Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-2pjp-vx5j-vmpq

больше 3 лет назад

Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

EPSS: Низкий
github логотип

GHSA-2pjp-h3gv-vwcc

больше 3 лет назад

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to argumention injection to the curl binary via crafted HTTP requests to return.cgi. A remote, authenticated attacker can use this vulnerability to upload files to the device and ultimately execute code as root.

EPSS: Низкий
github логотип

GHSA-2pjp-4c9p-2rhv

больше 3 лет назад

Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the Database Info screen of install.php.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2pjm-p377-mw3c

почти 2 года назад

A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system.

CVSS3: 8
EPSS: Низкий
github логотип

GHSA-2pjm-hwx3-g287

почти 2 года назад

Server-Side Request Forgery (SSRF) vulnerability in Pavex Embed Google Photos album.This issue affects Embed Google Photos album: from n/a through 2.1.9.

CVSS3: 4.9
EPSS: Низкий
github логотип

GHSA-2pjj-hxjr-qjx5

почти 2 года назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jegtheme Jeg Elementor Kit allows Stored XSS.This issue affects Jeg Elementor Kit: from n/a through 2.6.2.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-2pjh-55p2-pv3g

больше 3 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GLPI before 0.83.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.

EPSS: Низкий
github логотип

GHSA-2pjg-xmcc-5m8v

больше 3 лет назад

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file.

EPSS: Низкий
github логотип

GHSA-2pjg-x482-xwr4

9 месяцев назад

Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the action_wireless function.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-2pjg-9fhw-m4p9

больше 3 лет назад

A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33934721.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2pjf-gmmm-fv82

больше 3 лет назад

FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.

CVSS3: 9.8
EPSS: Средний
github логотип

GHSA-2pjf-fjvv-2rf2

больше 3 лет назад

Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-2pj9-xmx5-6fv3

около 2 лет назад

In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2pj9-4qwj-hmxv

больше 3 лет назад

The Store and Share (aka sg.com.singnet.mystorage.android) application 2.0.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

EPSS: Низкий
github логотип

GHSA-2pj8-x98c-rm2q

около 4 лет назад

An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow in the main function. It allows an attacker to write 2 bytes outside the boundaries of the buffer.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2pj8-r2jf-53pj

почти 2 года назад

In the Linux kernel, the following vulnerability has been resolved: md: fix kmemleak of rdev->serial If kobject_add() is fail in bind_rdev_to_array(), 'rdev->serial' will be alloc not be freed, and kmemleak occurs. unreferenced object 0xffff88815a350000 (size 49152): comm "mdadm", pid 789, jiffies 4294716910 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc f773277a): [<0000000058b0a453>] kmemleak_alloc+0x61/0xe0 [<00000000366adf14>] __kmalloc_large_node+0x15e/0x270 [<000000002e82961b>] __kmalloc_node.cold+0x11/0x7f [<00000000f206d60a>] kvmalloc_node+0x74/0x150 [<0000000034bf3363>] rdev_init_serial+0x67/0x170 [<0000000010e08fe9>] mddev_create_serial_pool+0x62/0x220 [<00000000c3837bf0>] bind_rdev_to_array+0x2af/0x630 [<0000000073c28560>] md_add_new_disk+0x400/0x9f0 [<00000000770e30ff>] md_ioctl+0x15bf/0x1c10 ...

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-2pj7-pfh7-3h56

больше 3 лет назад

An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2pj7-4m32-xvmq

больше 1 года назад

Windows MultiPoint Services Remote Code Execution Vulnerability

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2pj6-g889-m5jr

больше 3 лет назад

The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2pj6-5hqc-w5x9

почти 4 года назад

CSRF vulnerability in Jenkins SWAMP Plugin allows capturing credentials

CVSS3: 4.2
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2pjp-vx5j-vmpq

Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2pjp-h3gv-vwcc

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to argumention injection to the curl binary via crafted HTTP requests to return.cgi. A remote, authenticated attacker can use this vulnerability to upload files to the device and ultimately execute code as root.

