Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-2w29-fw64-5ggm

9 месяцев назад

A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may allow an attacker with knowledge of an existing admin account to access the device as a valid admin via an authentication bypass.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2w28-624x-pwr2

почти 4 года назад

Cross-site scripting (XSS) vulnerability in login.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via the customerEmailAddress parameter.

EPSS: Низкий
github логотип

GHSA-2w27-grg7-mp25

больше 2 лет назад

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.

CVSS3: 6.8
EPSS: Низкий
github логотип

GHSA-2w26-vhm9-x8ph

больше 3 лет назад

A vulnerability has been identified in SIMATIC WinCC OA UI for Android (All versions < V3.15.10), SIMATIC WinCC OA UI for iOS (All versions < V3.15.10). Insufficient limitation of CONTROL script capabilities could allow read and write access from one HMI project cache folder to other HMI project cache folders within the app's sandbox on the same mobile device. This includes HMI project cache folders of other configured WinCC OA servers. The security vulnerability could be exploited by an attacker who tricks an app user to connect to an attacker-controlled WinCC OA server. Successful exploitation requires user interaction and read/write access to the app's folder on a mobile device. The vulnerability could allow reading data from and writing data to the app's folder. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue.

CVSS3: 6.7
EPSS: Низкий
github логотип

GHSA-2w26-gmqm-mc5p

больше 3 лет назад

Magento 2 Community Cryptographic Flaw

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-2w26-5wwq-p3h6

больше 3 лет назад

On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2w24-rmxp-xpr3

около 1 года назад

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field.

CVSS3: 4.2
EPSS: Низкий
github логотип

GHSA-2w24-8j54-p2gx

6 месяцев назад

A vulnerability was found in macrozheng mall up to 1.0.3 and classified as problematic. This issue affects the function detail of the file UmsMemberController.java of the component com.macro.mall.portal.controller. The manipulation of the argument orderId leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-2vxx-xxv4-3gj8

больше 3 лет назад

Reflected XSS in wordpress plugin admin-font-editor v1.8

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-2vxx-j2xr-8w6v

8 месяцев назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Toc.Js allows Cross-Site Scripting (XSS).This issue affects Toc.Js: from 0.0.0 before 3.2.1.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-2vxw-vrpv-6q69

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the src parameter in the search action to index.php.

EPSS: Низкий
github логотип

GHSA-2vxv-gxpx-wc5c

больше 3 лет назад

Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access when credentials are discovered after a brute force attack.

EPSS: Низкий
github логотип

GHSA-2vxv-629v-36vg

почти 4 года назад

PHP remote file inclusion vulnerability in kopf.php in DMCounter 0.9.2-b allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.

EPSS: Низкий
github логотип

GHSA-2vxr-xm37-7x29

больше 3 лет назад

D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.

EPSS: Низкий
github логотип

GHSA-2vxp-rq9r-5v72

около 4 лет назад

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190839.

EPSS: Низкий
github логотип

GHSA-2vxm-vp4c-fjfw

около 4 лет назад

Authentication Bypass in Apache Cassandra

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2vxm-9c9f-7q2m

около 1 года назад

Adobe Document Service allows an attacker with administrator privileges to send a crafted request from a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. On successful exploitation, the attacker can read or modify any file and/or make the entire system unavailable.

CVSS3: 9.1
EPSS: Низкий
github логотип

GHSA-2vxj-pxvw-7hx9

6 месяцев назад

Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-2vxj-2qq6-h8r7

больше 3 лет назад

Motorola Scanner SDK uses weak permissions for (1) CoreScanner.exe, (2) rsmdriverproviderservice.exe, and (3) ScannerService.exe, which allows local users to gain privileges via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-2vxh-hj65-9hr4

около 4 лет назад

There is a privilege escalation vulnerability in some webOS TVs. Due to wrong setting environments, local attacker is able to perform specific operation to exploit this vulnerability. Exploitation may cause the attacker to obtain a higher privilege

CVSS3: 7.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2w29-fw64-5ggm

A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may allow an attacker with knowledge of an existing admin account to access the device as a valid admin via an authentication bypass.

