Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 375

Количество 314 375

github логотип

GHSA-32hv-jrcj-jr38

почти 4 года назад

Foreman before 1.1 allows remote authenticated users to gain privileges via a (1) XMLHttpRequest or (2) AJAX request.

EPSS: Низкий
github логотип

GHSA-32hv-c84f-hvp9

почти 4 года назад

Multiple cross-site scripting (XSS) vulnerabilities in kayit.asp in Gorki Online Santrac Sitesi allow remote attackers to inject arbitrary web script or HTML via the (1) kullanici, (2) posta, or (3) takim_adi parameter to uyeler.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

EPSS: Низкий
github логотип

GHSA-32hv-227c-chpv

больше 2 лет назад

Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-32hr-rxc3-hqx7

около 4 лет назад

The debug-meta-data plugin 1.1.2 for WordPress allows XSS.

EPSS: Низкий
github логотип

GHSA-32hq-jmxj-p7pr

11 месяцев назад

Memory corruption may occur while validating ports and channels in Audio driver.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-32hm-m24x-pwrg

больше 1 года назад

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View and Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-32hm-fpxx-4r4p

почти 4 года назад

BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a denial of service (core dump) via certain channel mode changes that are not properly handled in names.c.

EPSS: Низкий
github логотип

GHSA-32hj-wrr2-2q83

почти 4 года назад

Absolute path traversal vulnerability in admin/logfile.txt in Verity Ultraseek before 5.6.2 allows remote attackers to read arbitrary files via the name variable.

EPSS: Низкий
github логотип

GHSA-32hj-5vg7-3p79

почти 2 года назад

RoboDK v5.5.4 is vulnerable to heap-based buffer overflow while processing a specific project file. The resulting memory corruption may crash the application.

CVSS3: 3.3
EPSS: Низкий
github логотип

GHSA-32hg-73hp-vwc8

больше 3 лет назад

Moodle allows attackers to modify "Exclude grade" settings

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-32hg-4wf9-hj7c

почти 2 года назад

Out of bounds Read vulnerability in ssmis_get_frm in libsubextractor.so prior to SMR Mar-2024 Release 1 allows local attackers to read out of bounds memory.

CVSS3: 3.3
EPSS: Низкий
github логотип

GHSA-32hf-mgvj-h3ph

почти 4 года назад

SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 allows remote attackers to execute arbitrary SQL statements via the sid parameter. NOTE: the vendor reports that they could not reproduce the issues for 760 RC3, or for .750.

EPSS: Низкий
github логотип

GHSA-32hf-ffvm-wx32

больше 3 лет назад

The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not properly sanitize inputs submitted by authenticated users when setting adding or modifying coming soon or maintenance mode pages, leading to stored XSS.

EPSS: Низкий
github логотип

GHSA-32hc-mvpr-c38m

почти 4 года назад

Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492.

EPSS: Низкий
github логотип

GHSA-32h9-x683-vc95

больше 3 лет назад

An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1383, CVE-2019-1417.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-32h9-q98m-9334

больше 2 лет назад

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spiffy Plugins Spiffy Calendar plugin <= 4.9.3 versions.

CVSS3: 5.8
EPSS: Низкий
github логотип

GHSA-32h9-hqhx-9j29

больше 1 года назад

This vulnerability exists in the Wave 2.0 due to improper exception handling for invalid inputs at certain API endpoint. An authenticated remote attacker could exploit this vulnerability by providing invalid inputs for “userId” parameter in the API request leading to generation of error message containing sensitive information on the targeted system.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-32h7-7j94-8fc2

почти 2 года назад

Mattermost vulnerable to denial of service via large number of emoji reactions

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-32h6-xpp4-6279

больше 3 лет назад

DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows a user to send an IOCTL (0x80002068) with a user defined buffer size. If the size of the buffer is less than 512 bytes, then the driver will overwrite the next pool header if there is one next to the user buffer's pool.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-32h6-6w8m-mc99

около 2 месяцев назад

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVSS3: 5.4
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-32hv-jrcj-jr38

Foreman before 1.1 allows remote authenticated users to gain privileges via a (1) XMLHttpRequest or (2) AJAX request.

