Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-2xc5-3f92-ffpr

больше 1 года назад

Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-2xc4-fqpw-rrgw

4 месяца назад

A security flaw has been discovered in JhumanJ OpnForm up to 1.9.3. The impacted element is an unknown function of the component API Endpoint. The manipulation results in cross-site request forgery. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor has stated that API calls require authentication through Authorization Bearer Tokens, so classic CSRF attacks do not apply here. An attacker would need to possess the JWT through means such as XSS which were mitigated, disabling any form of initial access.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-2xc3-3457-6965

больше 3 лет назад

EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by cross-site scripting (XSS) in the Admin Profile Page. This vulnerability can result in the attacker injecting the XSS payload in Admin Full Name and each time admin visits the Profile page from the admin panel, the XSS triggers.

EPSS: Низкий
github логотип

GHSA-2xc2-v898-cwrf

больше 3 лет назад

Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script.

CVSS3: 8
EPSS: Низкий
github логотип

GHSA-2xc2-rj8c-xgm7

больше 3 лет назад

An issue was discovered in MISP before 2.4.121. It did not consider the HTTP PUT method when trying to block a brute-force series of invalid requests.

EPSS: Низкий
github логотип

GHSA-2xc2-qjvp-7mf4

больше 3 лет назад

Network Vision IntraVue before 2.3.0a14 on Windows allows remote attackers to execute arbitrary OS commands via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-2xc2-pjxc-5w86

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in admin/index.php in phplist 2.10.9, 2.10.17, and possibly other versions before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the testtarget parameter. NOTE: some of these details are obtained from third party information.

EPSS: Низкий
github логотип

GHSA-2xc2-cp72-q3q2

почти 4 года назад

ipmasq before 3.5.12, in certain configurations, may forward packets to the external interface even if the packets are not associated with an established connection, which could allow remote attackers to bypass intended filtering.

EPSS: Низкий
github логотип

GHSA-2x9x-c2fx-m574

больше 3 лет назад

Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Successful exploitation could lead to information disclosure.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-2x9x-8f2w-9hwc

больше 3 лет назад

Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php in WordPress before 4.2.4 allows remote attackers to hijack the authentication of administrators for requests that lock a post, and consequently cause a denial of service (editing blockage), via a get-post-lock action.

EPSS: Средний
github логотип

GHSA-2x9x-24qc-mmqv

почти 2 года назад

Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation.

CVSS3: 7.7
EPSS: Низкий
github логотип

GHSA-2x9w-m9r8-rmvq

почти 4 года назад

LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability

EPSS: Средний
github логотип

GHSA-2x9w-8rqj-6v89

больше 3 лет назад

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2x9r-wrw3-xf8x

10 месяцев назад

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in publitio Publitio allows Path Traversal. This issue affects Publitio: from n/a through 2.1.8.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-2x9r-7w9v-hwjw

больше 3 лет назад

Untrusted search path vulnerability in Attachmate Reflection before 14.1 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, a related issue to CVE-2011-0107. NOTE: some of these details are obtained from third party information.

EPSS: Низкий
github логотип

GHSA-2x9q-pf3q-cg3c

6 месяцев назад

Invoice Ninja's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access (e.g. via a malicious application) to attach a debugger, read or modify the process memory, inject code in the application's context despite being signed with Hardened Runtime and bypass Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted permissions requires user interaction with a system prompt asking for permission. According to Apple documentation, when a non-root user runs an app with the debugging tool entitlement, the system presents an authorization dialog asking for a system administrator's credentials. Since there is no prompt when the target process has "get-task-allow" entitlement, the presence of this entitlement was decided to be treated as a vulnerability because it removes one step needed to...

EPSS: Низкий
github логотип

GHSA-2x9p-5m3j-p43m

больше 3 лет назад

Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Download vulnerability via the neirong parameter at \backend\controllers\DbController.php.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-2x9p-553v-3rgx

больше 3 лет назад

Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-2x9m-qxg5-hr3f

больше 3 лет назад

The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability."

