Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-2v6h-53v9-2vvc

больше 1 года назад

Improper Privilege Management vulnerability in DeluxeThemes Userpro allows Privilege Escalation.This issue affects Userpro: from n/a through 5.1.8.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2v6g-x4rx-qh6v

почти 4 года назад

Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause a denial of service.

EPSS: Низкий
github логотип

GHSA-2v6g-rp78-v38x

почти 4 года назад

DocMan 1.3 RC2 allows remote attackers to obtain sensitive information (the full path) via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-2v6g-rfjx-x852

почти 4 года назад

Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to execute arbitrary code via a long pathname argument to the cd command.

EPSS: Низкий
github логотип

GHSA-2v6g-j89f-4p2g

почти 4 года назад

Cross-site scripting (XSS) vulnerability in services/obrowser/index.php in Horde 3.2 and Turba 2.2 allows remote attackers to inject arbitrary web script or HTML via the contact name.

EPSS: Низкий
github логотип

GHSA-2v6g-667x-w6wm

8 месяцев назад

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spicethemes Spice Blocks allows Path Traversal. This issue affects Spice Blocks: from n/a through 2.0.7.2.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2v6g-39cq-jv25

почти 4 года назад

Certain Cisco IOS releases in 12.2S based trains with maintenance release number 25 and later, 12.3T based trains, and 12.4 based trains reuse a Tcl Shell process across login sessions of different local users on the same terminal if the first user does not use tclquit before exiting, which may cause subsequent local users to execute unintended commands or bypass AAA command authorization checks, aka Bug ID CSCef77770.

EPSS: Низкий
github логотип

GHSA-2v6g-2mrq-5m3h

больше 3 лет назад

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The secure bootloade has a buffer overflow of the USB buffer, leading to arbitrary code execution. The Samsung ID is SVE-2019-15872 (January 2020).

EPSS: Низкий
github логотип

GHSA-2v6f-x5hx-p44q

больше 3 лет назад

The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call.

EPSS: Низкий
github логотип

GHSA-2v6f-8p47-f6x8

больше 3 лет назад

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.

EPSS: Низкий
github логотип

GHSA-2v6f-3vqg-p9wc

почти 2 года назад

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2v6f-3frm-pf5m

почти 3 года назад

Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A malicious admin user can disable or delete users under administration and unassigned admins for which the group admin is not authorized.

CVSS3: 4.9
EPSS: Низкий
github логотип

GHSA-2v6c-8783-rmxx

почти 4 года назад

Format string vulnerability in the SMBDirList function in dirlist.c in SmbFTPD 0.96 allows remote attackers to execute arbitrary code via format string specifiers in a directory name.

EPSS: Средний
github логотип

GHSA-2v6c-43r7-76p6

больше 3 лет назад

A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0. Android ID: A-62815506.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2v6c-27m4-v7m9

почти 4 года назад

Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests.

EPSS: Низкий
github логотип

GHSA-2v69-cv79-6qfc

больше 3 лет назад

Windows Subsystem for Linux in Windows 10 1703 allows an elevation of privilege vulnerability when it fails to properly handle handles NT pipes, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability".

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2v69-c83c-r4mh

больше 3 лет назад

Heap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-2v68-cx38-874x

больше 3 лет назад

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: 179004.

EPSS: Низкий
github логотип

GHSA-2v65-hq48-rqrv

почти 4 года назад

evalSMSI 2.1.03 stores passwords in cleartext in the database, which allows attackers with database access to gain privileges. NOTE: remote attack vectors are possible by leveraging a separate SQL injection vulnerability.

EPSS: Низкий
github логотип

GHSA-2v65-47pp-8xcp

почти 4 года назад

SQL injection vulnerability in index.php in Protector System 1.15b1 allows remote attackers to bypass SQL injection filters by using "/**/" sequences in the targeted fields.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2v6h-53v9-2vvc

Improper Privilege Management vulnerability in DeluxeThemes Userpro allows Privilege Escalation.This issue affects Userpro: from n/a through 5.1.8.

CVSS3: 9.8
0%
Низкий
больше 1 года назад
github логотип
GHSA-2v6g-x4rx-qh6v

Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause a denial of service.

0%
Низкий
почти 4 года назад
github логотип
GHSA-2v6g-rp78-v38x

DocMan 1.3 RC2 allows remote attackers to obtain sensitive information (the full path) via unspecified vectors.

0%
Низкий
почти 4 года назад
github логотип
GHSA-2v6g-rfjx-x852

Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to execute arbitrary code via a long pathname argument to the cd command.

4%
Низкий
почти 4 года назад
github логотип
GHSA-2v6g-j89f-4p2g

Cross-site scripting (XSS) vulnerability in services/obrowser/index.php in Horde 3.2 and Turba 2.2 allows remote attackers to inject arbitrary web script or HTML via the contact name.

0%
Низкий
почти 4 года назад
github логотип
GHSA-2v6g-667x-w6wm

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spicethemes Spice Blocks allows Path Traversal. This issue affects Spice Blocks: from n/a through 2.0.7.2.

CVSS3: 7.5
0%
Низкий
8 месяцев назад
github логотип
GHSA-2v6g-39cq-jv25

Certain Cisco IOS releases in 12.2S based trains with maintenance release number 25 and later, 12.3T based trains, and 12.4 based trains reuse a Tcl Shell process across login sessions of different local users on the same terminal if the first user does not use tclquit before exiting, which may cause subsequent local users to execute unintended commands or bypass AAA command authorization checks, aka Bug ID CSCef77770.

0%
Низкий
почти 4 года назад
github логотип
GHSA-2v6g-2mrq-5m3h

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The secure bootloade has a buffer overflow of the USB buffer, leading to arbitrary code execution. The Samsung ID is SVE-2019-15872 (January 2020).

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2v6f-x5hx-p44q

The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2v6f-8p47-f6x8

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2v6f-3vqg-p9wc

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVSS3: 7.8
0%
Низкий
почти 2 года назад
github логотип
GHSA-2v6f-3frm-pf5m

Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A malicious admin user can disable or delete users under administration and unassigned admins for which the group admin is not authorized.

CVSS3: 4.9
0%
Низкий
почти 3 года назад
github логотип
GHSA-2v6c-8783-rmxx

Format string vulnerability in the SMBDirList function in dirlist.c in SmbFTPD 0.96 allows remote attackers to execute arbitrary code via format string specifiers in a directory name.

29%
Средний
почти 4 года назад
github логотип
GHSA-2v6c-43r7-76p6

A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0. Android ID: A-62815506.

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2v6c-27m4-v7m9

Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests.

5%
Низкий
почти 4 года назад
github логотип
GHSA-2v69-cv79-6qfc

Windows Subsystem for Linux in Windows 10 1703 allows an elevation of privilege vulnerability when it fails to properly handle handles NT pipes, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability".

CVSS3: 7.8
1%
Низкий
больше 3 лет назад
github логотип
GHSA-2v69-c83c-r4mh

Heap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

6%
Низкий
больше 3 лет назад
github логотип
GHSA-2v68-cx38-874x

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: 179004.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2v65-hq48-rqrv

evalSMSI 2.1.03 stores passwords in cleartext in the database, which allows attackers with database access to gain privileges. NOTE: remote attack vectors are possible by leveraging a separate SQL injection vulnerability.

0%
Низкий
почти 4 года назад
github логотип
GHSA-2v65-47pp-8xcp

SQL injection vulnerability in index.php in Protector System 1.15b1 allows remote attackers to bypass SQL injection filters by using "/**/" sequences in the targeted fields.

0%
Низкий
почти 4 года назад

Уязвимостей на страницу