Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-2rp3-f3rf-mfpr

больше 3 лет назад

The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-2rp2-rw4v-352c

больше 3 лет назад

SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The username_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2rmx-8hf9-hm7v

больше 3 лет назад

74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component \index\controller\Download.php.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2rmx-48m6-825j

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in HP ServiceCenter allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-2rmw-22w9-6gqv

около 2 месяцев назад

A vulnerability was determined in code-projects Refugee Food Management System 1.0. The affected element is an unknown function of the file /home/home.php. This manipulation of the argument a causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

CVSS3: 7.3
EPSS: Низкий
github логотип

GHSA-2rmv-q4gp-w43q

больше 3 лет назад

The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC.

EPSS: Низкий
github логотип

GHSA-2rmv-pmj6-727m

9 месяцев назад

Incorrect behavior order for some Intel(R) Core™ Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access.

CVSS3: 4.9
EPSS: Низкий
github логотип

GHSA-2rmv-mx4c-h2wv

19 дней назад

Rejected reason: Not used

EPSS: Низкий
github логотип

GHSA-2rmv-cg3m-3gq6

10 месяцев назад

Missing Authorization vulnerability in Syntactics, Inc. eaSYNC allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects eaSYNC: from n/a through 1.3.19.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-2rmv-3q59-r6g3

около 1 года назад

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sb_login_user_with_otp_fun() function. This makes it possible for unauthenticated attackers to log in as arbitrary users, including administrators.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2rmr-xw8m-22q9

около 2 лет назад

Sentry Next.js vulnerable to SSRF via Next.js SDK tunnel endpoint

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-2rmr-vqgp-f8jv

4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata Following concurrent processes: P1(drop cache) P2(kworker) drop_caches_sysctl_handler drop_slab shrink_slab down_read(&shrinker_rwsem) - LOCK A do_shrink_slab super_cache_scan prune_icache_sb dispose_list evict ext4_evict_inode ext4_clear_inode ext4_discard_preallocations ext4_mb_load_buddy_gfp ext4_mb_init_cache ext4_read_block_bitmap_nowait ext4_read_bh_nowait submit_bh dm_submit_bio do_worker process_deferred_bios commit metadata_operation_failed dm_pool_abort_metadata down_write(&pmd->root_lock) - LOCK B __destroy_persistent_data_objects dm_block_manager_destroy dm_bufio_client_destroy unregister_shrinker ...

EPSS: Низкий
github логотип

GHSA-2rmr-49w2-jxx7

больше 2 лет назад

Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and below is vulnerable to Denial of Service if a survey contains a "Text Field", "Comment Field" or "Contact Details".

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2rmr-23wf-5jvq

почти 4 года назад

Buffer overflow in the LGServer service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary code via unspecified "command arguments."

EPSS: Средний
github логотип

GHSA-2rmq-m43q-chm7

12 месяцев назад

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Import Data From File feature in all versions up to, and including, 3.11.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS3: 6.4
EPSS: Низкий
github логотип

GHSA-2rmq-hwgh-xq34

больше 3 лет назад

SQL injection vulnerability in index.php in WebStudio eCatalogue allows remote attackers to execute arbitrary SQL commands via the pageid parameter.

EPSS: Низкий
github логотип

GHSA-2rmp-vm63-x8jm

почти 3 года назад

The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the saveLang function. This makes it possible for unauthenticated attackers to change the plugin's quick language translation settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-2rmp-qgp4-wg66

3 месяца назад

A weakness has been identified in bestfeng oa_git_free up to 9.5. This affects the function updateWriteBack of the file yimioa-oa9.5\server\c-flow\src\main\java\com\cloudweb\oa\controller\WorkflowPredefineController.java. This manipulation of the argument writeProp causes xml external entity reference. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.

CVSS3: 6.3
EPSS: Низкий
github логотип

GHSA-2rmp-fw5r-j5qv

больше 4 лет назад

Improper Authentication in InfluxDB

CVSS3: 9.8
EPSS: Критический
github логотип

GHSA-2rmp-82h5-59gg

почти 4 года назад

eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop module.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2rp3-f3rf-mfpr

The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS.

CVSS3: 6.1
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2rp2-rw4v-352c

SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The username_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability.

