Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-2v57-j3fp-jgmq

около 2 месяцев назад

A flaw has been found in code-projects Student File Management System 1.0. The affected element is an unknown function of the file /admin/save_student.php. Executing manipulation of the argument stud_no can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.

CVSS3: 7.3
EPSS: Низкий
github логотип

GHSA-2v57-2gwr-vg5h

около 1 года назад

Possible Reflected Cross-Site Scripting (XSS) Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-2v56-g578-78g2

11 месяцев назад

A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been classified as problematic. Affected is an unknown function of the component Device Pairing. The manipulation leads to authentication bypass by primary weakness. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitability is told to be difficult. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life.

CVSS3: 2
EPSS: Низкий
github логотип

GHSA-2v55-vg7h-j5hp

больше 3 лет назад

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS3: 4.9
EPSS: Низкий
github логотип

GHSA-2v55-qcx6-c482

больше 3 лет назад

Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2v55-9vh6-3j74

11 месяцев назад

A vulnerability, which was classified as critical, was found in D-Link DAP-1620 1.03. This affects the function check_dws_cookie of the file /storage of the component Cookie Handler. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2v54-826h-vcwq

почти 4 года назад

Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via an HTML document containing embedded style sheets that modify unspecified rule properties that cause the behavior element to be "improperly processed," aka "Uninitialized Memory Corruption Vulnerability."

EPSS: Средний
github логотип

GHSA-2v54-2cxh-57c7

больше 2 лет назад

Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via the component scanner_literal_is_created at /jerry-core/parser/js/js-scanner-util.c.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2v53-xxqh-55cg

почти 4 года назад

Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to (1) the info function in log.c, (2) the anubis_error function in errs.c, or (3) the ssl_error function in ssl.c.

EPSS: Низкий
github логотип

GHSA-2v52-33cv-3wm5

больше 3 лет назад

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Status Bar" component. It allows invisible microphone access via a crafted app.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-2v4x-gmpc-mp5m

больше 3 лет назад

A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33387820.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-2v4w-wv8c-jp4f

больше 3 лет назад

Due to the use of an insecure algorithm for rolling codes in MCK Smartlock 1.0, allows attackers to unlock the mechanism via replay attacks.

CVSS3: 6.8
EPSS: Низкий
github логотип

GHSA-2v4w-5pmr-f8w7

больше 3 лет назад

win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."

EPSS: Низкий
github логотип

GHSA-2v4v-8555-8jp6

больше 3 лет назад

Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action.

CVSS3: 9.8
EPSS: Высокий
github логотип

GHSA-2v4v-84h9-hhvr

больше 3 лет назад

YzmCMS v5.2 has admin/role/add.html CSRF.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2v4r-w4rj-qv25

больше 3 лет назад

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.2 and 12.0.3 allows remote attackers to affect confidentiality and integrity via vectors related to Pre-Login.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-2v4r-jr99-4q4h

больше 3 лет назад

Authenticated Stored Cross-Site Scripting (XSS) vulnerability in Florent Maillefaud's WP Maintenance plugin <= 6.0.7 at WordPress.

CVSS3: 4.8
EPSS: Низкий
github логотип

GHSA-2v4r-7m2m-5chh

больше 3 лет назад

In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php, which uses file_put_contents without restricting the .env permissions. The .env filename is not used exclusively by Laravel framework.

CVSS3: 7.5
EPSS: Высокий
github логотип

GHSA-2v4q-7r62-3cvj

почти 4 года назад

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, directory traversal vulnerabilities exist in undisclosed iControl REST endpoints and TMOS Shell (tmsh) commands in F5 BIG-IP Guided Configuration, which may allow an authenticated attacker with at least resource administrator role privileges to read arbitrary files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS3: 4.9
EPSS: Низкий
github логотип

GHSA-2v4m-jrfw-pm9p

больше 3 лет назад

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

CVSS3: 9.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2v57-j3fp-jgmq

A flaw has been found in code-projects Student File Management System 1.0. The affected element is an unknown function of the file /admin/save_student.php. Executing manipulation of the argument stud_no can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.

