Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-2w97-hhmp-jmj9

около 3 лет назад

The WP Recipe Maker WordPress plugin before 8.6.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-2w97-78m3-mph6

9 месяцев назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stylemix Cost Calculator Builder allows Stored XSS. This issue affects Cost Calculator Builder: from n/a through 3.2.74.

CVSS3: 5.9
EPSS: Низкий
github логотип

GHSA-2w96-x49m-vc2j

почти 4 года назад

Unknown vulnerability in IlohaMail before 0.8.14-rc1 has unknown impact and attack vectors.

EPSS: Низкий
github логотип

GHSA-2w96-8922-g8xr

18 дней назад

Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the citytag stack buffer, which may result in memory corruption and remote code execution.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2w96-264r-66qf

около 4 лет назад

China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS command injection vulnerability in the web interface /api/ZRUsb/pop_usb_device component.

EPSS: Низкий
github логотип

GHSA-2w95-w2p8-6r8j

8 месяцев назад

Missing Authorization vulnerability in Uncanny Owl Uncanny Automator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator: from n/a through 6.4.0.2.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-2w95-7g9v-5582

11 месяцев назад

InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2w94-phv7-xjw4

почти 2 года назад

Archer Platform 6 before 2024.03 contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-2w94-97wx-8cvr

больше 3 лет назад

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198923.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-2w93-qwpp-vgvj

2 месяца назад

trytond does not enforce access rights for data export

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-2w93-9gpp-wf7v

больше 3 лет назад

SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted (1) U3D, (2) LWO, (3) JPEG2000, or (4) FBX file, aka "Out-Of-Bounds Indexing" vulnerabilities.

EPSS: Низкий
github логотип

GHSA-2w93-5qhr-rvc6

больше 3 лет назад

RabidHamster R2/Extreme 1.65 and earlier uses a small search space of values for the PIN number, which allows remote attackers to obtain the PIN number via a brute force attack.

EPSS: Низкий
github логотип

GHSA-2w93-2gh9-c8c2

больше 3 лет назад

A SQL Injection vulnerability exists in Western Bridge Cobub Razor 0.8.0 via the channel_name or platform parameter in a /index.php?/manage/channel/addchannel request, related to /application/controllers/manage/channel.php.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2w93-2cv6-8w7c

больше 3 лет назад

The WP Social Chat WordPress plugin before 6.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks.

CVSS3: 4.8
EPSS: Низкий
github логотип

GHSA-2w92-jpj9-jcf2

около 4 лет назад

In TBD of TBD, there is a possible downgrade attack due to under utilized anti-rollback protections. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194697257References: N/A

EPSS: Низкий
github логотип

GHSA-2w92-h6fh-j7gw

больше 1 года назад

Missing Authorization vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Asset CleanUp: Page Speed Booster: from n/a through 1.3.9.3.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-2w8x-pfh9-cp77

около 1 года назад

In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the refuse function was identified. Reported by Karol Więsek.

EPSS: Низкий
github логотип

GHSA-2w8x-37m4-26px

больше 3 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 5.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) viewname parameter in a CalendarAjax action, (2) activity_mode parameter in a DetailView action, (3) contact_id and (4) parent_id parameters in an EditView action, (5) day, (6) month, (7) subtab, (8) view, and (9) viewOption parameters in the index action, and (10) start parameter in the ListView action to the Calendar module; (11) return_action and (12) return_module parameters in the EditView action, and (13) query parameter in an index action to the Campaigns module; (14) return_url and (15) workflow_id parameters in an editworkflow action to the com_vtiger_workflow module; (16) display_view parameter in an index action to the Dashboard module; (17) closingdate_end, (18) closingdate_start, (19) date_closed, (20) owner, (21) leadsource, (22) sales_stage, and (23) type parameters in a ListView action to the Potentials module; ...

EPSS: Средний
github логотип

GHSA-2w8w-qhg4-f78j

больше 2 лет назад

A stored XSS in jaeger UI might allow an attacker who controls a trace to perform arbitrary jaeger queries

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-2w8w-7v4c-mfg3

больше 3 лет назад

User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. In the event that an attacker gains access to the CommandPost, these values could be decoded and used to login to the application. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.3. This vulnerability has been addressed in version 9.3.3 and subsequent versions.

CVSS3: 7.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2w97-hhmp-jmj9

The WP Recipe Maker WordPress plugin before 8.6.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.

CVSS3: 5.4
0%
Низкий
около 3 лет назад
github логотип
GHSA-2w97-78m3-mph6

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stylemix Cost Calculator Builder allows Stored XSS. This issue affects Cost Calculator Builder: from n/a through 3.2.74.