CVSS3: 9.8
1%
Низкий
больше 3 лет назад
github логотип
GHSA-2rmx-8hf9-hm7v

74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component \index\controller\Download.php.

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2rmx-48m6-825j

Cross-site scripting (XSS) vulnerability in HP ServiceCenter allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2rmw-22w9-6gqv

A vulnerability was determined in code-projects Refugee Food Management System 1.0. The affected element is an unknown function of the file /home/home.php. This manipulation of the argument a causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

CVSS3: 7.3
0%
Низкий
около 2 месяцев назад
github логотип
GHSA-2rmv-q4gp-w43q

The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-2rmv-pmj6-727m

Incorrect behavior order for some Intel(R) Core™ Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access.

CVSS3: 4.9
0%
Низкий
9 месяцев назад
github логотип
GHSA-2rmv-mx4c-h2wv

Rejected reason: Not used

19 дней назад
github логотип
GHSA-2rmv-cg3m-3gq6

Missing Authorization vulnerability in Syntactics, Inc. eaSYNC allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects eaSYNC: from n/a through 1.3.19.

CVSS3: 5.4
0%
Низкий
10 месяцев назад
github логотип
GHSA-2rmv-3q59-r6g3

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sb_login_user_with_otp_fun() function. This makes it possible for unauthenticated attackers to log in as arbitrary users, including administrators.

CVSS3: 9.8
10%
Низкий
около 1 года назад
github логотип
GHSA-2rmr-xw8m-22q9

Sentry Next.js vulnerable to SSRF via Next.js SDK tunnel endpoint

CVSS3: 6.1
1%
Низкий
около 2 лет назад
github логотип
GHSA-2rmr-vqgp-f8jv

In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata Following concurrent processes: P1(drop cache) P2(kworker) drop_caches_sysctl_handler drop_slab shrink_slab down_read(&shrinker_rwsem) - LOCK A do_shrink_slab super_cache_scan prune_icache_sb dispose_list evict ext4_evict_inode ext4_clear_inode ext4_discard_preallocations ext4_mb_load_buddy_gfp ext4_mb_init_cache ext4_read_block_bitmap_nowait ext4_read_bh_nowait submit_bh dm_submit_bio do_worker process_deferred_bios commit metadata_operation_failed dm_pool_abort_metadata down_write(&pmd->root_lock) - LOCK B __destroy_persistent_data_objects dm_block_manager_destroy dm_bufio_client_destroy unregister_shrinker ...

0%
Низкий
4 месяца назад
github логотип
GHSA-2rmr-49w2-jxx7

Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and below is vulnerable to Denial of Service if a survey contains a "Text Field", "Comment Field" or "Contact Details".

CVSS3: 7.5
2%
Низкий
больше 2 лет назад
github логотип
GHSA-2rmr-23wf-5jvq

Buffer overflow in the LGServer service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary code via unspecified "command arguments."

17%
Средний
почти 4 года назад
github логотип
GHSA-2rmq-m43q-chm7

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Import Data From File feature in all versions up to, and including, 3.11.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS3: 6.4
0%
Низкий
12 месяцев назад
github логотип
GHSA-2rmq-hwgh-xq34

SQL injection vulnerability in index.php in WebStudio eCatalogue allows remote attackers to execute arbitrary SQL commands via the pageid parameter.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2rmp-vm63-x8jm

The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the saveLang function. This makes it possible for unauthenticated attackers to change the plugin's quick language translation settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS3: 4.3
0%
Низкий
почти 3 года назад
github логотип
GHSA-2rmp-qgp4-wg66

A weakness has been identified in bestfeng oa_git_free up to 9.5. This affects the function updateWriteBack of the file yimioa-oa9.5\server\c-flow\src\main\java\com\cloudweb\oa\controller\WorkflowPredefineController.java. This manipulation of the argument writeProp causes xml external entity reference. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.

CVSS3: 6.3
0%
Низкий
3 месяца назад
github логотип
GHSA-2rmp-fw5r-j5qv

Improper Authentication in InfluxDB

CVSS3: 9.8
94%
Критический
больше 4 лет назад
github логотип
GHSA-2rmp-82h5-59gg

eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop module.

1%
Низкий
почти 4 года назад

Уязвимостей на страницу