Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-2p69-65qq-262h

больше 3 лет назад

CactusVPN 5.3.6 for macOS contains a root privilege escalation vulnerability through a setuid root binary called runme. The binary takes a single command line argument and passes this argument to a system() call, thus allowing low privileged users to execute commands as root.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2p68-f74v-9wc6

больше 5 лет назад

ActiveSupport potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore

CVSS3: 9.8
EPSS: Критический
github логотип

GHSA-2p68-5cjx-px9g

больше 2 лет назад

Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments Ratings plugin <= 1.1.6 versions.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-2p67-36h6-33v6

около 2 лет назад

An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2p66-4rg2-ppg3

почти 4 года назад

Unspecified vulnerability in utape in IBM AIX 5.2.0 and 5.3.0 allows attackers to execute arbitrary commands and overwrite arbitrary files via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-2p66-4gvq-xrrq

почти 4 года назад

Stack-based buffer overflow in artegic Dana IRC client 1.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long IRC message.

EPSS: Средний
github логотип

GHSA-2p66-2g75-qw5g

почти 2 года назад

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_uri_editor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of all posts.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-2p65-4wj7-rfxw

около 1 месяца назад

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.

EPSS: Низкий
github логотип

GHSA-2p64-mr93-v76g

почти 4 года назад

Dino's Webserver 1.2 allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via several large HTTP requests within a short time.

EPSS: Низкий
github логотип

GHSA-2p64-hc8v-gh2f

почти 4 года назад

Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property.

EPSS: Низкий
github логотип

GHSA-2p63-m9x5-p5cm

больше 3 лет назад

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /admin/del.php.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2p63-m843-cvx8

больше 3 лет назад

IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172707.

EPSS: Низкий
github логотип

GHSA-2p62-w27q-9g83

больше 3 лет назад

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. All permissions being granted would properly be shown during the first authorization, but in certain circumstances, if the user revisits the authorization flow after the GitHub App has configured additional user-level permissions, those additional permissions may not be shown, leading to more permissions being granted than the user potentially intended. This vulnerability affected GitHub Enterprise Server 3.0.x prior to 3.0.7 and 2.22.x prior to 2.22.13. It was fixed in versions 3.0.7 and 2.22.13. This vulnerability was reported via the GitHub Bug Bounty program.

EPSS: Низкий
github логотип

GHSA-2p62-g69r-34gr

почти 2 года назад

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘author_meta_tag’ attribute of the Author Meta widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS3: 6.4
EPSS: Низкий
github логотип

GHSA-2p62-c4rm-mr72

больше 5 лет назад

Malicious Package in another-date-picker

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2p5x-6x62-jgxf

больше 3 лет назад

The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-2p5w-vr7w-w9xh

почти 4 года назад

PHP remote file inclusion vulnerability in cal.func.php in Valerio Capello Dagger - The Cutting Edge r23jan2007 allows remote attackers to execute arbitrary PHP code via a URL in the dir_edge_lang parameter.

EPSS: Высокий
github логотип

GHSA-2p5w-cvg5-gc5c

16 дней назад

A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive information disclosure, such as reading system files, and allow for data manipulation or deletion within the application's database, resulting in an application level denial of service.

CVSS3: 8.3
EPSS: Низкий
github логотип

GHSA-2p5v-xc8c-c7f4

больше 3 лет назад

Directory traversal vulnerability in the PXE Mtftp service in Hitachi JP1/ServerConductor/DeploymentManager before 08-55 Japanese and before 08-51 English allows remote attackers to read arbitrary files via unknown vectors.

EPSS: Низкий
github логотип

GHSA-2p5v-p767-wqv5

около 2 месяцев назад

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.

CVSS3: 6.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2p69-65qq-262h

CactusVPN 5.3.6 for macOS contains a root privilege escalation vulnerability through a setuid root binary called runme. The binary takes a single command line argument and passes this argument to a system() call, thus allowing low privileged users to execute commands as root.

CVSS3: 8.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2p68-f74v-9wc6

ActiveSupport potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore

CVSS3: 9.8
90%
Критический
больше 5 лет назад
github логотип
GHSA-2p68-5cjx-px9g

Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments Ratings plugin <= 1.1.6 versions.

CVSS3: 4.3
0%
Низкий
больше 2 лет назад
github логотип
GHSA-2p67-36h6-33v6

An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca.

CVSS3: 7.5
0%
Низкий
около 2 лет назад
github логотип
GHSA-2p66-4rg2-ppg3

Unspecified vulnerability in utape in IBM AIX 5.2.0 and 5.3.0 allows attackers to execute arbitrary commands and overwrite arbitrary files via unspecified vectors.

2%
Низкий
почти 4 года назад
github логотип
GHSA-2p66-4gvq-xrrq

Stack-based buffer overflow in artegic Dana IRC client 1.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long IRC message.

53%
Средний
почти 4 года назад
github логотип
GHSA-2p66-2g75-qw5g

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_uri_editor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of all posts.

CVSS3: 4.3
0%
Низкий
почти 2 года назад
github логотип
GHSA-2p65-4wj7-rfxw

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.

около 1 месяца назад
github логотип
GHSA-2p64-mr93-v76g

Dino's Webserver 1.2 allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via several large HTTP requests within a short time.

2%
Низкий
почти 4 года назад
github логотип
GHSA-2p64-hc8v-gh2f

Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property.

5%
Низкий
почти 4 года назад
github логотип
GHSA-2p63-m9x5-p5cm

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /admin/del.php.

CVSS3: 9.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2p63-m843-cvx8

IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172707.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2p62-w27q-9g83

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. All permissions being granted would properly be shown during the first authorization, but in certain circumstances, if the user revisits the authorization flow after the GitHub App has configured additional user-level permissions, those additional permissions may not be shown, leading to more permissions being granted than the user potentially intended. This vulnerability affected GitHub Enterprise Server 3.0.x prior to 3.0.7 and 2.22.x prior to 2.22.13. It was fixed in versions 3.0.7 and 2.22.13. This vulnerability was reported via the GitHub Bug Bounty program.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2p62-g69r-34gr

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘author_meta_tag’ attribute of the Author Meta widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS3: 6.4
0%
Низкий
почти 2 года назад
github логотип
GHSA-2p62-c4rm-mr72

Malicious Package in another-date-picker

CVSS3: 9.8
больше 5 лет назад
github логотип
GHSA-2p5x-6x62-jgxf

The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.

2%
Низкий
больше 3 лет назад
github логотип
GHSA-2p5w-vr7w-w9xh

PHP remote file inclusion vulnerability in cal.func.php in Valerio Capello Dagger - The Cutting Edge r23jan2007 allows remote attackers to execute arbitrary PHP code via a URL in the dir_edge_lang parameter.

84%
Высокий
почти 4 года назад
github логотип
GHSA-2p5w-cvg5-gc5c

A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive information disclosure, such as reading system files, and allow for data manipulation or deletion within the application's database, resulting in an application level denial of service.

CVSS3: 8.3
0%
Низкий
16 дней назад
github логотип
GHSA-2p5v-xc8c-c7f4

Directory traversal vulnerability in the PXE Mtftp service in Hitachi JP1/ServerConductor/DeploymentManager before 08-55 Japanese and before 08-51 English allows remote attackers to read arbitrary files via unknown vectors.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2p5v-p767-wqv5

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.

CVSS3: 6.5
0%
Низкий
около 2 месяцев назад

Уязвимостей на страницу