Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-2qj2-pgj3-p43w

5 месяцев назад

Missing Authorization vulnerability in themefusecom Brizy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Brizy: from n/a through 2.7.12.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-2qj2-g5q3-xw3g

около 1 года назад

IrfanView ECW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ECW files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23971.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2qhx-q7cv-gh4c

почти 4 года назад

Cross-site scripting (XSS) vulnerability in productsByCategory.asp in MetaCart e-Shop allows remote attackers to inject arbitrary web script or HTML via the strCatalog_NAME parameter.

EPSS: Низкий
github логотип

GHSA-2qhx-74vh-w4cq

больше 3 лет назад

A vulnerability in the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking mechanisms in the web-based interface URL request. An attacker could exploit this vulnerability by requesting specific URLs via the web-based interface. A successful exploit could allow the attacker to view sensitive system information.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-2qhw-v6v2-pp46

больше 3 лет назад

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Supported versions that are affected are 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

EPSS: Низкий
github логотип

GHSA-2qhw-5384-m8g2

больше 1 года назад

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 where abusing the API to filter branch and tags could lead to Denial of Service.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-2qhw-4vw3-x335

10 месяцев назад

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Mail function.

CVSS3: 7.6
EPSS: Низкий
github логотип

GHSA-2qhv-j663-cr27

больше 3 лет назад

The administration panel of Jirafeau before 3.4.1 is vulnerable to three CSRF attacks on search functionalities: search_by_name, search_by_hash, and search_link.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2qhr-g294-85mf

около 1 года назад

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-2qhr-9g3c-c9f6

больше 3 лет назад

Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device's advanced status web page that is linked to from the basic status web page does not appear to properly parse malformed GET requests. This may lead to a denial of service.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-2qhq-j5fg-qqg8

почти 2 года назад

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the racer-results.php component.

CVSS3: 6.3
EPSS: Низкий
github логотип

GHSA-2qhq-fw98-h6wg

больше 1 года назад

Magento Open Source Improper Access Control vulnerability

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-2qhq-8vjf-73j8

почти 3 года назад

A vulnerability was found in SourceCodester Complaint Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/userprofile.php of the component GET Parameter Handler. The manipulation of the argument uid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226097 was assigned to this vulnerability.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2qhq-448h-5333

больше 1 года назад

A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1

CVSS3: 8.2
EPSS: Низкий
github логотип

GHSA-2qhm-mh5c-2242

11 месяцев назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound SpatialMatch IDX allows Reflected XSS. This issue affects SpatialMatch IDX: from n/a through 3.0.9.

CVSS3: 7.1
EPSS: Низкий
github логотип

GHSA-2qhm-m4wg-jvfv

почти 4 года назад

Buffer overflow in Linux mount and umount allows local users to gain root privileges via a long relative pathname.

EPSS: Низкий
github логотип

GHSA-2qhm-4w63-5pph

7 месяцев назад

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MD89 (CP300) V9.6 (All versions), SIPROTEC 5 6MU85 (CP300) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions), SIPROTEC 5...

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-2qhm-42jf-9593

больше 3 лет назад

Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file.

EPSS: Низкий
github логотип

GHSA-2qhm-365q-v39p

больше 2 лет назад

A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-2qhj-xvhg-5rmf

10 месяцев назад

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS3: 7.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2qj2-pgj3-p43w

Missing Authorization vulnerability in themefusecom Brizy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Brizy: from n/a through 2.7.12.

CVSS3: 4.3
0%
Низкий
5 месяцев назад
github логотип
GHSA-2qj2-g5q3-xw3g

IrfanView ECW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ECW files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23971.

CVSS3: 7.8
1%
Низкий
около 1 года назад
github логотип
GHSA-2qhx-q7cv-gh4c

Cross-site scripting (XSS) vulnerability in productsByCategory.asp in MetaCart e-Shop allows remote attackers to inject arbitrary web script or HTML via the strCatalog_NAME parameter.

0%
Низкий
почти 4 года назад
github логотип
GHSA-2qhx-74vh-w4cq

A vulnerability in the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking mechanisms in the web-based interface URL request. An attacker could exploit this vulnerability by requesting specific URLs via the web-based interface. A successful exploit could allow the attacker to view sensitive system information.

CVSS3: 5.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2qhw-v6v2-pp46

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Supported versions that are affected are 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

1%
Низкий
больше 3 лет назад
github логотип
GHSA-2qhw-5384-m8g2

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 where abusing the API to filter branch and tags could lead to Denial of Service.

CVSS3: 4.3
0%
Низкий
больше 1 года назад
github логотип
GHSA-2qhw-4vw3-x335

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Mail function.

CVSS3: 7.6
0%
Низкий
10 месяцев назад
github логотип
GHSA-2qhv-j663-cr27

The administration panel of Jirafeau before 3.4.1 is vulnerable to three CSRF attacks on search functionalities: search_by_name, search_by_hash, and search_link.

CVSS3: 8.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2qhr-g294-85mf

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.

CVSS3: 4.3
0%
Низкий
около 1 года назад
github логотип
GHSA-2qhr-9g3c-c9f6

Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device's advanced status web page that is linked to from the basic status web page does not appear to properly parse malformed GET requests. This may lead to a denial of service.

CVSS3: 6.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2qhq-j5fg-qqg8

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the racer-results.php component.

CVSS3: 6.3
0%
Низкий
почти 2 года назад
github логотип
GHSA-2qhq-fw98-h6wg

Magento Open Source Improper Access Control vulnerability

CVSS3: 4.3
0%
Низкий
больше 1 года назад
github логотип
GHSA-2qhq-8vjf-73j8

A vulnerability was found in SourceCodester Complaint Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/userprofile.php of the component GET Parameter Handler. The manipulation of the argument uid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226097 was assigned to this vulnerability.

CVSS3: 8.8
0%
Низкий
почти 3 года назад
github логотип
GHSA-2qhq-448h-5333

A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1

CVSS3: 8.2
0%
Низкий
больше 1 года назад
github логотип
GHSA-2qhm-mh5c-2242

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound SpatialMatch IDX allows Reflected XSS. This issue affects SpatialMatch IDX: from n/a through 3.0.9.

CVSS3: 7.1
0%
Низкий
11 месяцев назад
github логотип
GHSA-2qhm-m4wg-jvfv

Buffer overflow in Linux mount and umount allows local users to gain root privileges via a long relative pathname.

0%
Низкий
почти 4 года назад
github логотип
GHSA-2qhm-4w63-5pph

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MD89 (CP300) V9.6 (All versions), SIPROTEC 5 6MU85 (CP300) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions), SIPROTEC 5...

CVSS3: 5.3
0%
Низкий
7 месяцев назад
github логотип
GHSA-2qhm-42jf-9593

Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2qhm-365q-v39p

A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.

CVSS3: 6.1
0%
Низкий
больше 2 лет назад
github логотип
GHSA-2qhj-xvhg-5rmf

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS3: 7.8
0%
Низкий
10 месяцев назад

Уязвимостей на страницу