Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-2jpv-hwfj-qgcx

больше 3 лет назад

Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2jpv-7wj6-667v

больше 3 лет назад

browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-2jpv-5fxc-x33v

почти 4 года назад

The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.

EPSS: Высокий
github логотип

GHSA-2jpv-47cx-7mgq

больше 3 лет назад

A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the libcommonprod.so binary.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2jpr-j4c2-5fwj

почти 4 года назад

SQL injection vulnerability in news.php in gCards version 1.43 allows remote attackers to execute arbitrary SQL commands via the limit parameter.

EPSS: Низкий
github логотип

GHSA-2jpr-cg8h-wpp2

больше 3 лет назад

An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111.

CVSS3: 7.4
EPSS: Низкий
github логотип

GHSA-2jpq-vmqx-2452

больше 3 лет назад

The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

EPSS: Низкий
github логотип

GHSA-2jpp-f2p3-hhw9

около 1 года назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bchristopeit WoW Guild Armory Roster allows Stored XSS.This issue affects WoW Guild Armory Roster: from n/a through 0.5.5.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-2jpm-mx7w-4vr7

больше 3 лет назад

b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP address in /admin/user/userid.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-2jpm-8cqp-7q87

9 месяцев назад

Rejected reason: Not used

EPSS: Низкий
github логотип

GHSA-2jpm-827p-j44g

больше 5 лет назад

Stored XSS in TimelineJS3

CVSS3: 7.2
EPSS: Низкий
github логотип

GHSA-2jpm-7mpv-5fjm

26 дней назад

Sandboxie-Plus 5.50.2 contains an unquoted service path vulnerability in the SbieSvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.

CVSS3: 8.4
EPSS: Низкий
github логотип

GHSA-2jpm-3fv2-55wf

больше 1 года назад

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235.

CVSS3: 6.7
EPSS: Низкий
github логотип

GHSA-2jpm-37j9-vp2m

12 месяцев назад

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in retrieve.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved.

CVSS3: 7.3
EPSS: Низкий
github логотип

GHSA-2jpj-jp34-f45f

больше 3 лет назад

cPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249).

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-2jpj-hq7g-8gxv

почти 3 года назад

NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can cause an access beyond a buffers end, which may lead to code execution, escalation of privileges, denial of service, and information disclosure.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2jph-wvx4-hmjh

больше 3 лет назад

Certain NETGEAR devices are affected by a stack-based buffer overflow. This affects R6250 before 1.0.4.12, R6400v2 before 1.0.2.32, R7000P/R6900P before 1.0.0.56, R7900 before 1.0.1.18, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and D8500 before 1.0.3.29.

EPSS: Низкий
github логотип

GHSA-2jph-rj29-p72m

больше 3 лет назад

Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php ajax endpoint.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2jph-pjp9-r9w7

больше 3 лет назад

Insufficient policy enforcement in image handling in iOS in Google Chrome on iOS prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-2jpg-9jfq-36cj

больше 2 лет назад

Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to eliminate roles within the platform by sending a specifically crafted query to the server. The vulnerability is based on the absence of proper validation of the origin of incoming requests.

CVSS3: 6.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2jpv-hwfj-qgcx

Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users.

CVSS3: 8.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2jpv-7wj6-667v

browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site.

CVSS3: 6.5
1%
Низкий
больше 3 лет назад
github логотип
GHSA-2jpv-5fxc-x33v

The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.

85%
Высокий
почти 4 года назад
github логотип
GHSA-2jpv-47cx-7mgq

A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the libcommonprod.so binary.

CVSS3: 9.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2jpr-j4c2-5fwj

SQL injection vulnerability in news.php in gCards version 1.43 allows remote attackers to execute arbitrary SQL commands via the limit parameter.

1%
Низкий
почти 4 года назад
github логотип
GHSA-2jpr-cg8h-wpp2

An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111.

CVSS3: 7.4
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2jpq-vmqx-2452

The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2jpp-f2p3-hhw9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bchristopeit WoW Guild Armory Roster allows Stored XSS.This issue affects WoW Guild Armory Roster: from n/a through 0.5.5.

CVSS3: 6.5
0%
Низкий
около 1 года назад
github логотип
GHSA-2jpm-mx7w-4vr7

b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP address in /admin/user/userid.

CVSS3: 5.4
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2jpm-8cqp-7q87

Rejected reason: Not used

9 месяцев назад
github логотип
GHSA-2jpm-827p-j44g

Stored XSS in TimelineJS3

CVSS3: 7.2
1%
Низкий
больше 5 лет назад
github логотип
GHSA-2jpm-7mpv-5fjm

Sandboxie-Plus 5.50.2 contains an unquoted service path vulnerability in the SbieSvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.

CVSS3: 8.4
0%
Низкий
26 дней назад
github логотип
GHSA-2jpm-3fv2-55wf

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235.

CVSS3: 6.7
0%
Низкий
больше 1 года назад
github логотип
GHSA-2jpm-37j9-vp2m

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in retrieve.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved.

CVSS3: 7.3
0%
Низкий
12 месяцев назад
github логотип
GHSA-2jpj-jp34-f45f

cPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249).

CVSS3: 4.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2jpj-hq7g-8gxv

NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can cause an access beyond a buffers end, which may lead to code execution, escalation of privileges, denial of service, and information disclosure.

CVSS3: 7.5
0%
Низкий
почти 3 года назад
github логотип
GHSA-2jph-wvx4-hmjh

Certain NETGEAR devices are affected by a stack-based buffer overflow. This affects R6250 before 1.0.4.12, R6400v2 before 1.0.2.32, R7000P/R6900P before 1.0.0.56, R7900 before 1.0.1.18, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and D8500 before 1.0.3.29.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2jph-rj29-p72m

Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php ajax endpoint.

CVSS3: 7.5
3%
Низкий
больше 3 лет назад
github логотип
GHSA-2jph-pjp9-r9w7

Insufficient policy enforcement in image handling in iOS in Google Chrome on iOS prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSS3: 6.5
1%
Низкий
больше 3 лет назад
github логотип
GHSA-2jpg-9jfq-36cj

Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to eliminate roles within the platform by sending a specifically crafted query to the server. The vulnerability is based on the absence of proper validation of the origin of incoming requests.

CVSS3: 6.5
0%
Низкий
больше 2 лет назад

Уязвимостей на страницу