Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-2mvc-557g-5638

почти 2 года назад

pgAdmin is affected by a multi-factor authentication bypass vulnerability

CVSS3: 7.4
EPSS: Низкий
github логотип

GHSA-2mvc-4cf2-7fwr

больше 3 лет назад

Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 4.3 allows local users to affect confidentiality via vectors related to Cluster Geo.

CVSS3: 3.3
EPSS: Низкий
github логотип

GHSA-2mv9-hw87-r9p2

больше 3 лет назад

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with "../" substrings, can occur.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2mv9-fr3x-rh65

больше 3 лет назад

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

EPSS: Низкий
github логотип

GHSA-2mv8-jjm5-f3hr

больше 1 года назад

SQL injection in funadmin

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2mv8-c3hx-xq6v

11 месяцев назад

In mintplex-labs/anything-llm v1.5.11 desktop version for Windows, the application opens server port 3001 on 0.0.0.0 with no authentication by default. This vulnerability allows an attacker to gain full backend access, enabling them to perform actions such as deleting all data from the workspace.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2mv7-g8jg-j2fh

больше 3 лет назад

Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30202, CVE-2022-30224.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2mv6-v62f-5jpx

больше 2 лет назад

fdkaac before 1.0.5 was discovered to contain a heap buffer overflow in caf_info function in caf_reader.c.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-2mv6-3455-75q3

11 месяцев назад

A vulnerability classified as critical was found in Codezips Online Shopping Website 1.0. This vulnerability affects unknown code of the file /success.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 7.3
EPSS: Низкий
github логотип

GHSA-2mv5-xfc5-j7j6

12 месяцев назад

Cross-Site Request Forgery (CSRF) vulnerability in pa1 WP Html Page Sitemap allows Stored XSS. This issue affects WP Html Page Sitemap: from n/a through 2.2.

CVSS3: 7.1
EPSS: Низкий
github логотип

GHSA-2mv5-wvgc-cq3v

около 2 месяцев назад

A vulnerability has been found in Ningyuanda TC155 57.0.2.0. The affected element is an unknown function of the component RTSP Live Video Stream Endpoint. Such manipulation leads to improper authentication. The attack must be carried out from within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-2mv5-hhjg-6pj4

около 2 лет назад

Dasan Networks - W-Web versions 1.22-1.27 - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2mv4-pxp2-cp34

около 2 лет назад

Cross-Site Request Forgery (CSRF) vulnerability in Andrea Landonio Taxonomy filter allows Cross Site Request Forgery.This issue affects Taxonomy filter: from n/a through 2.2.9.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-2mv3-q87f-7j24

около 3 лет назад

Moodle Plugin - SAML Auth may allow Open Redirect through unspecified vectors.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-2mv3-mwwf-9mrv

почти 3 года назад

A vulnerability was found in dd32 Debug Bar Plugin up to 0.8. It has been declared as problematic. Affected by this vulnerability is the function render of the file panels/class-debug-bar-queries.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.8.1 is able to address this issue. The name of the patch is 0842af8f8a556bc3e39b9ef758173b0a8a9ccbfc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222739.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-2mv3-9m4h-pmr6

почти 4 года назад

Cross-site scripting (XSS) vulnerability in Opentools Attachment Mod before 2.4.5 allows remote attackers to inject arbitrary web script or HTML in Internet Explorer via unknown vectors related to the uploaded attachments form. NOTE: some details were obtained from third party information.

EPSS: Низкий
github логотип

GHSA-2mv3-6453-384c

больше 3 лет назад

EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary commands via RPC service to be executed on the host system with the privileges of the nsrexecd service, which runs with administrative privileges.

CVSS3: 9.8
EPSS: Средний
github логотип

GHSA-2mv3-3vpm-p5pm

7 месяцев назад

A backdoor in PHPStudy versions 2016 through 2018 allows unauthenticated remote attackers to execute arbitrary PHP code on affected installations. The backdoor listens for base64-encoded PHP payloads in the Accept-Charset HTTP header of incoming requests, decodes and executes the payload without proper validation. This leads to remote code execution as the web server user, compromising the affected system.

EPSS: Средний
github логотип

GHSA-2mv2-frc6-w8q9

почти 4 года назад

SQL injection vulnerability in wp-download_monitor/download.php in the Download Monitor 2.0.6 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

EPSS: Низкий
github логотип

GHSA-2mrx-q835-w93g

больше 3 лет назад

In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active

CVSS3: 7.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2mvc-557g-5638

pgAdmin is affected by a multi-factor authentication bypass vulnerability

CVSS3: 7.4
0%
Низкий
почти 2 года назад
github логотип
GHSA-2mvc-4cf2-7fwr

Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 4.3 allows local users to affect confidentiality via vectors related to Cluster Geo.

