Количество 312 573
Количество 312 573
GHSA-2f4r-6wjq-849q
Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Answers allows Cross Site Request Forgery. This issue affects CM Answers: from n/a through 3.3.3.
GHSA-2f4r-5cwh-8v4h
Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior versions allows remote attackers to execute arbitrary code via a long From: header.
GHSA-2f4r-34m4-3w8q
Auth0 Wordpress plugin Vulnerable to Brute Force Authentication Tags of CookieStore Sessions
GHSA-2f4q-xh8v-r37w
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
GHSA-2f4q-m35h-pw25
Buffer overflow in the server in OpenTTD 0.6.1 and earlier allows remote authenticated users to cause a denial of service (persistent game disruption) or possibly execute arbitrary code via vectors involving many long names for "companies and clients."
GHSA-2f4q-fp76-vh93
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the vAlign property of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6482.
GHSA-2f4q-74mc-vp6m
RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username parameter in the signup page.
GHSA-2f4p-w49c-4q77
An issue was discovered in bridgetech probes VB220 IP Network Probe,VB120 Embedded IP + RF Probe, VB330 High-Capacity Probe, VB440 ST 2110 Production Analytics Probe, and NOMAD, firmware versions 6.5.0-9, allowing attackers to gain sensitive information such as administrator passwords via the /probe/core/setup/passwd endpoint.
GHSA-2f4p-m737-x9wf
D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function.
GHSA-2f4p-j5v8-cq58
The Enhanced BibliPlug plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bibliplug_authors' shortcode in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
GHSA-2f4p-44cq-2pg5
The sandbox infrastructure in Google Chrome before 4.1.249.1036 does not properly use pointers, which has unspecified impact and attack vectors.
GHSA-2f4j-c232-x8x2
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
GHSA-2f4j-64mc-h8m2
The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 and Firefox < 55.
GHSA-2f4j-4fwc-f6fp
An issue was discovered in OpServices OpMon 9.3.2 that allows Remote Code Execution .
GHSA-2f4h-rvr5-mcmc
Open redirect vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
GHSA-2f4g-8m4c-65fm
The WLAN module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause third-party apps to affect WLAN functions.
GHSA-2f4g-6hfh-2v64
VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security for PC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from incorrect permissions on a folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27147.
GHSA-2f4f-h5m8-27v8
A vulnerability has been found in UJCMS up to 6.0.2 and classified as problematic. This vulnerability affects unknown code of the component ZIP Package Handler. The manipulation of the argument dir leads to information disclosure. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-231502 is the identifier assigned to this vulnerability.
GHSA-2f4f-67fq-rw74
Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an OS command injection vulnerability via calls made to the XMService component.
GHSA-2f4c-8rp6-fh6q
Arbitrary file read vulnerability in Copy data to workspace Jenkins Plugin
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-2f4r-6wjq-849q Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Answers allows Cross Site Request Forgery. This issue affects CM Answers: from n/a through 3.3.3. | CVSS3: 4.3 | 0% Низкий | 10 месяцев назад | |
GHSA-2f4r-5cwh-8v4h Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior versions allows remote attackers to execute arbitrary code via a long From: header. | 1% Низкий | почти 4 года назад | ||
GHSA-2f4r-34m4-3w8q Auth0 Wordpress plugin Vulnerable to Brute Force Authentication Tags of CookieStore Sessions | CVSS3: 9.1 | 9 месяцев назад | ||
GHSA-2f4q-xh8v-r37w A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | CVSS3: 8.8 | 0% Низкий | 8 месяцев назад | |
GHSA-2f4q-m35h-pw25 Buffer overflow in the server in OpenTTD 0.6.1 and earlier allows remote authenticated users to cause a denial of service (persistent game disruption) or possibly execute arbitrary code via vectors involving many long names for "companies and clients." | 13% Средний | почти 4 года назад | ||
GHSA-2f4q-fp76-vh93 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the vAlign property of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6482. | CVSS3: 8.8 | 1% Низкий | больше 3 лет назад | |
GHSA-2f4q-74mc-vp6m RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username parameter in the signup page. | 1% Низкий | больше 3 лет назад | ||
GHSA-2f4p-w49c-4q77 An issue was discovered in bridgetech probes VB220 IP Network Probe,VB120 Embedded IP + RF Probe, VB330 High-Capacity Probe, VB440 ST 2110 Production Analytics Probe, and NOMAD, firmware versions 6.5.0-9, allowing attackers to gain sensitive information such as administrator passwords via the /probe/core/setup/passwd endpoint. | CVSS3: 7.5 | 0% Низкий | 3 месяца назад | |
GHSA-2f4p-m737-x9wf D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function. | CVSS3: 9.8 | 28% Средний | около 3 лет назад | |
GHSA-2f4p-j5v8-cq58 The Enhanced BibliPlug plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bibliplug_authors' shortcode in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | CVSS3: 6.4 | 0% Низкий | 5 месяцев назад | |
GHSA-2f4p-44cq-2pg5 The sandbox infrastructure in Google Chrome before 4.1.249.1036 does not properly use pointers, which has unspecified impact and attack vectors. | 0% Низкий | почти 4 года назад | ||
GHSA-2f4j-c232-x8x2 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 12 месяцев назад | |||
GHSA-2f4j-64mc-h8m2 The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 and Firefox < 55. | CVSS3: 8.8 | 4% Низкий | больше 3 лет назад | |
GHSA-2f4j-4fwc-f6fp An issue was discovered in OpServices OpMon 9.3.2 that allows Remote Code Execution . | 5% Низкий | больше 3 лет назад | ||
GHSA-2f4h-rvr5-mcmc Open redirect vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 0% Низкий | больше 3 лет назад | ||
GHSA-2f4g-8m4c-65fm The WLAN module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause third-party apps to affect WLAN functions. | CVSS3: 9.8 | 0% Низкий | больше 3 лет назад | |
GHSA-2f4g-6hfh-2v64 VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security for PC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from incorrect permissions on a folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27147. | CVSS3: 7.8 | 0% Низкий | около 2 месяцев назад | |
GHSA-2f4f-h5m8-27v8 A vulnerability has been found in UJCMS up to 6.0.2 and classified as problematic. This vulnerability affects unknown code of the component ZIP Package Handler. The manipulation of the argument dir leads to information disclosure. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-231502 is the identifier assigned to this vulnerability. | CVSS3: 3.1 | 0% Низкий | больше 2 лет назад | |
GHSA-2f4f-67fq-rw74 Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an OS command injection vulnerability via calls made to the XMService component. | CVSS3: 8.8 | 1% Низкий | почти 3 года назад | |
GHSA-2f4c-8rp6-fh6q Arbitrary file read vulnerability in Copy data to workspace Jenkins Plugin | CVSS3: 6.5 | 2% Низкий | больше 3 лет назад |
Уязвимостей на страницу