Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-2fm9-5hwg-96ch

больше 2 лет назад

A vulnerability has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 and classified as critical. This vulnerability affects unknown code of the file /App_Resource/UEditor/server/upload.aspx. The manipulation of the argument file leads to unrestricted upload. The exploit has been disclosed to the public and may be used. VDB-235066 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-2fm8-cg34-48gj

больше 3 лет назад

Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c.

EPSS: Низкий
github логотип

GHSA-2fm8-4j83-qggv

больше 3 лет назад

Adobe Photoshop 12.0 in Creative Suite 5 (CS5) and 12.1 in Creative Suite 5.1 (CS5.1) allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GIF file.

EPSS: Средний
github логотип

GHSA-2fm6-qmmh-8rv2

11 месяцев назад

A vulnerability was found in Dromara ujcms 9.7.5. It has been rated as problematic. Affected by this issue is the function uploadZip/upload of the file /main/java/com/ujcms/cms/ext/web/backendapi/WebFileUploadController.java of the component File Upload. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 2.4
EPSS: Низкий
github логотип

GHSA-2fm6-mv57-p2qh

больше 1 года назад

Apache Dolphinscheduler Code Injection vulnerability

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2fm6-m998-phjq

почти 3 года назад

FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2fm6-frjx-j4pv

больше 3 лет назад

Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0052.

CVSS3: 7.8
EPSS: Средний
github логотип

GHSA-2fm5-x4wv-3p5g

больше 1 года назад

In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove() The cmd_buff needs to be freed when error happened in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove().

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-2fm4-723x-jv9m

почти 3 года назад

Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers.

CVSS3: 8.8
EPSS: Высокий
github логотип

GHSA-2fm4-33w4-x4fw

больше 3 лет назад

CrushFTP before 7.8.0 and 8.x before 8.2.0 has a redirect vulnerability.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-2fm3-57pq-4jp3

4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter() If device_register() fails in cxl_register_afu|adapter(), the device is not added, device_unregister() can not be called in the error path, otherwise it will cause a null-ptr-deref because of removing not added device. As comment of device_register() says, it should use put_device() to give up the reference in the error path. So split device_unregister() into device_del() and put_device(), then goes to put dev when register fails.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-2fm3-2pmx-c3ff

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ss_id parameter.

EPSS: Низкий
github логотип

GHSA-2fm2-p76r-3mv9

больше 3 лет назад

The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant administrator’s credential and further control the devices.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2fjx-98mq-mq2j

больше 3 лет назад

In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exists in the Business Analytics application.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2fjx-93rg-p8fv

6 месяцев назад

The Radius Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subHeadingTagName’ parameter in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS3: 6.4
EPSS: Низкий
github логотип

GHSA-2fjx-8hxj-4456

почти 2 года назад

In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter

CVSS3: 7.4
EPSS: Низкий
github логотип

GHSA-2fjw-whxm-9v4q

2 месяца назад

libnftnl has Heap-based Buffer Overflow in nftnl::Batch::with_page_size (nftnl-rs)

EPSS: Низкий
github логотип

GHSA-2fjv-ffr6-wh68

больше 1 года назад

Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2fjq-9whp-5fvh

почти 4 года назад

Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.

EPSS: Средний
github логотип

GHSA-2fjq-599h-52qf

больше 3 лет назад

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e30.

CVSS3: 7.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2fm9-5hwg-96ch

A vulnerability has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 and classified as critical. This vulnerability affects unknown code of the file /App_Resource/UEditor/server/upload.aspx. The manipulation of the argument file leads to unrestricted upload. The exploit has been disclosed to the public and may be used. VDB-235066 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS3: 5.5
0%
Низкий
больше 2 лет назад
github логотип
GHSA-2fm8-cg34-48gj

Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c.

4%
Низкий
больше 3 лет назад
github логотип
GHSA-2fm8-4j83-qggv

Adobe Photoshop 12.0 in Creative Suite 5 (CS5) and 12.1 in Creative Suite 5.1 (CS5.1) allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GIF file.

48%
Средний
больше 3 лет назад
github логотип
GHSA-2fm6-qmmh-8rv2

A vulnerability was found in Dromara ujcms 9.7.5. It has been rated as problematic. Affected by this issue is the function uploadZip/upload of the file /main/java/com/ujcms/cms/ext/web/backendapi/WebFileUploadController.java of the component File Upload. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 2.4
0%
Низкий
11 месяцев назад
github логотип
GHSA-2fm6-mv57-p2qh

Apache Dolphinscheduler Code Injection vulnerability

CVSS3: 9.8
4%
Низкий
больше 1 года назад
github логотип
GHSA-2fm6-m998-phjq

FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS3: 7.8
0%
Низкий
почти 3 года назад
github логотип
GHSA-2fm6-frjx-j4pv

Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0052.

CVSS3: 7.8
23%
Средний
больше 3 лет назад
github логотип
GHSA-2fm5-x4wv-3p5g

In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove() The cmd_buff needs to be freed when error happened in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove().

CVSS3: 5.5
0%
Низкий
больше 1 года назад
github логотип
GHSA-2fm4-723x-jv9m

Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers.

CVSS3: 8.8
82%
Высокий
почти 3 года назад
github логотип
GHSA-2fm4-33w4-x4fw

CrushFTP before 7.8.0 and 8.x before 8.2.0 has a redirect vulnerability.

CVSS3: 6.1
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2fm3-57pq-4jp3

In the Linux kernel, the following vulnerability has been resolved: cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter() If device_register() fails in cxl_register_afu|adapter(), the device is not added, device_unregister() can not be called in the error path, otherwise it will cause a null-ptr-deref because of removing not added device. As comment of device_register() says, it should use put_device() to give up the reference in the error path. So split device_unregister() into device_del() and put_device(), then goes to put dev when register fails.

CVSS3: 5.5
0%
Низкий
4 месяца назад
github логотип
GHSA-2fm3-2pmx-c3ff

Cross-site scripting (XSS) vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ss_id parameter.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2fm2-p76r-3mv9

The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant administrator’s credential and further control the devices.

CVSS3: 9.8
2%
Низкий
больше 3 лет назад
github логотип
GHSA-2fjx-98mq-mq2j

In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exists in the Business Analytics application.

CVSS3: 8.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2fjx-93rg-p8fv

The Radius Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subHeadingTagName’ parameter in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS3: 6.4
0%
Низкий
6 месяцев назад
github логотип
GHSA-2fjx-8hxj-4456

In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter

CVSS3: 7.4
0%
Низкий
почти 2 года назад
github логотип
GHSA-2fjw-whxm-9v4q

libnftnl has Heap-based Buffer Overflow in nftnl::Batch::with_page_size (nftnl-rs)

2 месяца назад
github логотип
GHSA-2fjv-ffr6-wh68

Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.

CVSS3: 7.5
1%
Низкий
больше 1 года назад
github логотип
GHSA-2fjq-9whp-5fvh

Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.

18%
Средний
почти 4 года назад
github логотип
GHSA-2fjq-599h-52qf

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e30.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад

Уязвимостей на страницу