Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-2rjw-w4j8-gc92

5 месяцев назад

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Restriction of Rendered UI Layers or Frames vulnerability in Mevzuattr Software MevzuatTR allows Phishing, iFrame Overlay, Clickjacking, Forceful Browsing. This issue needs high privileges. This issue affects MevzuatTR: before 12.02.2025.

CVSS3: 4.7
EPSS: Низкий
github логотип

GHSA-2rjw-5f3r-3xhq

около 2 лет назад

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

EPSS: Низкий
github логотип

GHSA-2rjw-37q7-prrc

3 месяца назад

Cross-Site Request Forgery (CSRF) vulnerability in NikanWP NikanWP WooCommerce Reporting wc-reports-lite allows Stored XSS.This issue affects NikanWP WooCommerce Reporting: from n/a through <= 1.0.0.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2rjv-cv85-xhgm

6 месяцев назад

OpenSearch unauthorized data access on fields protected by field level security if field is a member of an object

CVSS3: 5.7
EPSS: Низкий
github логотип

GHSA-2rjr-rjm7-c6vp

больше 3 лет назад

On Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20, the backup/restore feature lacks access control, related to ReadFile.cgi and LoadCfgFile.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2rjp-vrf3-8qx8

почти 4 года назад

Unspecified vulnerability in the com.android.phone process in Android 1.0, 1.1, and 1.5 allows remote attackers to cause a denial of service (network disconnection) via a crafted SMS message, as demonstrated by Collin Mulliner and Charlie Miller at Black Hat USA 2009.

EPSS: Низкий
github логотип

GHSA-2rjp-p5pm-j752

почти 4 года назад

Stack-based buffer overflow in the connectHandle function in server.cpp in WebMod 0.48 allows remote attackers to execute arbitrary code via a long string in the Content-Length HTTP header.

EPSS: Средний
github логотип

GHSA-2rjp-9cc6-3v2j

больше 3 лет назад

A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2rjm-ghp4-p47r

почти 4 года назад

phShoutBox Final 1.5 and earlier only checks passwords when specified in $_POST, which allows remote attackers to gain privileges by setting the (1) phadmin cookie to admin.php, or (2) in 1.4 and earlier, the ssbadmin cookie to shoutadmin.php.

EPSS: Низкий
github логотип

GHSA-2rjm-62m4-6mh5

почти 2 года назад

Cypress Solutions CTM-200 v2.7.1.5600 and below was discovered to contain an OS command injection vulnerability via the cli_text parameter.

CVSS3: 7.5
EPSS: Средний
github логотип

GHSA-2rjm-34hh-q2g5

больше 3 лет назад

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to add an e-mail forwarding destination to a victim's account via an attacker account.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-2rjh-j2p6-q8p5

почти 2 года назад

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid.This issue affects Post Grid: from n/a through 2.2.78.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2rjg-8x42-r2x7

больше 3 лет назад

ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2rjg-7xpp-w8w6

почти 4 года назад

Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via the (1) Taaa parameter to (a) up.php, or the (2) pollhtml and (3) Bloks parameters to (b) polls.php, different vectors than CVE-2006-5770.

EPSS: Низкий
github логотип

GHSA-2rjf-grmv-wrvv

больше 3 лет назад

Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence IP Gateway devices with software 2.0(3.34) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90734.

EPSS: Низкий
github логотип

GHSA-2rjf-9fvj-83c2

больше 3 лет назад

Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression.

EPSS: Низкий
github логотип

GHSA-2rjf-47pg-4v46

больше 3 лет назад

A directory traversal vulnerability with remote code execution in Prim'X Zed! FREE through 1.0 build 186 and Zed! Limited Edition through 6.1 build 2208 allows creation of arbitrary files on a user's workstation using crafted ZED! containers because the watermark loading function can place an executable file into a Startup folder.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2rjc-h554-j93w

почти 3 года назад

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Certificate Management Server service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15449.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2rjc-3f9w-ghg6

больше 2 лет назад

A vulnerability was found in AO-OPC server versions mentioned above. As the directory information for the service entry is not enclosed in quotation marks, potential attackers could possibly call up another application than the AO-OPC server by starting the service. The service might be started with system user privileges which could cause a shift in user access privileges. It is unlikely to exploit the vulnerability in well maintained Windows installations since the attacker would need write access to system folders. An update is available that resolves the vulnerability found during an internal review in the product AO-OPC = 3.2.1 

CVSS3: 7.2
EPSS: Низкий
github логотип

GHSA-2rj9-9w62-f3q6

около 3 лет назад

Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote

CVSS3: 8.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2rjw-w4j8-gc92

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Restriction of Rendered UI Layers or Frames vulnerability in Mevzuattr Software MevzuatTR allows Phishing, iFrame Overlay, Clickjacking, Forceful Browsing. This issue needs high privileges. This issue affects MevzuatTR: before 12.02.2025.

