Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-2xjp-g4vr-mgh3

около 1 года назад

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in silverplugins217 Multiple Shipping And Billing Address For Woocommerce allows SQL Injection.This issue affects Multiple Shipping And Billing Address For Woocommerce: from n/a through 1.2.

CVSS3: 9.3
EPSS: Низкий
github логотип

GHSA-2xjp-8pmx-7mmj

больше 3 лет назад

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

EPSS: Низкий
github логотип

GHSA-2xjj-5x6h-8vmf

больше 8 лет назад

Cross-site Scripting in actionpack

EPSS: Низкий
github логотип

GHSA-2xjj-2wcr-mj9m

больше 3 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) search_words parameter in a search action to wpf.class.php or (2) togroupusers parameter in an add_user_togroup action to fs-admin/fs-admin.php.

EPSS: Низкий
github логотип

GHSA-2xjh-cwp8-55q6

больше 2 лет назад

Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-2xjh-35wj-vw46

больше 3 лет назад

Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability."

CVSS3: 8.8
EPSS: Средний
github логотип

GHSA-2xjh-34g7-vxf5

около 1 года назад

IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. Using specially crafted input, the user could exploit this vulnerability to execute arbitrary code on the system.

CVSS3: 7.2
EPSS: Низкий
github логотип

GHSA-2xjg-x2hw-6m93

6 месяцев назад

A security vulnerability has been detected in 1000projects Online Project Report Submission and Evaluation System 1.0. Affected by this issue is some unknown functionality of the file /admin/add_title.php. Such manipulation of the argument Title leads to cross site scripting. The attack may be performed from a remote location. The exploit has been disclosed publicly and may be used.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-2xjg-vr83-9jg7

около 1 года назад

In Code-projects Shopping Portal v1.0, the insert-product.php page has an arbitrary file upload vulnerability.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2xjf-r5x5-5xpc

6 месяцев назад

An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference (IDOR) vulnerability, which occurs due to a lack of proper authorization checks when accessing objects referenced by this parameter. This allows direct access to other users' data or internal resources without proper permission. Successful exploitation of this flaw may result in the exposure of sensitive information.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2xjf-f4mq-m3q5

больше 2 лет назад

The KiviCare WordPress plugin before 3.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrator

CVSS3: 6.1
EPSS: Средний
github логотип

GHSA-2xjc-x966-7w92

6 месяцев назад

A vulnerability was found in code-projects Online Farm System 1.0 and classified as critical. This issue affects some unknown processing of the file /forgot_pass.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 7.3
EPSS: Низкий
github логотип

GHSA-2xjc-mxx3-gg7g

почти 4 года назад

Multiple cross-site scripting (XSS) vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to blank.html, or the createdataCX parameter to (2) calendar_d.html, (3) calendar_m.html, or (4) calendar_w.html.

EPSS: Низкий
github логотип

GHSA-2xjc-5rq3-qqgw

почти 3 года назад

Open redirect vulnerability in typecho 1.1-17.10.30-release via the referer parameter to Login.php.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-2xj9-j5v2-96c8

около 2 лет назад

Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'user' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2xj9-f7p4-9r93

больше 3 лет назад

A Use After Free condition can occur in the IPA driver whenever the IPA IOCTLs IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_ADD/IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_DEL/IPA_IOC_NOTIFY_WAN_EMBMS_CONNECTED are called in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2xj9-4426-9hfv

почти 4 года назад

The Bluetooth stack in the Sony Ericsson T60 does not properly implement "Limited discoverable" mode, which allows remote attackers to obtain unauthorized inquiry responses.

EPSS: Низкий
github логотип

GHSA-2xj8-wrjm-mfv6

почти 4 года назад

The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation.

EPSS: Средний
github логотип

GHSA-2xj8-3jr2-7qw3

почти 4 года назад

Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via an RX response containing more data than specified in a request, related to use of XDR arrays.

EPSS: Средний
github логотип

GHSA-2xj7-mfw6-mfvm

больше 3 лет назад

GitLab Community and Enterprise Edition 11.x before 11.3.13, 11.4.x before 11.4.11, and 11.5.x before 11.5.4 has Incorrect Access Control.

CVSS3: 7.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2xjp-g4vr-mgh3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in silverplugins217 Multiple Shipping And Billing Address For Woocommerce allows SQL Injection.This issue affects Multiple Shipping And Billing Address For Woocommerce: from n/a through 1.2.