CVSS3: 5.9
0%
Низкий
9 месяцев назад
github логотип
GHSA-2w96-x49m-vc2j

Unknown vulnerability in IlohaMail before 0.8.14-rc1 has unknown impact and attack vectors.

0%
Низкий
почти 4 года назад
github логотип
GHSA-2w96-8922-g8xr

Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the citytag stack buffer, which may result in memory corruption and remote code execution.

CVSS3: 9.8
0%
Низкий
18 дней назад
github логотип
GHSA-2w96-264r-66qf

China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS command injection vulnerability in the web interface /api/ZRUsb/pop_usb_device component.

4%
Низкий
около 4 лет назад
github логотип
GHSA-2w95-w2p8-6r8j

Missing Authorization vulnerability in Uncanny Owl Uncanny Automator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator: from n/a through 6.4.0.2.

CVSS3: 6.5
0%
Низкий
8 месяцев назад
github логотип
GHSA-2w95-7g9v-5582

InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS3: 7.8
0%
Низкий
11 месяцев назад
github логотип
GHSA-2w94-phv7-xjw4

Archer Platform 6 before 2024.03 contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message.

CVSS3: 4.3
0%
Низкий
почти 2 года назад
github логотип
GHSA-2w94-97wx-8cvr

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198923.

CVSS3: 5.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2w93-qwpp-vgvj

trytond does not enforce access rights for data export

CVSS3: 6.5
0%
Низкий
2 месяца назад
github логотип
GHSA-2w93-9gpp-wf7v

SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted (1) U3D, (2) LWO, (3) JPEG2000, or (4) FBX file, aka "Out-Of-Bounds Indexing" vulnerabilities.

3%
Низкий
больше 3 лет назад
github логотип
GHSA-2w93-5qhr-rvc6

RabidHamster R2/Extreme 1.65 and earlier uses a small search space of values for the PIN number, which allows remote attackers to obtain the PIN number via a brute force attack.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2w93-2gh9-c8c2

A SQL Injection vulnerability exists in Western Bridge Cobub Razor 0.8.0 via the channel_name or platform parameter in a /index.php?/manage/channel/addchannel request, related to /application/controllers/manage/channel.php.

CVSS3: 9.8
7%
Низкий
больше 3 лет назад
github логотип
GHSA-2w93-2cv6-8w7c

The WP Social Chat WordPress plugin before 6.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks.

CVSS3: 4.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2w92-jpj9-jcf2

In TBD of TBD, there is a possible downgrade attack due to under utilized anti-rollback protections. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194697257References: N/A

0%
Низкий
около 4 лет назад
github логотип
GHSA-2w92-h6fh-j7gw

Missing Authorization vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Asset CleanUp: Page Speed Booster: from n/a through 1.3.9.3.

CVSS3: 4.3
0%
Низкий
больше 1 года назад
github логотип
GHSA-2w8x-pfh9-cp77

In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the refuse function was identified. Reported by Karol Więsek.

1%
Низкий
около 1 года назад
github логотип
GHSA-2w8x-37m4-26px

Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 5.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) viewname parameter in a CalendarAjax action, (2) activity_mode parameter in a DetailView action, (3) contact_id and (4) parent_id parameters in an EditView action, (5) day, (6) month, (7) subtab, (8) view, and (9) viewOption parameters in the index action, and (10) start parameter in the ListView action to the Calendar module; (11) return_action and (12) return_module parameters in the EditView action, and (13) query parameter in an index action to the Campaigns module; (14) return_url and (15) workflow_id parameters in an editworkflow action to the com_vtiger_workflow module; (16) display_view parameter in an index action to the Dashboard module; (17) closingdate_end, (18) closingdate_start, (19) date_closed, (20) owner, (21) leadsource, (22) sales_stage, and (23) type parameters in a ListView action to the Potentials module; ...

18%
Средний
больше 3 лет назад
github логотип
GHSA-2w8w-qhg4-f78j

A stored XSS in jaeger UI might allow an attacker who controls a trace to perform arbitrary jaeger queries

CVSS3: 6.5
больше 2 лет назад
github логотип
GHSA-2w8w-7v4c-mfg3

User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. In the event that an attacker gains access to the CommandPost, these values could be decoded and used to login to the application. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.3. This vulnerability has been addressed in version 9.3.3 and subsequent versions.

CVSS3: 7.5
0%
Низкий
больше 3 лет назад

Уязвимостей на страницу