CVSS3: 4.7
0%
Низкий
5 месяцев назад
github логотип
GHSA-2rjw-5f3r-3xhq

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

около 2 лет назад
github логотип
GHSA-2rjw-37q7-prrc

Cross-Site Request Forgery (CSRF) vulnerability in NikanWP NikanWP WooCommerce Reporting wc-reports-lite allows Stored XSS.This issue affects NikanWP WooCommerce Reporting: from n/a through <= 1.0.0.

CVSS3: 8.8
0%
Низкий
3 месяца назад
github логотип
GHSA-2rjv-cv85-xhgm

OpenSearch unauthorized data access on fields protected by field level security if field is a member of an object

CVSS3: 5.7
6 месяцев назад
github логотип
GHSA-2rjr-rjm7-c6vp

On Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20, the backup/restore feature lacks access control, related to ReadFile.cgi and LoadCfgFile.

CVSS3: 9.8
1%
Низкий
больше 3 лет назад
github логотип
GHSA-2rjp-vrf3-8qx8

Unspecified vulnerability in the com.android.phone process in Android 1.0, 1.1, and 1.5 allows remote attackers to cause a denial of service (network disconnection) via a crafted SMS message, as demonstrated by Collin Mulliner and Charlie Miller at Black Hat USA 2009.

1%
Низкий
почти 4 года назад
github логотип
GHSA-2rjp-p5pm-j752

Stack-based buffer overflow in the connectHandle function in server.cpp in WebMod 0.48 allows remote attackers to execute arbitrary code via a long string in the Content-Length HTTP header.

23%
Средний
почти 4 года назад
github логотип
GHSA-2rjp-9cc6-3v2j

A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2rjm-ghp4-p47r

phShoutBox Final 1.5 and earlier only checks passwords when specified in $_POST, which allows remote attackers to gain privileges by setting the (1) phadmin cookie to admin.php, or (2) in 1.4 and earlier, the ssbadmin cookie to shoutadmin.php.

5%
Низкий
почти 4 года назад
github логотип
GHSA-2rjm-62m4-6mh5

Cypress Solutions CTM-200 v2.7.1.5600 and below was discovered to contain an OS command injection vulnerability via the cli_text parameter.

CVSS3: 7.5
20%
Средний
почти 2 года назад
github логотип
GHSA-2rjm-34hh-q2g5

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to add an e-mail forwarding destination to a victim's account via an attacker account.

CVSS3: 4.3
1%
Низкий
больше 3 лет назад
github логотип
GHSA-2rjh-j2p6-q8p5

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid.This issue affects Post Grid: from n/a through 2.2.78.

CVSS3: 7.5
1%
Низкий
почти 2 года назад
github логотип
GHSA-2rjg-8x42-r2x7

ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2rjg-7xpp-w8w6

Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via the (1) Taaa parameter to (a) up.php, or the (2) pollhtml and (3) Bloks parameters to (b) polls.php, different vectors than CVE-2006-5770.

1%
Низкий
почти 4 года назад
github логотип
GHSA-2rjf-grmv-wrvv

Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence IP Gateway devices with software 2.0(3.34) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90734.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2rjf-9fvj-83c2

Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression.

3%
Низкий
больше 3 лет назад
github логотип
GHSA-2rjf-47pg-4v46

A directory traversal vulnerability with remote code execution in Prim'X Zed! FREE through 1.0 build 186 and Zed! Limited Edition through 6.1 build 2208 allows creation of arbitrary files on a user's workstation using crafted ZED! containers because the watermark loading function can place an executable file into a Startup folder.

CVSS3: 9.8
2%
Низкий
больше 3 лет назад
github логотип
GHSA-2rjc-h554-j93w

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Certificate Management Server service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15449.

CVSS3: 9.8
4%
Низкий
почти 3 года назад
github логотип
GHSA-2rjc-3f9w-ghg6

A vulnerability was found in AO-OPC server versions mentioned above. As the directory information for the service entry is not enclosed in quotation marks, potential attackers could possibly call up another application than the AO-OPC server by starting the service. The service might be started with system user privileges which could cause a shift in user access privileges. It is unlikely to exploit the vulnerability in well maintained Windows installations since the attacker would need write access to system folders. An update is available that resolves the vulnerability found during an internal review in the product AO-OPC = 3.2.1 

CVSS3: 7.2
0%
Низкий
больше 2 лет назад
github логотип
GHSA-2rj9-9w62-f3q6

Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote

CVSS3: 8.8
1%
Низкий
около 3 лет назад

Уязвимостей на страницу