Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-2pcv-f3gh-xqxp

около 2 лет назад

Usedesk before 1.7.57 allows profile stored XSS.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-2pcv-432j-j9cq

больше 1 года назад

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-2pcr-qv6g-7hj9

больше 3 лет назад

The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure.

EPSS: Низкий
github логотип

GHSA-2pcr-jc7h-5447

почти 4 года назад

** DISPUTED ** PHP remote file inclusion vulnerability in plugins/plugins.php in Bob Jewell Discloser 0.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the type parameter. NOTE: another researcher has stated that an attacker cannot control the type parameter. As of 20060901, CVE analysis concurs with the dispute.

EPSS: Низкий
github логотип

GHSA-2pcq-w3mf-59w2

больше 3 лет назад

An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2pcq-ch2f-c629

почти 4 года назад

Ari Pikivirta Home Ftp Server 1.0.7 allows remote attackers to cause an unspecified denial of service via a long USER command combined with a long PASS command.

EPSS: Низкий
github логотип

GHSA-2pcq-6v3q-5737

почти 4 года назад

Kerberos 4 allows remote attackers to obtain sensitive information via a malformed UDP packet that generates an error string that inadvertently includes the realm name and the last user.

EPSS: Низкий
github логотип

GHSA-2pcp-x6vf-jx3m

больше 3 лет назад

Cisco Fog Director 1.0(0) for IOx allows remote authenticated users to bypass intended access restrictions and write to arbitrary files via the Cartridge interface, aka Bug ID CSCuz89368.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-2pcp-wj44-rx86

больше 3 лет назад

Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000.

EPSS: Низкий
github логотип

GHSA-2pcp-v6xv-h7m7

почти 4 года назад

The Migration component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when tracing is enabled and a 6.1 to 7.0 migration has occurred, allows remote authenticated users to obtain sensitive information by reading a Migration Trace file.

EPSS: Низкий
github логотип

GHSA-2pcm-v58v-gmvq

больше 3 лет назад

An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.

EPSS: Низкий
github логотип

GHSA-2pcm-2fph-6m5x

больше 3 лет назад

The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability."

EPSS: Средний
github логотип

GHSA-2pcj-jcpr-j6vr

больше 3 лет назад

Library Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /librarian/edit_book_details.php.

CVSS3: 4.8
EPSS: Низкий
github логотип

GHSA-2pcj-9cp4-247j

10 месяцев назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pei Yong Goh UXsniff allows Reflected XSS. This issue affects UXsniff: from n/a through 1.2.4.

CVSS3: 7.1
EPSS: Низкий
github логотип

GHSA-2pcj-76hj-xqhm

больше 3 лет назад

CodeIgniter arbitrary code execution

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2pcg-v64r-g52w

больше 3 лет назад

packages/Keyguard/res/layout/keyguard_password_view.xml in Lockscreen in Android 5.x before 5.1.1 LMY48M does not restrict the number of characters in the passwordEntry input field, which allows physically proximate attackers to bypass intended access restrictions via a long password that triggers a SystemUI crash, aka internal bug 22214934.

EPSS: Низкий
github логотип

GHSA-2pcg-p7wq-33j6

почти 4 года назад

tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to discover the full path to the working directory via a URL with a template argument for a file that does not exist.

EPSS: Низкий
github логотип

GHSA-2pcg-cxf5-v3h3

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in the Custom Banners plugin 1.2.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the custom_banners_registered_name parameter to wp-admin/options.php.

EPSS: Низкий
github логотип

GHSA-2pcg-35vc-fm72

почти 4 года назад

Multiple cross-site scripting (XSS) vulnerabilities in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) color, (2) img, or (3) url BBCode tags in unspecified vectors.

EPSS: Низкий
github логотип

GHSA-2pcf-g2rx-pqwj

больше 1 года назад

In the Linux kernel, the following vulnerability has been resolved: net: dsa: lantiq_gswip: don't use devres for mdiobus As explained in commits: 74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres") 5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres") mdiobus_free() will panic when called from devm_mdiobus_free() <- devres_release_all() <- __device_release_driver(), and that mdiobus was not previously unregistered. The GSWIP switch is a platform device, so the initial set of constraints that I thought would cause this (I2C or SPI buses which call ->remove on ->shutdown) do not apply. But there is one more which applies here. If the DSA master itself is on a bus that calls ->remove from ->shutdown (like dpaa2-eth, which is on the fsl-mc bus), there is a device link between the switch and the DSA master, and device_links_unbind_consumers() will unbind the GSWIP switch driver on shutdown. So the same treatment must be applied to all DSA switc...

