Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-2whh-8rqw-hpx5

больше 3 лет назад

Paint 3D Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31945, CVE-2021-31946.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2whh-5gr2-6f5w

больше 3 лет назад

In BlueZ 5.42, a buffer overflow was observed in "read_n" function in "tools/hcidump.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2whg-fx75-q3fr

больше 1 года назад

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 could disclose sensitive information in the HTTP response using man in the middle techniques. IBM X-Force ID: 265507.

CVSS3: 3.1
EPSS: Низкий
github логотип

GHSA-2whf-mx89-7886

почти 4 года назад

Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption.

EPSS: Средний
github логотип

GHSA-2whf-925v-qjcf

почти 4 года назад

Cross-site scripting (XSS) vulnerability in the servlet engine and Web container in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-2whc-p527-687m

почти 4 года назад

A vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-01_01 was discovered whereby decompression of ACE file causes the scanner service to stop. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine.

EPSS: Низкий
github логотип

GHSA-2whc-8658-9gvr

около 1 месяца назад

Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.

EPSS: Низкий
github логотип

GHSA-2whc-73rp-p66p

больше 3 лет назад

Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors.

EPSS: Низкий
github логотип

GHSA-2whc-42x6-f9r4

больше 3 лет назад

Multiple SQL injection vulnerabilities in Translations in Fork CMS before 3.8.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) language[] or (2) type[] parameter to private/en/locale/index.

EPSS: Низкий
github логотип

GHSA-2whc-3w32-64h4

больше 3 лет назад

Use after free in WebCodecs in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

EPSS: Низкий
github логотип

GHSA-2wh9-xh8x-vvv4

около 1 года назад

A vulnerability in the CLI of Cisco FTD Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands with root privileges on the underlying operating system of an affected device.  This vulnerability is due to insufficient validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input to the affected commands. A successful exploit could allow the attacker to execute commands with root privileges on the underlying operating system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

CVSS3: 6.7
EPSS: Низкий
github логотип

GHSA-2wh9-wm58-w79r

20 дней назад

The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.1.0. This is due to missing or incorrect nonce validation on the hook_newsletter_action() function. This makes it possible for unauthenticated attackers to unsubscribe newsletter subscribers via a forged request granted they can trick a logged-in user into performing an action such as clicking on a link.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-2wh9-mjfj-9cc7

почти 4 года назад

CRLF injection vulnerability in Xerver HTTP Server 4.31 and 4.32 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via certain byte sequences at the end of a URL. NOTE: some of these details are obtained from third party information.

EPSS: Низкий
github логотип

GHSA-2wh9-jjcg-cw3f

больше 3 лет назад

The key_replace_session_keyring function in security/keys/process_keys.c in the Linux kernel before 2.6.39.1 does not initialize a certain structure member, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function, a different vulnerability than CVE-2010-2960.

EPSS: Низкий
github логотип

GHSA-2wh9-8pg9-7cgx

больше 3 лет назад

RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics sends cleartext credentials over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network.

EPSS: Средний
github логотип

GHSA-2wh9-3rpj-fmj7

больше 3 лет назад

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter.

CVSS3: 7.2
EPSS: Средний
github логотип

GHSA-2wh8-mpmc-rwwm

больше 2 лет назад

In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interface discloses web password.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2wh8-3mgp-pj9h

4 месяца назад

A security flaw has been discovered in Campcodes Online Apartment Visitor Management System 1.0. The affected element is an unknown function of the file /bwdates-reports-details.php. The manipulation of the argument fromdate/todate results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be exploited.

CVSS3: 7.3
EPSS: Низкий
github логотип

GHSA-2wh8-34xj-pfx6

почти 4 года назад

Cross-site scripting (XSS) vulnerability in index.php in Opial Audio/Video Download Management 1.0 allows remote attackers to inject arbitrary web script or HTML via the destination parameter in the Login view.

EPSS: Низкий
github логотип

GHSA-2wh6-wp88-phq8

больше 1 года назад

Multiple stored cross-site scripting (XSS) vulnerabilities in RWS MultiTrans v7.0.23324.2 and earlier allow attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVSS3: 6.1
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2whh-8rqw-hpx5

Paint 3D Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31945, CVE-2021-31946.