CVSS3: 7.3
0%
Низкий
около 2 месяцев назад
github логотип
GHSA-2v57-2gwr-vg5h

Possible Reflected Cross-Site Scripting (XSS) Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000.

CVSS3: 6.1
0%
Низкий
около 1 года назад
github логотип
GHSA-2v56-g578-78g2

A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been classified as problematic. Affected is an unknown function of the component Device Pairing. The manipulation leads to authentication bypass by primary weakness. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitability is told to be difficult. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life.

CVSS3: 2
0%
Низкий
11 месяцев назад
github логотип
GHSA-2v55-vg7h-j5hp

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS3: 4.9
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2v55-qcx6-c482

Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication.

CVSS3: 8.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2v55-9vh6-3j74

A vulnerability, which was classified as critical, was found in D-Link DAP-1620 1.03. This affects the function check_dws_cookie of the file /storage of the component Cookie Handler. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS3: 9.8
1%
Низкий
11 месяцев назад
github логотип
GHSA-2v54-826h-vcwq

Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via an HTML document containing embedded style sheets that modify unspecified rule properties that cause the behavior element to be "improperly processed," aka "Uninitialized Memory Corruption Vulnerability."

61%
Средний
почти 4 года назад
github логотип
GHSA-2v54-2cxh-57c7

Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via the component scanner_literal_is_created at /jerry-core/parser/js/js-scanner-util.c.

CVSS3: 7.8
0%
Низкий
больше 2 лет назад
github логотип
GHSA-2v53-xxqh-55cg

Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to (1) the info function in log.c, (2) the anubis_error function in errs.c, or (3) the ssl_error function in ssl.c.

6%
Низкий
почти 4 года назад
github логотип
GHSA-2v52-33cv-3wm5

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Status Bar" component. It allows invisible microphone access via a crafted app.

CVSS3: 5.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2v4x-gmpc-mp5m

A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33387820.

CVSS3: 5.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2v4w-wv8c-jp4f

Due to the use of an insecure algorithm for rolling codes in MCK Smartlock 1.0, allows attackers to unlock the mechanism via replay attacks.

CVSS3: 6.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2v4w-5pmr-f8w7

win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."

1%
Низкий
больше 3 лет назад
github логотип
GHSA-2v4v-8555-8jp6

Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action.

CVSS3: 9.8
75%
Высокий
больше 3 лет назад
github логотип
GHSA-2v4v-84h9-hhvr

YzmCMS v5.2 has admin/role/add.html CSRF.

CVSS3: 8.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2v4r-w4rj-qv25

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.2 and 12.0.3 allows remote attackers to affect confidentiality and integrity via vectors related to Pre-Login.

CVSS3: 6.1
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2v4r-jr99-4q4h

Authenticated Stored Cross-Site Scripting (XSS) vulnerability in Florent Maillefaud's WP Maintenance plugin <= 6.0.7 at WordPress.

CVSS3: 4.8
2%
Низкий
больше 3 лет назад
github логотип
GHSA-2v4r-7m2m-5chh

In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php, which uses file_put_contents without restricting the .env permissions. The .env filename is not used exclusively by Laravel framework.

CVSS3: 7.5
89%
Высокий
больше 3 лет назад
github логотип
GHSA-2v4q-7r62-3cvj

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, directory traversal vulnerabilities exist in undisclosed iControl REST endpoints and TMOS Shell (tmsh) commands in F5 BIG-IP Guided Configuration, which may allow an authenticated attacker with at least resource administrator role privileges to read arbitrary files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS3: 4.9
1%
Низкий
почти 4 года назад
github логотип
GHSA-2v4m-jrfw-pm9p

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

CVSS3: 9.8
4%
Низкий
больше 3 лет назад

Уязвимостей на страницу