Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-2rp9-ffvm-xjc8

больше 3 лет назад

A vulnerability has been identified in LOGO!8 BM (All versions). Attackers with access to port 10005/tcp could perform device reconfigurations and obtain project files from the devices. The system manual recommends to protect access to this port. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

EPSS: Низкий
github логотип

GHSA-2rp9-9cfh-qvmf

больше 3 лет назад

In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002001.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2rp8-hff9-c5wr

почти 2 года назад

PaddlePaddle Path Traversal vulnerability

CVSS3: 9.1
EPSS: Низкий
github логотип

GHSA-2rp8-9wwh-qcx6

больше 3 лет назад

Integer overflow in Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code via a large array length value in the ActionScript method of the Function class.

EPSS: Низкий
github логотип

GHSA-2rp7-66x7-f332

почти 4 года назад

Multiple symlink vulnerabilities in portupgrade before 20041226_2 in FreeBSD allow local users to (1) overwrite arbitrary files and possibly replace packages to execute arbitrary code via pkg_fetch, (2) overwrite arbitrary files via temporary files when portupgrade upgrades a port or package, or (3) create arbitrary zero-byte files via the pkgdb.fixme temporary file.

EPSS: Низкий
github логотип

GHSA-2rp7-34mp-c625

4 месяца назад

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to arbitrary file deletion (via renaming) due to insufficient file path validation in the set_user_profile_image function in all versions up to, and including, 6.6.7. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2rp6-pc7c-f2rv

больше 3 лет назад

Microsoft Windows Media Foundation Remote Code Execution Vulnerability

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2rp5-xcq9-p4w3

больше 1 года назад

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. IBM X-Force ID: 275775.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-2rp4-hm5g-p38j

больше 3 лет назад

Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache.

EPSS: Низкий
github логотип

GHSA-2rp3-f3rf-mfpr

больше 3 лет назад

The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-2rp2-rw4v-352c

больше 3 лет назад

SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The username_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2rmx-8hf9-hm7v

больше 3 лет назад

74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component \index\controller\Download.php.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2rmx-48m6-825j

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in HP ServiceCenter allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-2rmw-22w9-6gqv

около 2 месяцев назад

A vulnerability was determined in code-projects Refugee Food Management System 1.0. The affected element is an unknown function of the file /home/home.php. This manipulation of the argument a causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

CVSS3: 7.3
EPSS: Низкий
github логотип

GHSA-2rmv-q4gp-w43q

больше 3 лет назад

The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC.

EPSS: Низкий
github логотип

GHSA-2rmv-pmj6-727m

9 месяцев назад

Incorrect behavior order for some Intel(R) Core™ Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access.

CVSS3: 4.9
EPSS: Низкий
github логотип

GHSA-2rmv-mx4c-h2wv

19 дней назад

Rejected reason: Not used

EPSS: Низкий
github логотип

GHSA-2rmv-cg3m-3gq6

10 месяцев назад

Missing Authorization vulnerability in Syntactics, Inc. eaSYNC allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects eaSYNC: from n/a through 1.3.19.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-2rmv-3q59-r6g3

около 1 года назад

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sb_login_user_with_otp_fun() function. This makes it possible for unauthenticated attackers to log in as arbitrary users, including administrators.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2rmr-xw8m-22q9

около 2 лет назад

Sentry Next.js vulnerable to SSRF via Next.js SDK tunnel endpoint

CVSS3: 6.1
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2rp9-ffvm-xjc8

A vulnerability has been identified in LOGO!8 BM (All versions). Attackers with access to port 10005/tcp could perform device reconfigurations and obtain project files from the devices. The system manual recommends to protect access to this port. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-2rp9-9cfh-qvmf

In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002001.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2rp8-hff9-c5wr

PaddlePaddle Path Traversal vulnerability

CVSS3: 9.1
0%
Низкий
почти 2 года назад
github логотип
GHSA-2rp8-9wwh-qcx6

Integer overflow in Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code via a large array length value in the ActionScript method of the Function class.

2%
Низкий
больше 3 лет назад
github логотип
GHSA-2rp7-66x7-f332

Multiple symlink vulnerabilities in portupgrade before 20041226_2 in FreeBSD allow local users to (1) overwrite arbitrary files and possibly replace packages to execute arbitrary code via pkg_fetch, (2) overwrite arbitrary files via temporary files when portupgrade upgrades a port or package, or (3) create arbitrary zero-byte files via the pkgdb.fixme temporary file.

0%
Низкий
почти 4 года назад
github логотип
GHSA-2rp7-34mp-c625

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to arbitrary file deletion (via renaming) due to insufficient file path validation in the set_user_profile_image function in all versions up to, and including, 6.6.7. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

CVSS3: 9.8
1%
Низкий
4 месяца назад
github логотип
GHSA-2rp6-pc7c-f2rv

Microsoft Windows Media Foundation Remote Code Execution Vulnerability

CVSS3: 7.5
8%
Низкий
больше 3 лет назад
github логотип
GHSA-2rp5-xcq9-p4w3

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. IBM X-Force ID: 275775.

CVSS3: 5.4
0%
Низкий
больше 1 года назад
github логотип
GHSA-2rp4-hm5g-p38j

Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-2rp3-f3rf-mfpr

The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS.

CVSS3: 6.1
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2rp2-rw4v-352c

SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The username_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability.

CVSS3: 9.8
1%
Низкий
больше 3 лет назад
github логотип
GHSA-2rmx-8hf9-hm7v

74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component \index\controller\Download.php.

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2rmx-48m6-825j

Cross-site scripting (XSS) vulnerability in HP ServiceCenter allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2rmw-22w9-6gqv

A vulnerability was determined in code-projects Refugee Food Management System 1.0. The affected element is an unknown function of the file /home/home.php. This manipulation of the argument a causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

CVSS3: 7.3
0%
Низкий
около 2 месяцев назад
github логотип
GHSA-2rmv-q4gp-w43q

The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-2rmv-pmj6-727m

Incorrect behavior order for some Intel(R) Core™ Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access.

CVSS3: 4.9
0%
Низкий
9 месяцев назад
github логотип
GHSA-2rmv-mx4c-h2wv

Rejected reason: Not used

19 дней назад
github логотип
GHSA-2rmv-cg3m-3gq6

Missing Authorization vulnerability in Syntactics, Inc. eaSYNC allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects eaSYNC: from n/a through 1.3.19.

CVSS3: 5.4
0%
Низкий
10 месяцев назад
github логотип
GHSA-2rmv-3q59-r6g3

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sb_login_user_with_otp_fun() function. This makes it possible for unauthenticated attackers to log in as arbitrary users, including administrators.

CVSS3: 9.8
7%
Низкий
около 1 года назад
github логотип
GHSA-2rmr-xw8m-22q9

Sentry Next.js vulnerable to SSRF via Next.js SDK tunnel endpoint

CVSS3: 6.1
1%
Низкий
около 2 лет назад

Уязвимостей на страницу