EPSS: Средний
github логотип

GHSA-2x9m-ghpm-wjh6

больше 3 лет назад

A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause bypass of authentication when overwriting memory using a debugger.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2xc5-3f92-ffpr

Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

CVSS3: 4.3
0%
Низкий
больше 1 года назад
github логотип
GHSA-2xc4-fqpw-rrgw

A security flaw has been discovered in JhumanJ OpnForm up to 1.9.3. The impacted element is an unknown function of the component API Endpoint. The manipulation results in cross-site request forgery. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor has stated that API calls require authentication through Authorization Bearer Tokens, so classic CSRF attacks do not apply here. An attacker would need to possess the JWT through means such as XSS which were mitigated, disabling any form of initial access.

CVSS3: 4.3
0%
Низкий
4 месяца назад
github логотип
GHSA-2xc3-3457-6965

EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by cross-site scripting (XSS) in the Admin Profile Page. This vulnerability can result in the attacker injecting the XSS payload in Admin Full Name and each time admin visits the Profile page from the admin panel, the XSS triggers.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-2xc2-v898-cwrf

Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script.

CVSS3: 8
1%
Низкий
больше 3 лет назад
github логотип
GHSA-2xc2-rj8c-xgm7

An issue was discovered in MISP before 2.4.121. It did not consider the HTTP PUT method when trying to block a brute-force series of invalid requests.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-2xc2-qjvp-7mf4

Network Vision IntraVue before 2.3.0a14 on Windows allows remote attackers to execute arbitrary OS commands via unspecified vectors.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-2xc2-pjxc-5w86

Cross-site scripting (XSS) vulnerability in admin/index.php in phplist 2.10.9, 2.10.17, and possibly other versions before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the testtarget parameter. NOTE: some of these details are obtained from third party information.

4%
Низкий
больше 3 лет назад
github логотип
GHSA-2xc2-cp72-q3q2

ipmasq before 3.5.12, in certain configurations, may forward packets to the external interface even if the packets are not associated with an established connection, which could allow remote attackers to bypass intended filtering.

0%
Низкий
почти 4 года назад
github логотип
GHSA-2x9x-c2fx-m574

Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Successful exploitation could lead to information disclosure.

CVSS3: 6.5
1%
Низкий
больше 3 лет назад
github логотип
GHSA-2x9x-8f2w-9hwc

Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php in WordPress before 4.2.4 allows remote attackers to hijack the authentication of administrators for requests that lock a post, and consequently cause a denial of service (editing blockage), via a get-post-lock action.

15%
Средний
больше 3 лет назад
github логотип
GHSA-2x9x-24qc-mmqv

Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation.

CVSS3: 7.7
0%
Низкий
почти 2 года назад
github логотип
GHSA-2x9w-m9r8-rmvq

LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability

54%
Средний
почти 4 года назад
github логотип
GHSA-2x9w-8rqj-6v89

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2x9r-wrw3-xf8x

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in publitio Publitio allows Path Traversal. This issue affects Publitio: from n/a through 2.1.8.

CVSS3: 6.5
0%
Низкий
10 месяцев назад
github логотип
GHSA-2x9r-7w9v-hwjw

Untrusted search path vulnerability in Attachmate Reflection before 14.1 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, a related issue to CVE-2011-0107. NOTE: some of these details are obtained from third party information.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2x9q-pf3q-cg3c

Invoice Ninja's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access (e.g. via a malicious application) to attach a debugger, read or modify the process memory, inject code in the application's context despite being signed with Hardened Runtime and bypass Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted permissions requires user interaction with a system prompt asking for permission. According to Apple documentation, when a non-root user runs an app with the debugging tool entitlement, the system presents an authorization dialog asking for a system administrator's credentials. Since there is no prompt when the target process has "get-task-allow" entitlement, the presence of this entitlement was decided to be treated as a vulnerability because it removes one step needed to...

0%
Низкий
6 месяцев назад
github логотип
GHSA-2x9p-5m3j-p43m

Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Download vulnerability via the neirong parameter at \backend\controllers\DbController.php.

CVSS3: 5.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2x9p-553v-3rgx

Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.

CVSS3: 6.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2x9m-qxg5-hr3f

The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability."

35%
Средний
больше 3 лет назад
github логотип
GHSA-2x9m-ghpm-wjh6

A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause bypass of authentication when overwriting memory using a debugger.

0%
Низкий
больше 3 лет назад

Уязвимостей на страницу