Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-2v8j-4895-h2g9

почти 4 года назад

Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode.

EPSS: Низкий
github логотип

GHSA-2v8h-q33q-c9qj

больше 3 лет назад

The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys, and (5) Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for management of processes and the Windows registry, which allows local users to obtain a privileged handle to a PID and possibly have unspecified other impact, as demonstrated by a 0x2220c8 ioctl call.

EPSS: Низкий
github логотип

GHSA-2v8h-5826-r95p

30 дней назад

A DLL hijacking vulnerability in Axtion ODISSAAS ODIS v1.8.4 allows attackers to execute arbitrary code via a crafted DLL file.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-2v8g-wh53-h2j5

больше 3 лет назад

PHP remote file inclusion vulnerability in includes/todofleetcontrol.php in a newer version of Xnova, possibly 0.8 sp1, allows remote attackers to execute arbitrary PHP code via a URL in the xnova_root_path parameter.

EPSS: Низкий
github логотип

GHSA-2v8g-w9jx-fc2w

около 3 лет назад

In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-237291548

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-2v8g-6f63-fh97

почти 4 года назад

icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service via malformed GIF89a headers that do not contain a GCT (Global Color Table) or an LCT (Local Color Table) after an Image Descriptor.

EPSS: Низкий
github логотип

GHSA-2v8g-3p29-cvrg

больше 3 лет назад

NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability."

EPSS: Низкий
github логотип

GHSA-2v8f-3jfm-64p5

почти 4 года назад

PowerDNS Recursor before 3.1.6 does not always use the strongest random number generator for source port selection, which makes it easier for remote attack vectors to conduct DNS cache poisoning. NOTE: this is related to incomplete integration of security improvements associated with addressing CVE-2008-1637.

EPSS: Низкий
github логотип

GHSA-2v89-xfcg-m2p4

5 месяцев назад

Missing Authorization vulnerability in VibeThemes WPLMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WPLMS : from n/a through 4.970.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-2v89-wpgr-r5vm

12 месяцев назад

A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /message.php. The attack can use SQL injection to obtain sensitive data.

CVSS3: 6.4
EPSS: Низкий
github логотип

GHSA-2v88-qq7x-xq5f

больше 4 лет назад

Improper Encoding or Escaping of Output in Asset Metadata Component

CVSS3: 8
EPSS: Низкий
github логотип

GHSA-2v88-f22x-fw8j

больше 3 лет назад

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `FileUploadServlet` which may lead to uploading executable files to non-specified directories.

EPSS: Низкий
github логотип

GHSA-2v88-56v7-rphj

около 4 лет назад

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

EPSS: Средний
github логотип

GHSA-2v88-4p33-63hj

больше 2 лет назад

The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2v87-869h-xp3x

около 3 лет назад

A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service (or add an account to Outlook or Gmail, etc.) with IMAP or POP3 without any verification code.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2v86-4x6m-fpw5

больше 3 лет назад

Unspecified vulnerability in Oracle Solaris 11 allows local users to affect availability via unknown vectors related to Kernel/VM.

EPSS: Низкий
github логотип

GHSA-2v82-5746-vwqc

почти 4 года назад

XSS in doc_link

CVSS3: 7.5
EPSS: Высокий
github логотип

GHSA-2v7x-ww9h-6334

больше 3 лет назад

VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle COM classes appropriately. Successful exploitation of this issue may allow hijacking of COM classes used by the VMX process, on a Windows host, leading to elevation of privilege.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2v7x-qx6r-x84p

почти 4 года назад

PHP remote file inclusion vulnerability in include/menu_builder.php in MiniBILL 2006-10-10 (1.2.3) and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[page_dir] parameter, a different vector than CVE-2006-4489.

EPSS: Средний
github логотип

GHSA-2v7x-3r8r-xgw9

больше 2 лет назад

An OS command injection vulnerability has been found on EasyPHP Webserver affecting version 14.1. This vulnerability could allow an attacker to get full access to the system by sending a specially crafted exploit to the /index.php?zone=settings parameter.

CVSS3: 9.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2v8j-4895-h2g9

Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode.

