Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-2h76-94rj-gp24

около 1 года назад

A vulnerability was found in liujianview gymxmjpa 1.0. It has been declared as critical. Affected by this vulnerability is the function EquipmentDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/EquipmentController.java. The manipulation of the argument hyname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 6.3
EPSS: Низкий
github логотип

GHSA-2h76-3pqm-pm8j

4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk When the best clk is searched, we iterate over all possible clk. If we find a better match, the previous one, if any, needs to be freed. If a better match has already been found, we still need to free the new one, otherwise it leaks.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-2h75-rwg4-wvhq

больше 3 лет назад

On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU registers and the effect of code/instruction execution.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2h75-8m87-96fc

5 месяцев назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ProWCPlugins Product Time Countdown for WooCommerce allows Stored XSS. This issue affects Product Time Countdown for WooCommerce: from n/a through 1.6.4.

CVSS3: 5.9
EPSS: Низкий
github логотип

GHSA-2h74-xcwf-23j7

больше 3 лет назад

An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function list_iterator_next() located in gravity_core.c. It allows an attacker to cause Denial of Service.

EPSS: Низкий
github логотип

GHSA-2h74-w2gg-96g2

больше 3 лет назад

An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2h73-vgw2-r579

больше 3 лет назад

Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-2h72-wjmg-q2hg

больше 2 лет назад

A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as critical. Affected is an unknown function of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-240882 is the identifier assigned to this vulnerability.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-2h72-2hx7-mmcq

больше 3 лет назад

grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest switched (back) from v2 to v1. The freeing of such pages requires that the hypervisor know where in the guest these pages were mapped. The hypervisor tracks only one use within guest space, but racing requests from the guest to insert mappings of these pages may result in any of them to become mapped in multiple locations. Upon switching back from v2 to v1, the guest would then retain access to a page that was freed and perhaps re-used for other purposes.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2h6x-rf29-p2gv

почти 4 года назад

Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet (com.ms.xml.dso.XMLDSO.class) and modifies the base URL to point to the local system, which is trusted by the applet.

EPSS: Средний
github логотип

GHSA-2h6x-3gq5-h875

почти 4 года назад

Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an 802.1x frame on a Spanning Tree Protocol (STP) blocked port, which causes a network storm and a denial of service.

EPSS: Низкий
github логотип

GHSA-2h6w-rcrp-4x6j

больше 3 лет назад

An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'.

EPSS: Низкий
github логотип

GHSA-2h6w-r2g4-rxfc

2 месяца назад

A vulnerability was determined in jsnjfz WebStack-Guns 1.0. This vulnerability affects unknown code of the file src/main/java/com/jsnjfz/manage/core/common/constant/factory/PageFactory.java. Executing manipulation of the argument sort can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS3: 6.3
EPSS: Низкий
github логотип

GHSA-2h6w-pwfh-9mcf

почти 4 года назад

SQL injection vulnerability in thread.php in Woltlab Burning Board (WBB) 2.2.2 allows remote attackers to execute arbitrary SQL commands via the threadid parameter.

EPSS: Низкий
github логотип

GHSA-2h6v-4cpv-9pv7

больше 3 лет назад

A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data (postLoginQuery) passed to the "ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-2h6v-37p4-8p5c

почти 4 года назад

Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075, and Server before 1.0.4 Build 56528 allows local users to gain privileges via unspecified vectors, possibly involving a malicious "program.exe" file in the C: folder.

EPSS: Низкий
github логотип

GHSA-2h6r-jw9f-853p

около 2 лет назад

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2. An app may be able to access sensitive user data.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-2h6r-fv94-m5cr

11 месяцев назад

Rejected reason: Not used

EPSS: Низкий
github логотип

GHSA-2h6r-fgmg-ppfq

4 месяца назад

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in The Wikimedia Foundation Mediawiki Foundation - Springboard Extension allows Command Injection.This issue affects Mediawiki Foundation - Springboard Extension: master.