CVSS3: 9.8
0%
Низкий
9 месяцев назад
github логотип
GHSA-2w28-624x-pwr2

Cross-site scripting (XSS) vulnerability in login.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via the customerEmailAddress parameter.

0%
Низкий
почти 4 года назад
github логотип
GHSA-2w27-grg7-mp25

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.

CVSS3: 6.8
0%
Низкий
больше 2 лет назад
github логотип
GHSA-2w26-vhm9-x8ph

A vulnerability has been identified in SIMATIC WinCC OA UI for Android (All versions < V3.15.10), SIMATIC WinCC OA UI for iOS (All versions < V3.15.10). Insufficient limitation of CONTROL script capabilities could allow read and write access from one HMI project cache folder to other HMI project cache folders within the app's sandbox on the same mobile device. This includes HMI project cache folders of other configured WinCC OA servers. The security vulnerability could be exploited by an attacker who tricks an app user to connect to an attacker-controlled WinCC OA server. Successful exploitation requires user interaction and read/write access to the app's folder on a mobile device. The vulnerability could allow reading data from and writing data to the app's folder. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue.

CVSS3: 6.7
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2w26-gmqm-mc5p

Magento 2 Community Cryptographic Flaw

CVSS3: 5.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2w26-5wwq-p3h6

On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

CVSS3: 9.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2w24-rmxp-xpr3

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field.

CVSS3: 4.2
0%
Низкий
около 1 года назад
github логотип
GHSA-2w24-8j54-p2gx

A vulnerability was found in macrozheng mall up to 1.0.3 and classified as problematic. This issue affects the function detail of the file UmsMemberController.java of the component com.macro.mall.portal.controller. The manipulation of the argument orderId leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS3: 5.3
0%
Низкий
6 месяцев назад
github логотип
GHSA-2vxx-xxv4-3gj8

Reflected XSS in wordpress plugin admin-font-editor v1.8

CVSS3: 6.1
2%
Низкий
больше 3 лет назад
github логотип
GHSA-2vxx-j2xr-8w6v

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Toc.Js allows Cross-Site Scripting (XSS).This issue affects Toc.Js: from 0.0.0 before 3.2.1.

CVSS3: 6.1
0%
Низкий
8 месяцев назад
github логотип
GHSA-2vxw-vrpv-6q69

Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the src parameter in the search action to index.php.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2vxv-gxpx-wc5c

Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access when credentials are discovered after a brute force attack.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2vxv-629v-36vg

PHP remote file inclusion vulnerability in kopf.php in DMCounter 0.9.2-b allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.

6%
Низкий
почти 4 года назад
github логотип
GHSA-2vxr-xm37-7x29

D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2vxp-rq9r-5v72

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190839.

0%
Низкий
около 4 лет назад
github логотип
GHSA-2vxm-vp4c-fjfw

Authentication Bypass in Apache Cassandra

CVSS3: 7.5
1%
Низкий
около 4 лет назад
github логотип
GHSA-2vxm-9c9f-7q2m

Adobe Document Service allows an attacker with administrator privileges to send a crafted request from a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. On successful exploitation, the attacker can read or modify any file and/or make the entire system unavailable.

CVSS3: 9.1
0%
Низкий
около 1 года назад
github логотип
GHSA-2vxj-pxvw-7hx9

Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS3: 5.5
0%
Низкий
6 месяцев назад
github логотип
GHSA-2vxj-2qq6-h8r7

Motorola Scanner SDK uses weak permissions for (1) CoreScanner.exe, (2) rsmdriverproviderservice.exe, and (3) ScannerService.exe, which allows local users to gain privileges via unspecified vectors.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2vxh-hj65-9hr4

There is a privilege escalation vulnerability in some webOS TVs. Due to wrong setting environments, local attacker is able to perform specific operation to exploit this vulnerability. Exploitation may cause the attacker to obtain a higher privilege

CVSS3: 7.8
0%
Низкий
около 4 лет назад

Уязвимостей на страницу