1%
Низкий
почти 4 года назад
github логотип
GHSA-2v8h-q33q-c9qj

The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys, and (5) Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for management of processes and the Windows registry, which allows local users to obtain a privileged handle to a PID and possibly have unspecified other impact, as demonstrated by a 0x2220c8 ioctl call.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2v8h-5826-r95p

A DLL hijacking vulnerability in Axtion ODISSAAS ODIS v1.8.4 allows attackers to execute arbitrary code via a crafted DLL file.

CVSS3: 6.5
0%
Низкий
30 дней назад
github логотип
GHSA-2v8g-wh53-h2j5

PHP remote file inclusion vulnerability in includes/todofleetcontrol.php in a newer version of Xnova, possibly 0.8 sp1, allows remote attackers to execute arbitrary PHP code via a URL in the xnova_root_path parameter.

2%
Низкий
больше 3 лет назад
github логотип
GHSA-2v8g-w9jx-fc2w

In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-237291548

CVSS3: 5.5
0%
Низкий
около 3 лет назад
github логотип
GHSA-2v8g-6f63-fh97

icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service via malformed GIF89a headers that do not contain a GCT (Global Color Table) or an LCT (Local Color Table) after an Image Descriptor.

1%
Низкий
почти 4 года назад
github логотип
GHSA-2v8g-3p29-cvrg

NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability."

10%
Низкий
больше 3 лет назад
github логотип
GHSA-2v8f-3jfm-64p5

PowerDNS Recursor before 3.1.6 does not always use the strongest random number generator for source port selection, which makes it easier for remote attack vectors to conduct DNS cache poisoning. NOTE: this is related to incomplete integration of security improvements associated with addressing CVE-2008-1637.

0%
Низкий
почти 4 года назад
github логотип
GHSA-2v89-xfcg-m2p4

Missing Authorization vulnerability in VibeThemes WPLMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WPLMS : from n/a through 4.970.

CVSS3: 4.3
0%
Низкий
5 месяцев назад
github логотип
GHSA-2v89-wpgr-r5vm

A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /message.php. The attack can use SQL injection to obtain sensitive data.

CVSS3: 6.4
0%
Низкий
12 месяцев назад
github логотип
GHSA-2v88-qq7x-xq5f

Improper Encoding or Escaping of Output in Asset Metadata Component

CVSS3: 8
0%
Низкий
больше 4 лет назад
github логотип
GHSA-2v88-f22x-fw8j

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `FileUploadServlet` which may lead to uploading executable files to non-specified directories.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-2v88-56v7-rphj

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

11%
Средний
около 4 лет назад
github логотип
GHSA-2v88-4p33-63hj

The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests.

CVSS3: 7.5
0%
Низкий
больше 2 лет назад
github логотип
GHSA-2v87-869h-xp3x

A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service (or add an account to Outlook or Gmail, etc.) with IMAP or POP3 without any verification code.

CVSS3: 9.8
1%
Низкий
около 3 лет назад
github логотип
GHSA-2v86-4x6m-fpw5

Unspecified vulnerability in Oracle Solaris 11 allows local users to affect availability via unknown vectors related to Kernel/VM.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2v82-5746-vwqc

XSS in doc_link

CVSS3: 7.5
70%
Высокий
почти 4 года назад
github логотип
GHSA-2v7x-ww9h-6334

VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle COM classes appropriately. Successful exploitation of this issue may allow hijacking of COM classes used by the VMX process, on a Windows host, leading to elevation of privilege.

CVSS3: 8.8
1%
Низкий
больше 3 лет назад
github логотип
GHSA-2v7x-qx6r-x84p

PHP remote file inclusion vulnerability in include/menu_builder.php in MiniBILL 2006-10-10 (1.2.3) and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[page_dir] parameter, a different vector than CVE-2006-4489.

13%
Средний
почти 4 года назад
github логотип
GHSA-2v7x-3r8r-xgw9

An OS command injection vulnerability has been found on EasyPHP Webserver affecting version 14.1. This vulnerability could allow an attacker to get full access to the system by sending a specially crafted exploit to the /index.php?zone=settings parameter.

CVSS3: 9.8
1%
Низкий
больше 2 лет назад

Уязвимостей на страницу