CVSS3: 7.8
2%
Низкий
больше 3 лет назад
github логотип
GHSA-2whh-5gr2-6f5w

In BlueZ 5.42, a buffer overflow was observed in "read_n" function in "tools/hcidump.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2whg-fx75-q3fr

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 could disclose sensitive information in the HTTP response using man in the middle techniques. IBM X-Force ID: 265507.

CVSS3: 3.1
0%
Низкий
больше 1 года назад
github логотип
GHSA-2whf-mx89-7886

Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption.

10%
Средний
почти 4 года назад
github логотип
GHSA-2whf-925v-qjcf

Cross-site scripting (XSS) vulnerability in the servlet engine and Web container in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

0%
Низкий
почти 4 года назад
github логотип
GHSA-2whc-p527-687m

A vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-01_01 was discovered whereby decompression of ACE file causes the scanner service to stop. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine.

0%
Низкий
почти 4 года назад
github логотип
GHSA-2whc-8658-9gvr

Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.

около 1 месяца назад
github логотип
GHSA-2whc-73rp-p66p

Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2whc-42x6-f9r4

Multiple SQL injection vulnerabilities in Translations in Fork CMS before 3.8.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) language[] or (2) type[] parameter to private/en/locale/index.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-2whc-3w32-64h4

Use after free in WebCodecs in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-2wh9-xh8x-vvv4

A vulnerability in the CLI of Cisco FTD Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands with root privileges on the underlying operating system of an affected device.  This vulnerability is due to insufficient validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input to the affected commands. A successful exploit could allow the attacker to execute commands with root privileges on the underlying operating system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

CVSS3: 6.7
0%
Низкий
около 1 года назад
github логотип
GHSA-2wh9-wm58-w79r

The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.1.0. This is due to missing or incorrect nonce validation on the hook_newsletter_action() function. This makes it possible for unauthenticated attackers to unsubscribe newsletter subscribers via a forged request granted they can trick a logged-in user into performing an action such as clicking on a link.

CVSS3: 4.3
0%
Низкий
20 дней назад
github логотип
GHSA-2wh9-mjfj-9cc7

CRLF injection vulnerability in Xerver HTTP Server 4.31 and 4.32 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via certain byte sequences at the end of a URL. NOTE: some of these details are obtained from third party information.

3%
Низкий
почти 4 года назад
github логотип
GHSA-2wh9-jjcg-cw3f

The key_replace_session_keyring function in security/keys/process_keys.c in the Linux kernel before 2.6.39.1 does not initialize a certain structure member, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function, a different vulnerability than CVE-2010-2960.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2wh9-8pg9-7cgx

RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics sends cleartext credentials over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network.

17%
Средний
больше 3 лет назад
github логотип
GHSA-2wh9-3rpj-fmj7

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter.

CVSS3: 7.2
13%
Средний
больше 3 лет назад
github логотип
GHSA-2wh8-mpmc-rwwm

In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interface discloses web password.

CVSS3: 9.8
0%
Низкий
больше 2 лет назад
github логотип
GHSA-2wh8-3mgp-pj9h

A security flaw has been discovered in Campcodes Online Apartment Visitor Management System 1.0. The affected element is an unknown function of the file /bwdates-reports-details.php. The manipulation of the argument fromdate/todate results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be exploited.

CVSS3: 7.3
0%
Низкий
4 месяца назад
github логотип
GHSA-2wh8-34xj-pfx6

Cross-site scripting (XSS) vulnerability in index.php in Opial Audio/Video Download Management 1.0 allows remote attackers to inject arbitrary web script or HTML via the destination parameter in the Login view.

3%
Низкий
почти 4 года назад
github логотип
GHSA-2wh6-wp88-phq8

Multiple stored cross-site scripting (XSS) vulnerabilities in RWS MultiTrans v7.0.23324.2 and earlier allow attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVSS3: 6.1
0%
Низкий
больше 1 года назад

Уязвимостей на страницу