Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-2r68-xqjc-633p

почти 4 года назад

The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), exposes unsafe methods to arbitrary web domains, which allows remote attackers to download arbitrary code onto a client system and execute this code.

EPSS: Низкий
github логотип

GHSA-2r68-qm7v-72rg

больше 3 лет назад

Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks.

EPSS: Низкий
github логотип

GHSA-2r68-q5wj-6hmg

почти 3 года назад

An authenticated user can exploit a vulnerability in the IBM Spectrum Virtualize 8.2, 8.3, 8.4, and 8.5 GUI to execute code and escalate their privilege on the system. IBM X-Force ID: 239847.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2r68-mjqv-c389

больше 3 лет назад

Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggers an out-of-bounds write.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2r68-8x78-ffgh

больше 3 лет назад

The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof function, instead of using the API method that checks for invalid pointers. This vulnerability affects Firefox < 86.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-2r68-24rm-gcc8

больше 3 лет назад

The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the appid parameter in an entriessearch action.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2r68-2276-r3qc

4 месяца назад

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-2r67-r6rh-m6c2

почти 4 года назад

Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0366.

EPSS: Низкий
github логотип

GHSA-2r66-g66j-95vv

больше 3 лет назад

SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack.

EPSS: Низкий
github логотип

GHSA-2r66-4gq8-p5c6

больше 3 лет назад

IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 123904.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-2r65-q462-mppf

почти 4 года назад

Cross-site scripting (XSS) vulnerability in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to inject arbitrary web script or HTML via the context parameter to announcement.pl, which is reflected in the resulting page.

EPSS: Низкий
github логотип

GHSA-2r65-4p7m-p4r7

больше 3 лет назад

Unspecified vulnerability in the decode_frame function in libavcodec/indeo4.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the "setup width/height."

EPSS: Низкий
github логотип

GHSA-2r65-43vv-hg7r

почти 4 года назад

Multiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 (aka Oreon 1.4) allow remote attackers to execute arbitrary PHP code via a URL in the fileOreonConf parameter to (1) MakeXML.php or (2) MakeXML4statusCounter.php in include/monitoring/engine/.

EPSS: Низкий
github логотип

GHSA-2r64-mj4p-q485

больше 1 года назад

Soft Circle French-Bread Melty Blood: Actress Again: Current Code through 1.07 Rev. 1.4.0 allows a remote attacker to execute arbitrary code on a client's machine via a crafted packet on TCP port 46318.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2r64-gf37-jjcf

около 3 лет назад

A vulnerability classified as problematic was found in vicamo NetworkManager. Affected by this vulnerability is the function nm_setting_vlan_add_priority_str/nm_utils_rsa_key_encrypt/nm_setting_vlan_add_priority_str. The manipulation leads to missing release of resource. The name of the patch is afb0e2c53c4c17dfdb89d63b39db5101cc864704. It is recommended to apply a patch to fix this issue. The identifier VDB-217513 was assigned to this vulnerability.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2r64-2qmr-9w43

больше 3 лет назад

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.

EPSS: Низкий
github логотип

GHSA-2r63-v4pm-8j7g

больше 3 лет назад

An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victim's local ~/Downloads/ directory is possible if the victim is using the AnyDesk Windows client to connect to a remote machine, if an attacker is also connected remotely with AnyDesk to the same remote machine. The upload is done without any approval or action taken by the victim.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2r62-3h6c-3fgx

8 месяцев назад

Under certain conditions, an authenticated user request may execute with stale privileges following an intentional change by an authorized administrator. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.24, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB Server v8.0 version prior to 8.0.5.

CVSS3: 4.2
EPSS: Низкий
github логотип

GHSA-2r5x-wx43-5xm2

больше 3 лет назад

An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function swf_GetBits() located in rfxswf.c. It allows an attacker to cause code execution.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2r5x-pjf9-75qm

4 месяца назад

Photo module is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.

CVSS3: 4
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2r68-xqjc-633p

The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), exposes unsafe methods to arbitrary web domains, which allows remote attackers to download arbitrary code onto a client system and execute this code.

