Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-2rq3-28ph-m8mh

больше 3 лет назад

Adobe After Effects version 18.2.1 (and earlier) is affected by an out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

EPSS: Низкий
github логотип

GHSA-2rq2-hm3x-v2v9

20 дней назад

A vulnerability was found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. This affects an unknown part of the file /php/api_patient_schedule.php. Performing a manipulation of the argument Reason results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used.

CVSS3: 3.5
EPSS: Низкий
github логотип

GHSA-2rq2-48fh-56v5

почти 4 года назад

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.8.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K images. Crafted data in a J2K file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15161.

EPSS: Низкий
github логотип

GHSA-2rpx-x533-qfww

больше 3 лет назад

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how affected Microsoft scripting engines handle objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11794 and CVE-2017-11803.

CVSS3: 4.3
EPSS: Средний
github логотип

GHSA-2rpx-x37c-9w5p

больше 2 лет назад

Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS3: 8.8
EPSS: Средний
github логотип

GHSA-2rpx-jj49-wf29

больше 3 лет назад

Byobu Apport hook may disclose sensitive information since it automatically uploads the local user's .screenrc which may contain private hostnames, usernames and passwords. This issue affects: byobu

EPSS: Низкий
github логотип

GHSA-2rpw-x26f-wmg7

больше 3 лет назад

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to File Processing.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-2rpw-3w88-97r6

больше 2 лет назад

TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerable to Buffer Overflow.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2rpv-px67-6xcc

почти 2 года назад

Rejected reason: This is unused.

EPSS: Низкий
github логотип

GHSA-2rpv-m9vg-g7g3

10 месяцев назад

Rejected reason: Not used

EPSS: Низкий
github логотип

GHSA-2rpv-jjj3-r2m2

больше 3 лет назад

A buffer overflow vulnerability was observed in divby function of Artifex Software, Inc. MuJS before 8c805b4eb19cf2af689c860b77e6111d2ee439d5. A successful exploitation of this issue can lead to code execution or denial of service condition.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2rpv-5gq5-8p5q

больше 3 лет назад

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, a.k.a. "Internet Explorer Memory Corruption Vulnerability."

CVSS3: 7.5
EPSS: Средний
github логотип

GHSA-2rpv-42c9-4hgr

больше 3 лет назад

A Remote Code Execution vulnerability exists in PRTG Network Monitor before 19.4.54.1506 that allows attackers to execute code due to insufficient sanitization when passing arguments to the HttpTransactionSensor.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Transaction Sensor and set specific settings when the sensor is executed.

EPSS: Средний
github логотип

GHSA-2rpv-33qg-3xg6

около 2 лет назад

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Side Menu Lite – add sticky fixed buttons plugin <= 4.0 versions.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-2rpr-pf46-4w2m

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in the Ubercart Webform Integration module before 6.x-1.8 and 7.x before 7.x-2.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-2rpr-g8wh-pgw8

больше 3 лет назад

An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter.

CVSS3: 7.2
EPSS: Низкий
github логотип

GHSA-2rpq-p6fh-7mx6

почти 2 года назад

An issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the postProcess() method.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2rpq-3585-p54f

больше 3 лет назад

Information Disclosure vulnerability in UserAdmin application in SAP NetWeaver Application Server for Java, versions - 7.11,7.20,7.30,7.31,7.40 and 7.50 allows attackers to access restricted information by entering malicious server name.

CVSS3: 4.9
EPSS: Низкий
github логотип

GHSA-2rpp-5f7j-m472

больше 3 лет назад

Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.

CVSS3: 2.3
EPSS: Низкий
github логотип

GHSA-2rpp-4gcg-qm8x

8 месяцев назад

A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations.

CVSS3: 9.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2rq3-28ph-m8mh

Adobe After Effects version 18.2.1 (and earlier) is affected by an out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

2%
Низкий
больше 3 лет назад
github логотип
GHSA-2rq2-hm3x-v2v9

A vulnerability was found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. This affects an unknown part of the file /php/api_patient_schedule.php. Performing a manipulation of the argument Reason results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used.

CVSS3: 3.5
0%
Низкий
20 дней назад
github логотип
GHSA-2rq2-48fh-56v5

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.8.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K images. Crafted data in a J2K file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15161.

0%
Низкий
почти 4 года назад
github логотип
GHSA-2rpx-x533-qfww

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how affected Microsoft scripting engines handle objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11794 and CVE-2017-11803.

CVSS3: 4.3
11%
Средний
больше 3 лет назад
github логотип
GHSA-2rpx-x37c-9w5p

Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS3: 8.8
17%
Средний
больше 2 лет назад
github логотип
GHSA-2rpx-jj49-wf29

Byobu Apport hook may disclose sensitive information since it automatically uploads the local user's .screenrc which may contain private hostnames, usernames and passwords. This issue affects: byobu

1%
Низкий
больше 3 лет назад
github логотип
GHSA-2rpw-x26f-wmg7

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to File Processing.

CVSS3: 6.1
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2rpw-3w88-97r6

TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerable to Buffer Overflow.

CVSS3: 9.8
0%
Низкий
больше 2 лет назад
github логотип
GHSA-2rpv-px67-6xcc

Rejected reason: This is unused.

почти 2 года назад
github логотип
GHSA-2rpv-m9vg-g7g3

Rejected reason: Not used

10 месяцев назад
github логотип
GHSA-2rpv-jjj3-r2m2

A buffer overflow vulnerability was observed in divby function of Artifex Software, Inc. MuJS before 8c805b4eb19cf2af689c860b77e6111d2ee439d5. A successful exploitation of this issue can lead to code execution or denial of service condition.

CVSS3: 9.8
1%
Низкий
больше 3 лет назад
github логотип
GHSA-2rpv-5gq5-8p5q

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, a.k.a. "Internet Explorer Memory Corruption Vulnerability."

CVSS3: 7.5
62%
Средний
больше 3 лет назад
github логотип
GHSA-2rpv-42c9-4hgr

A Remote Code Execution vulnerability exists in PRTG Network Monitor before 19.4.54.1506 that allows attackers to execute code due to insufficient sanitization when passing arguments to the HttpTransactionSensor.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Transaction Sensor and set specific settings when the sensor is executed.

13%
Средний
больше 3 лет назад
github логотип
GHSA-2rpv-33qg-3xg6

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Side Menu Lite – add sticky fixed buttons plugin <= 4.0 versions.

CVSS3: 4.3
0%
Низкий
около 2 лет назад
github логотип
GHSA-2rpr-pf46-4w2m

Cross-site scripting (XSS) vulnerability in the Ubercart Webform Integration module before 6.x-1.8 and 7.x before 7.x-2.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2rpr-g8wh-pgw8

An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter.

CVSS3: 7.2
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2rpq-p6fh-7mx6

An issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the postProcess() method.

CVSS3: 9.8
2%
Низкий
почти 2 года назад
github логотип
GHSA-2rpq-3585-p54f

Information Disclosure vulnerability in UserAdmin application in SAP NetWeaver Application Server for Java, versions - 7.11,7.20,7.30,7.31,7.40 and 7.50 allows attackers to access restricted information by entering malicious server name.

CVSS3: 4.9
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2rpp-5f7j-m472

Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.

CVSS3: 2.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2rpp-4gcg-qm8x

A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations.

CVSS3: 9.8
0%
Низкий
8 месяцев назад

Уязвимостей на страницу