CVSS3: 3.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2mv9-hw87-r9p2

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with "../" substrings, can occur.

CVSS3: 8.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2mv9-fr3x-rh65

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

4%
Низкий
больше 3 лет назад
github логотип
GHSA-2mv8-jjm5-f3hr

SQL injection in funadmin

CVSS3: 9.8
0%
Низкий
больше 1 года назад
github логотип
GHSA-2mv8-c3hx-xq6v

In mintplex-labs/anything-llm v1.5.11 desktop version for Windows, the application opens server port 3001 on 0.0.0.0 with no authentication by default. This vulnerability allows an attacker to gain full backend access, enabling them to perform actions such as deleting all data from the workspace.

CVSS3: 9.8
0%
Низкий
11 месяцев назад
github логотип
GHSA-2mv7-g8jg-j2fh

Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30202, CVE-2022-30224.

CVSS3: 7.5
8%
Низкий
больше 3 лет назад
github логотип
GHSA-2mv6-v62f-5jpx

fdkaac before 1.0.5 was discovered to contain a heap buffer overflow in caf_info function in caf_reader.c.

CVSS3: 5.5
0%
Низкий
больше 2 лет назад
github логотип
GHSA-2mv6-3455-75q3

A vulnerability classified as critical was found in Codezips Online Shopping Website 1.0. This vulnerability affects unknown code of the file /success.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 7.3
0%
Низкий
11 месяцев назад
github логотип
GHSA-2mv5-xfc5-j7j6

Cross-Site Request Forgery (CSRF) vulnerability in pa1 WP Html Page Sitemap allows Stored XSS. This issue affects WP Html Page Sitemap: from n/a through 2.2.

CVSS3: 7.1
0%
Низкий
12 месяцев назад
github логотип
GHSA-2mv5-wvgc-cq3v

A vulnerability has been found in Ningyuanda TC155 57.0.2.0. The affected element is an unknown function of the component RTSP Live Video Stream Endpoint. Such manipulation leads to improper authentication. The attack must be carried out from within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS3: 4.3
0%
Низкий
около 2 месяцев назад
github логотип
GHSA-2mv5-hhjg-6pj4

Dasan Networks - W-Web versions 1.22-1.27 - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSS3: 9.8
0%
Низкий
около 2 лет назад
github логотип
GHSA-2mv4-pxp2-cp34

Cross-Site Request Forgery (CSRF) vulnerability in Andrea Landonio Taxonomy filter allows Cross Site Request Forgery.This issue affects Taxonomy filter: from n/a through 2.2.9.

CVSS3: 5.4
0%
Низкий
около 2 лет назад
github логотип
GHSA-2mv3-q87f-7j24

Moodle Plugin - SAML Auth may allow Open Redirect through unspecified vectors.

CVSS3: 6.1
0%
Низкий
около 3 лет назад
github логотип
GHSA-2mv3-mwwf-9mrv

A vulnerability was found in dd32 Debug Bar Plugin up to 0.8. It has been declared as problematic. Affected by this vulnerability is the function render of the file panels/class-debug-bar-queries.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.8.1 is able to address this issue. The name of the patch is 0842af8f8a556bc3e39b9ef758173b0a8a9ccbfc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222739.

CVSS3: 6.1
0%
Низкий
почти 3 года назад
github логотип
GHSA-2mv3-9m4h-pmr6

Cross-site scripting (XSS) vulnerability in Opentools Attachment Mod before 2.4.5 allows remote attackers to inject arbitrary web script or HTML in Internet Explorer via unknown vectors related to the uploaded attachments form. NOTE: some details were obtained from third party information.

0%
Низкий
почти 4 года назад
github логотип
GHSA-2mv3-6453-384c

EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary commands via RPC service to be executed on the host system with the privileges of the nsrexecd service, which runs with administrative privileges.

CVSS3: 9.8
18%
Средний
больше 3 лет назад
github логотип
GHSA-2mv3-3vpm-p5pm

A backdoor in PHPStudy versions 2016 through 2018 allows unauthenticated remote attackers to execute arbitrary PHP code on affected installations. The backdoor listens for base64-encoded PHP payloads in the Accept-Charset HTTP header of incoming requests, decodes and executes the payload without proper validation. This leads to remote code execution as the web server user, compromising the affected system.

59%
Средний
7 месяцев назад
github логотип
GHSA-2mv2-frc6-w8q9

SQL injection vulnerability in wp-download_monitor/download.php in the Download Monitor 2.0.6 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

0%
Низкий
почти 4 года назад
github логотип
GHSA-2mrx-q835-w93g

In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active

CVSS3: 7.5
0%
Низкий
больше 3 лет назад

Уязвимостей на страницу