2%
Низкий
почти 4 года назад
github логотип
GHSA-2r68-qm7v-72rg

Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks.

2%
Низкий
больше 3 лет назад
github логотип
GHSA-2r68-q5wj-6hmg

An authenticated user can exploit a vulnerability in the IBM Spectrum Virtualize 8.2, 8.3, 8.4, and 8.5 GUI to execute code and escalate their privilege on the system. IBM X-Force ID: 239847.

CVSS3: 8.8
0%
Низкий
почти 3 года назад
github логотип
GHSA-2r68-mjqv-c389

Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggers an out-of-bounds write.

CVSS3: 9.8
1%
Низкий
больше 3 лет назад
github логотип
GHSA-2r68-8x78-ffgh

The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof function, instead of using the API method that checks for invalid pointers. This vulnerability affects Firefox < 86.

CVSS3: 6.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2r68-24rm-gcc8

The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the appid parameter in an entriessearch action.

CVSS3: 9.8
3%
Низкий
больше 3 лет назад
github логотип
GHSA-2r68-2276-r3qc

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface.

CVSS3: 6.5
0%
Низкий
4 месяца назад
github логотип
GHSA-2r67-r6rh-m6c2

Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0366.

3%
Низкий
почти 4 года назад
github логотип
GHSA-2r66-g66j-95vv

SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2r66-4gq8-p5c6

IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 123904.

CVSS3: 5.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2r65-q462-mppf

Cross-site scripting (XSS) vulnerability in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to inject arbitrary web script or HTML via the context parameter to announcement.pl, which is reflected in the resulting page.

0%
Низкий
почти 4 года назад
github логотип
GHSA-2r65-4p7m-p4r7

Unspecified vulnerability in the decode_frame function in libavcodec/indeo4.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the "setup width/height."

1%
Низкий
больше 3 лет назад
github логотип
GHSA-2r65-43vv-hg7r

Multiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 (aka Oreon 1.4) allow remote attackers to execute arbitrary PHP code via a URL in the fileOreonConf parameter to (1) MakeXML.php or (2) MakeXML4statusCounter.php in include/monitoring/engine/.

1%
Низкий
почти 4 года назад
github логотип
GHSA-2r64-mj4p-q485

Soft Circle French-Bread Melty Blood: Actress Again: Current Code through 1.07 Rev. 1.4.0 allows a remote attacker to execute arbitrary code on a client's machine via a crafted packet on TCP port 46318.

CVSS3: 9.8
4%
Низкий
больше 1 года назад
github логотип
GHSA-2r64-gf37-jjcf

A vulnerability classified as problematic was found in vicamo NetworkManager. Affected by this vulnerability is the function nm_setting_vlan_add_priority_str/nm_utils_rsa_key_encrypt/nm_setting_vlan_add_priority_str. The manipulation leads to missing release of resource. The name of the patch is afb0e2c53c4c17dfdb89d63b39db5101cc864704. It is recommended to apply a patch to fix this issue. The identifier VDB-217513 was assigned to this vulnerability.

CVSS3: 7.5
около 3 лет назад
github логотип
GHSA-2r64-2qmr-9w43

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.

2%
Низкий
больше 3 лет назад
github логотип
GHSA-2r63-v4pm-8j7g

An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victim's local ~/Downloads/ directory is possible if the victim is using the AnyDesk Windows client to connect to a remote machine, if an attacker is also connected remotely with AnyDesk to the same remote machine. The upload is done without any approval or action taken by the victim.

CVSS3: 8.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2r62-3h6c-3fgx

Under certain conditions, an authenticated user request may execute with stale privileges following an intentional change by an authorized administrator. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.24, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB Server v8.0 version prior to 8.0.5.

CVSS3: 4.2
0%
Низкий
8 месяцев назад
github логотип
GHSA-2r5x-wx43-5xm2

An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function swf_GetBits() located in rfxswf.c. It allows an attacker to cause code execution.

CVSS3: 7.8
1%
Низкий
больше 3 лет назад
github логотип
GHSA-2r5x-pjf9-75qm

Photo module is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.

CVSS3: 4
0%
Низкий
4 месяца назад

Уязвимостей на страницу