4%
Низкий
больше 3 лет назад
github логотип
GHSA-2pjp-4c9p-2rhv

Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the Database Info screen of install.php.

CVSS3: 9.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2pjm-p377-mw3c

A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system.

CVSS3: 8
1%
Низкий
почти 2 года назад
github логотип
GHSA-2pjm-hwx3-g287

Server-Side Request Forgery (SSRF) vulnerability in Pavex Embed Google Photos album.This issue affects Embed Google Photos album: from n/a through 2.1.9.

CVSS3: 4.9
0%
Низкий
почти 2 года назад
github логотип
GHSA-2pjj-hxjr-qjx5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jegtheme Jeg Elementor Kit allows Stored XSS.This issue affects Jeg Elementor Kit: from n/a through 2.6.2.

CVSS3: 6.5
0%
Низкий
почти 2 года назад
github логотип
GHSA-2pjh-55p2-pv3g

Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GLPI before 0.83.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2pjg-xmcc-5m8v

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file.

2%
Низкий
больше 3 лет назад
github логотип
GHSA-2pjg-x482-xwr4

Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the action_wireless function.

CVSS3: 6.5
1%
Низкий
9 месяцев назад
github логотип
GHSA-2pjg-9fhw-m4p9

A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33934721.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2pjf-gmmm-fv82

FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.

CVSS3: 9.8
18%
Средний
больше 3 лет назад
github логотип
GHSA-2pjf-fjvv-2rf2

Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.

CVSS3: 6.5
1%
Низкий
больше 3 лет назад
github логотип
GHSA-2pj9-xmx5-6fv3

In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.

CVSS3: 7.8
0%
Низкий
около 2 лет назад
github логотип
GHSA-2pj9-4qwj-hmxv

The Store and Share (aka sg.com.singnet.mystorage.android) application 2.0.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2pj8-x98c-rm2q

An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow in the main function. It allows an attacker to write 2 bytes outside the boundaries of the buffer.

CVSS3: 7.8
0%
Низкий
около 4 лет назад
github логотип
GHSA-2pj8-r2jf-53pj

In the Linux kernel, the following vulnerability has been resolved: md: fix kmemleak of rdev->serial If kobject_add() is fail in bind_rdev_to_array(), 'rdev->serial' will be alloc not be freed, and kmemleak occurs. unreferenced object 0xffff88815a350000 (size 49152): comm "mdadm", pid 789, jiffies 4294716910 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc f773277a): [<0000000058b0a453>] kmemleak_alloc+0x61/0xe0 [<00000000366adf14>] __kmalloc_large_node+0x15e/0x270 [<000000002e82961b>] __kmalloc_node.cold+0x11/0x7f [<00000000f206d60a>] kvmalloc_node+0x74/0x150 [<0000000034bf3363>] rdev_init_serial+0x67/0x170 [<0000000010e08fe9>] mddev_create_serial_pool+0x62/0x220 [<00000000c3837bf0>] bind_rdev_to_array+0x2af/0x630 [<0000000073c28560>] md_add_new_disk+0x400/0x9f0 [<00000000770e30ff>] md_ioctl+0x15bf/0x1c10 ...

CVSS3: 5.5
0%
Низкий
почти 2 года назад
github логотип
GHSA-2pj7-pfh7-3h56

An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2pj7-4m32-xvmq

Windows MultiPoint Services Remote Code Execution Vulnerability

CVSS3: 8.8
4%
Низкий
больше 1 года назад
github логотип
GHSA-2pj6-g889-m5jr

The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2pj6-5hqc-w5x9

CSRF vulnerability in Jenkins SWAMP Plugin allows capturing credentials

CVSS3: 4.2
0%
Низкий
почти 4 года назад

Уязвимостей на страницу