Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-32m7-9832-wfc6

больше 3 лет назад

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVSS3: 8.8
EPSS: Средний
github логотип

GHSA-32m5-wrmj-7cr6

почти 2 года назад

IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336.

CVSS3: 5.1
EPSS: Низкий
github логотип

GHSA-32m5-hfrr-c4wj

больше 3 лет назад

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUDjVuFile!DllUnregisterServer+0x000000000000328e."

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-32m5-c8qv-fq2h

больше 3 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in (1) mainpage.jsp and (2) GetImageServlet.img in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

EPSS: Низкий
github логотип

GHSA-32m5-2pgc-wc86

больше 3 лет назад

AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerability in the NetCrunch web client, which can lead to an authentication bypass or escalation of privileges.

EPSS: Низкий
github логотип

GHSA-32m3-95vg-gvx5

больше 3 лет назад

SQL injection vulnerability in index.php in DBSite 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

EPSS: Низкий
github логотип

GHSA-32m2-9f76-4gv8

около 4 лет назад

Business Logic Errors in SilverStripe Framework

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-32m2-83j8-f3hg

больше 3 лет назад

The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.

CVSS3: 5.5
EPSS: Высокий
github логотип

GHSA-32m2-5wjp-2hcg

почти 4 года назад

Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter.

EPSS: Низкий
github логотип

GHSA-32jx-pg7c-gcmv

больше 3 лет назад

Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651.

EPSS: Низкий
github логотип

GHSA-32jx-m2q2-rwr4

больше 3 лет назад

There exists a partial Denial of Service vulnerability in Wanscam HW0021 IP Cameras. An attacker could craft a malicious POST request to crash the ONVIF service on such a device.

CVSS3: 5.9
EPSS: Низкий
github логотип

GHSA-32jx-jm5r-c6x7

около 1 месяца назад

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated vulnerability that allows remote attackers to access live radio stream information through webplay or ffmpeg scripts. Attackers can exploit the vulnerability by calling specific web scripts to disclose radio stream details without requiring authentication.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-32jx-cx53-vp3r

9 месяцев назад

The Connexion Logs WordPress plugin through 3.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-32jx-75mj-c5hj

больше 3 лет назад

Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection."

EPSS: Низкий
github логотип

GHSA-32jx-4w8w-vxmx

больше 3 лет назад

A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. Affected Products: Cisco Firepower Management Center and FireSIGHT System Software are affected when they are configured to use a file policy that has the Block Malware action. More Information: CSCvb27494. Known Affected Releases: 6.0.1.1 6.1.0.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-32jw-x745-fx6j

почти 4 года назад

PHP remote file inclusion vulnerability in index.php in the Be2004-2 template for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

EPSS: Низкий
github логотип

GHSA-32jw-rrh7-q59g

больше 1 года назад

Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially control the performance of the resource.

CVSS3: 4
EPSS: Низкий
github логотип

GHSA-32jw-9c3r-w82w

больше 3 лет назад

WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4734, and CVE-2016-4735.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-32jr-c78f-w9f2

больше 3 лет назад

Microsoft Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

EPSS: Средний
github логотип

GHSA-32jr-8q2g-wwf3

больше 3 лет назад

Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in (1) the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in (2) an edit action or (3) a delete action to the default URI.

EPSS: Высокий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-32m7-9832-wfc6

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVSS3: 8.8
22%
Средний
больше 3 лет назад
github логотип
GHSA-32m5-wrmj-7cr6

IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336.

CVSS3: 5.1
0%
Низкий
почти 2 года назад
github логотип
GHSA-32m5-hfrr-c4wj

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUDjVuFile!DllUnregisterServer+0x000000000000328e."

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-32m5-c8qv-fq2h

Multiple cross-site scripting (XSS) vulnerabilities in (1) mainpage.jsp and (2) GetImageServlet.img in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-32m5-2pgc-wc86

AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerability in the NetCrunch web client, which can lead to an authentication bypass or escalation of privileges.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-32m3-95vg-gvx5

SQL injection vulnerability in index.php in DBSite 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-32m2-9f76-4gv8

Business Logic Errors in SilverStripe Framework

CVSS3: 4.3
около 4 лет назад
github логотип
GHSA-32m2-83j8-f3hg

The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.

CVSS3: 5.5
82%
Высокий
больше 3 лет назад
github логотип
GHSA-32m2-5wjp-2hcg

Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter.

9%
Низкий
почти 4 года назад
github логотип
GHSA-32jx-pg7c-gcmv

Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-32jx-m2q2-rwr4

There exists a partial Denial of Service vulnerability in Wanscam HW0021 IP Cameras. An attacker could craft a malicious POST request to crash the ONVIF service on such a device.

CVSS3: 5.9
0%
Низкий
больше 3 лет назад
github логотип
GHSA-32jx-jm5r-c6x7

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated vulnerability that allows remote attackers to access live radio stream information through webplay or ffmpeg scripts. Attackers can exploit the vulnerability by calling specific web scripts to disclose radio stream details without requiring authentication.

CVSS3: 9.8
1%
Низкий
около 1 месяца назад
github логотип
GHSA-32jx-cx53-vp3r

The Connexion Logs WordPress plugin through 3.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

CVSS3: 4.3
0%
Низкий
9 месяцев назад
github логотип
GHSA-32jx-75mj-c5hj

Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection."

5%
Низкий
больше 3 лет назад
github логотип
GHSA-32jx-4w8w-vxmx

A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. Affected Products: Cisco Firepower Management Center and FireSIGHT System Software are affected when they are configured to use a file policy that has the Block Malware action. More Information: CSCvb27494. Known Affected Releases: 6.0.1.1 6.1.0.

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-32jw-x745-fx6j

PHP remote file inclusion vulnerability in index.php in the Be2004-2 template for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

5%
Низкий
почти 4 года назад
github логотип
GHSA-32jw-rrh7-q59g

Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially control the performance of the resource.

CVSS3: 4
0%
Низкий
больше 1 года назад
github логотип
GHSA-32jw-9c3r-w82w

WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4734, and CVE-2016-4735.

CVSS3: 7.8
1%
Низкий
больше 3 лет назад
github логотип
GHSA-32jr-c78f-w9f2

Microsoft Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

39%
Средний
больше 3 лет назад
github логотип
GHSA-32jr-8q2g-wwf3

Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in (1) the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in (2) an edit action or (3) a delete action to the default URI.

85%
Высокий
больше 3 лет назад

Уязвимостей на страницу