1%
Низкий
почти 4 года назад
github логотип
GHSA-32hv-c84f-hvp9

Multiple cross-site scripting (XSS) vulnerabilities in kayit.asp in Gorki Online Santrac Sitesi allow remote attackers to inject arbitrary web script or HTML via the (1) kullanici, (2) posta, or (3) takim_adi parameter to uyeler.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

0%
Низкий
почти 4 года назад
github логотип
GHSA-32hv-227c-chpv

Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability

CVSS3: 5.5
4%
Низкий
больше 2 лет назад
github логотип
GHSA-32hr-rxc3-hqx7

The debug-meta-data plugin 1.1.2 for WordPress allows XSS.

0%
Низкий
около 4 лет назад
github логотип
GHSA-32hq-jmxj-p7pr

Memory corruption may occur while validating ports and channels in Audio driver.

CVSS3: 7.8
0%
Низкий
11 месяцев назад
github логотип
GHSA-32hm-m24x-pwrg

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View and Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user.

CVSS3: 5.4
2%
Низкий
больше 1 года назад
github логотип
GHSA-32hm-fpxx-4r4p

BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a denial of service (core dump) via certain channel mode changes that are not properly handled in names.c.

0%
Низкий
почти 4 года назад
github логотип
GHSA-32hj-wrr2-2q83

Absolute path traversal vulnerability in admin/logfile.txt in Verity Ultraseek before 5.6.2 allows remote attackers to read arbitrary files via the name variable.

1%
Низкий
почти 4 года назад
github логотип
GHSA-32hj-5vg7-3p79

RoboDK v5.5.4 is vulnerable to heap-based buffer overflow while processing a specific project file. The resulting memory corruption may crash the application.

CVSS3: 3.3
0%
Низкий
почти 2 года назад
github логотип
GHSA-32hg-73hp-vwc8

Moodle allows attackers to modify "Exclude grade" settings

CVSS3: 4.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-32hg-4wf9-hj7c

Out of bounds Read vulnerability in ssmis_get_frm in libsubextractor.so prior to SMR Mar-2024 Release 1 allows local attackers to read out of bounds memory.

CVSS3: 3.3
0%
Низкий
почти 2 года назад
github логотип
GHSA-32hf-mgvj-h3ph

SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 allows remote attackers to execute arbitrary SQL statements via the sid parameter. NOTE: the vendor reports that they could not reproduce the issues for 760 RC3, or for .750.

1%
Низкий
почти 4 года назад
github логотип
GHSA-32hf-ffvm-wx32

The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not properly sanitize inputs submitted by authenticated users when setting adding or modifying coming soon or maintenance mode pages, leading to stored XSS.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-32hc-mvpr-c38m

Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492.

1%
Низкий
почти 4 года назад
github логотип
GHSA-32h9-x683-vc95

An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1383, CVE-2019-1417.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-32h9-q98m-9334

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spiffy Plugins Spiffy Calendar plugin <= 4.9.3 versions.

CVSS3: 5.8
0%
Низкий
больше 2 лет назад
github логотип
GHSA-32h9-hqhx-9j29

This vulnerability exists in the Wave 2.0 due to improper exception handling for invalid inputs at certain API endpoint. An authenticated remote attacker could exploit this vulnerability by providing invalid inputs for “userId” parameter in the API request leading to generation of error message containing sensitive information on the targeted system.

CVSS3: 4.3
0%
Низкий
больше 1 года назад
github логотип
GHSA-32h7-7j94-8fc2

Mattermost vulnerable to denial of service via large number of emoji reactions

CVSS3: 4.3
0%
Низкий
почти 2 года назад
github логотип
GHSA-32h6-xpp4-6279

DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows a user to send an IOCTL (0x80002068) with a user defined buffer size. If the size of the buffer is less than 512 bytes, then the driver will overwrite the next pool header if there is one next to the user buffer's pool.

CVSS3: 5.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-32h6-6w8m-mc99

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVSS3: 5.4
0%
Низкий
около 2 месяцев назад

Уязвимостей на страницу