CVSS3: 5.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2pcv-f3gh-xqxp

Usedesk before 1.7.57 allows profile stored XSS.

CVSS3: 5.4
0%
Низкий
около 2 лет назад
github логотип
GHSA-2pcv-432j-j9cq

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CVSS3: 6.5
1%
Низкий
больше 1 года назад
github логотип
GHSA-2pcr-qv6g-7hj9

The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2pcr-jc7h-5447

** DISPUTED ** PHP remote file inclusion vulnerability in plugins/plugins.php in Bob Jewell Discloser 0.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the type parameter. NOTE: another researcher has stated that an attacker cannot control the type parameter. As of 20060901, CVE analysis concurs with the dispute.

1%
Низкий
почти 4 года назад
github логотип
GHSA-2pcq-w3mf-59w2

An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2pcq-ch2f-c629

Ari Pikivirta Home Ftp Server 1.0.7 allows remote attackers to cause an unspecified denial of service via a long USER command combined with a long PASS command.

1%
Низкий
почти 4 года назад
github логотип
GHSA-2pcq-6v3q-5737

Kerberos 4 allows remote attackers to obtain sensitive information via a malformed UDP packet that generates an error string that inadvertently includes the realm name and the last user.

1%
Низкий
почти 4 года назад
github логотип
GHSA-2pcp-x6vf-jx3m

Cisco Fog Director 1.0(0) for IOx allows remote authenticated users to bypass intended access restrictions and write to arbitrary files via the Cartridge interface, aka Bug ID CSCuz89368.

CVSS3: 6.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2pcp-wj44-rx86

Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000.

8%
Низкий
больше 3 лет назад
github логотип
GHSA-2pcp-v6xv-h7m7

The Migration component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when tracing is enabled and a 6.1 to 7.0 migration has occurred, allows remote authenticated users to obtain sensitive information by reading a Migration Trace file.

0%
Низкий
почти 4 года назад
github логотип
GHSA-2pcm-v58v-gmvq

An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.

5%
Низкий
больше 3 лет назад
github логотип
GHSA-2pcm-2fph-6m5x

The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability."

14%
Средний
больше 3 лет назад
github логотип
GHSA-2pcj-jcpr-j6vr

Library Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /librarian/edit_book_details.php.

CVSS3: 4.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2pcj-9cp4-247j

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pei Yong Goh UXsniff allows Reflected XSS. This issue affects UXsniff: from n/a through 1.2.4.

CVSS3: 7.1
0%
Низкий
10 месяцев назад
github логотип
GHSA-2pcj-76hj-xqhm

CodeIgniter arbitrary code execution

CVSS3: 9.8
3%
Низкий
больше 3 лет назад
github логотип
GHSA-2pcg-v64r-g52w

packages/Keyguard/res/layout/keyguard_password_view.xml in Lockscreen in Android 5.x before 5.1.1 LMY48M does not restrict the number of characters in the passwordEntry input field, which allows physically proximate attackers to bypass intended access restrictions via a long password that triggers a SystemUI crash, aka internal bug 22214934.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2pcg-p7wq-33j6

tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to discover the full path to the working directory via a URL with a template argument for a file that does not exist.

3%
Низкий
почти 4 года назад
github логотип
GHSA-2pcg-cxf5-v3h3

Cross-site scripting (XSS) vulnerability in the Custom Banners plugin 1.2.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the custom_banners_registered_name parameter to wp-admin/options.php.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2pcg-35vc-fm72

Multiple cross-site scripting (XSS) vulnerabilities in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) color, (2) img, or (3) url BBCode tags in unspecified vectors.

0%
Низкий
почти 4 года назад
github логотип
GHSA-2pcf-g2rx-pqwj

In the Linux kernel, the following vulnerability has been resolved: net: dsa: lantiq_gswip: don't use devres for mdiobus As explained in commits: 74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres") 5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres") mdiobus_free() will panic when called from devm_mdiobus_free() <- devres_release_all() <- __device_release_driver(), and that mdiobus was not previously unregistered. The GSWIP switch is a platform device, so the initial set of constraints that I thought would cause this (I2C or SPI buses which call ->remove on ->shutdown) do not apply. But there is one more which applies here. If the DSA master itself is on a bus that calls ->remove from ->shutdown (like dpaa2-eth, which is on the fsl-mc bus), there is a device link between the switch and the DSA master, and device_links_unbind_consumers() will unbind the GSWIP switch driver on shutdown. So the same treatment must be applied to all DSA switc...

CVSS3: 5.5
0%
Низкий
больше 1 года назад

Уязвимостей на страницу