IPP) implementation in CUPS before 1.1.19 allows remote attackers to cause a denial of service (CPU consumption from a "busy loop") via certain inputs to the IPP port (TCP 631).

2%
Низкий
почти 4 года назад
github логотип
GHSA-2wm5-c3g6-vrfw

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074.

4%
Низкий
больше 3 лет назад
github логотип
GHSA-2wm4-qgw2-r6ff

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3. A malicious app may be able to access arbitrary files.

CVSS3: 5.5
0%
Низкий
около 1 года назад
github логотип
GHSA-2wm4-f538-3x27

A Stored Cross-Site Scripting (XSS) vulnerability was identified affecting Skybox Change Manager versions 13.2.170 and earlier that allows remote authenticated users to store malicious payloads in the affected field that would then execute in an unsuspecting victim's browser.

CVSS3: 5.4
0%
Низкий
около 1 года назад
github логотип
GHSA-2wm3-m74f-6p2x

An issue was discovered in Zammad before 4.1.1. An attacker with valid agent credentials may send a series of crafted requests that cause an endless loop and thus cause denial of service.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2wm3-m6j7-pxcp

IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26083.

CVSS3: 7.8
0%
Низкий
7 месяцев назад
github логотип
GHSA-2wm3-7hxf-9q6x

The Shoutcast Icecast HTML5 Radio Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'html5radio' shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS3: 6.4
0%
Низкий
больше 1 года назад
github логотип
GHSA-2wm3-5p9p-vf46

A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/?page=user/manage_user. The manipulation of the argument firstname/middlename leads to cross site scripting. The attack can be launched remotely. The identifier VDB-234013 was assigned to this vulnerability.

CVSS3: 3.5
0%
Низкий
больше 2 лет назад
github логотип
GHSA-2wm2-q986-vfw5

In Libav 12.3, there is a segmentation fault in vc1_decode_b_mb_intfr in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file.

0%
Низкий
больше 3 лет назад

Уязвимостей на страницу