CVSS3: 9.3
0%
Низкий
около 1 года назад
github логотип
GHSA-2xjp-8pmx-7mmj

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2xjj-5x6h-8vmf

Cross-site Scripting in actionpack

0%
Низкий
больше 8 лет назад
github логотип
GHSA-2xjj-2wcr-mj9m

Multiple cross-site scripting (XSS) vulnerabilities in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) search_words parameter in a search action to wpf.class.php or (2) togroupusers parameter in an add_user_togroup action to fs-admin/fs-admin.php.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2xjh-cwp8-55q6

Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature.

CVSS3: 5.4
0%
Низкий
больше 2 лет назад
github логотип
GHSA-2xjh-35wj-vw46

Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability."

CVSS3: 8.8
11%
Средний
больше 3 лет назад
github логотип
GHSA-2xjh-34g7-vxf5

IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. Using specially crafted input, the user could exploit this vulnerability to execute arbitrary code on the system.

CVSS3: 7.2
0%
Низкий
около 1 года назад
github логотип
GHSA-2xjg-x2hw-6m93

A security vulnerability has been detected in 1000projects Online Project Report Submission and Evaluation System 1.0. Affected by this issue is some unknown functionality of the file /admin/add_title.php. Such manipulation of the argument Title leads to cross site scripting. The attack may be performed from a remote location. The exploit has been disclosed publicly and may be used.

CVSS3: 4.3
0%
Низкий
6 месяцев назад
github логотип
GHSA-2xjg-vr83-9jg7

In Code-projects Shopping Portal v1.0, the insert-product.php page has an arbitrary file upload vulnerability.

CVSS3: 9.8
0%
Низкий
около 1 года назад
github логотип
GHSA-2xjf-r5x5-5xpc

An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference (IDOR) vulnerability, which occurs due to a lack of proper authorization checks when accessing objects referenced by this parameter. This allows direct access to other users' data or internal resources without proper permission. Successful exploitation of this flaw may result in the exposure of sensitive information.

CVSS3: 9.8
0%
Низкий
6 месяцев назад
github логотип
GHSA-2xjf-f4mq-m3q5

The KiviCare WordPress plugin before 3.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrator

CVSS3: 6.1
11%
Средний
больше 2 лет назад
github логотип
GHSA-2xjc-x966-7w92

A vulnerability was found in code-projects Online Farm System 1.0 and classified as critical. This issue affects some unknown processing of the file /forgot_pass.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 7.3
0%
Низкий
6 месяцев назад
github логотип
GHSA-2xjc-mxx3-gg7g

Multiple cross-site scripting (XSS) vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to blank.html, or the createdataCX parameter to (2) calendar_d.html, (3) calendar_m.html, or (4) calendar_w.html.

1%
Низкий
почти 4 года назад
github логотип
GHSA-2xjc-5rq3-qqgw

Open redirect vulnerability in typecho 1.1-17.10.30-release via the referer parameter to Login.php.

CVSS3: 6.1
0%
Низкий
почти 3 года назад
github логотип
GHSA-2xj9-j5v2-96c8

Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'user' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.

CVSS3: 9.8
около 2 лет назад
github логотип
GHSA-2xj9-f7p4-9r93

A Use After Free condition can occur in the IPA driver whenever the IPA IOCTLs IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_ADD/IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_DEL/IPA_IOC_NOTIFY_WAN_EMBMS_CONNECTED are called in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2xj9-4426-9hfv

The Bluetooth stack in the Sony Ericsson T60 does not properly implement "Limited discoverable" mode, which allows remote attackers to obtain unauthorized inquiry responses.

0%
Низкий
почти 4 года назад
github логотип
GHSA-2xj8-wrjm-mfv6

The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation.

14%
Средний
почти 4 года назад
github логотип
GHSA-2xj8-3jr2-7qw3

Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via an RX response containing more data than specified in a request, related to use of XDR arrays.

13%
Средний
почти 4 года назад
github логотип
GHSA-2xj7-mfw6-mfvm

GitLab Community and Enterprise Edition 11.x before 11.3.13, 11.4.x before 11.4.11, and 11.5.x before 11.5.4 has Incorrect Access Control.

CVSS3: 7.5
0%
Низкий
больше 3 лет назад

Уязвимостей на страницу