EPSS: Низкий
github логотип

GHSA-2h6p-mjgc-6qrf

5 месяцев назад

A denial-of-service issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, iOS 18.7 and iPadOS 18.7. An app may be able to cause a denial-of-service.

CVSS3: 5.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2h76-94rj-gp24

A vulnerability was found in liujianview gymxmjpa 1.0. It has been declared as critical. Affected by this vulnerability is the function EquipmentDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/EquipmentController.java. The manipulation of the argument hyname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 6.3
0%
Низкий
около 1 года назад
github логотип
GHSA-2h76-3pqm-pm8j

In the Linux kernel, the following vulnerability has been resolved: tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk When the best clk is searched, we iterate over all possible clk. If we find a better match, the previous one, if any, needs to be freed. If a better match has already been found, we still need to free the new one, otherwise it leaks.

CVSS3: 5.5
0%
Низкий
4 месяца назад
github логотип
GHSA-2h75-rwg4-wvhq

On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU registers and the effect of code/instruction execution.

CVSS3: 9.8
1%
Низкий
больше 3 лет назад
github логотип
GHSA-2h75-8m87-96fc

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ProWCPlugins Product Time Countdown for WooCommerce allows Stored XSS. This issue affects Product Time Countdown for WooCommerce: from n/a through 1.6.4.

CVSS3: 5.9
0%
Низкий
5 месяцев назад
github логотип
GHSA-2h74-xcwf-23j7

An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function list_iterator_next() located in gravity_core.c. It allows an attacker to cause Denial of Service.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2h74-w2gg-96g2

An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.

CVSS3: 8.8
3%
Низкий
больше 3 лет назад
github логотип
GHSA-2h73-vgw2-r579

Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

CVSS3: 6.5
1%
Низкий
больше 3 лет назад
github логотип
GHSA-2h72-wjmg-q2hg

A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as critical. Affected is an unknown function of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-240882 is the identifier assigned to this vulnerability.

CVSS3: 5.5
0%
Низкий
больше 2 лет назад
github логотип
GHSA-2h72-2hx7-mmcq

grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest switched (back) from v2 to v1. The freeing of such pages requires that the hypervisor know where in the guest these pages were mapped. The hypervisor tracks only one use within guest space, but racing requests from the guest to insert mappings of these pages may result in any of them to become mapped in multiple locations. Upon switching back from v2 to v1, the guest would then retain access to a page that was freed and perhaps re-used for other purposes.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2h6x-rf29-p2gv

Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet (com.ms.xml.dso.XMLDSO.class) and modifies the base URL to point to the local system, which is trusted by the applet.

55%
Средний
почти 4 года назад
github логотип
GHSA-2h6x-3gq5-h875

Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an 802.1x frame on a Spanning Tree Protocol (STP) blocked port, which causes a network storm and a denial of service.

1%
Низкий
почти 4 года назад
github логотип
GHSA-2h6w-rcrp-4x6j

An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2h6w-r2g4-rxfc

A vulnerability was determined in jsnjfz WebStack-Guns 1.0. This vulnerability affects unknown code of the file src/main/java/com/jsnjfz/manage/core/common/constant/factory/PageFactory.java. Executing manipulation of the argument sort can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS3: 6.3
0%
Низкий
2 месяца назад
github логотип
GHSA-2h6w-pwfh-9mcf

SQL injection vulnerability in thread.php in Woltlab Burning Board (WBB) 2.2.2 allows remote attackers to execute arbitrary SQL commands via the threadid parameter.

0%
Низкий
почти 4 года назад
github логотип
GHSA-2h6v-4cpv-9pv7

A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data (postLoginQuery) passed to the "ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

CVSS3: 6.1
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2h6v-37p4-8p5c

Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075, and Server before 1.0.4 Build 56528 allows local users to gain privileges via unspecified vectors, possibly involving a malicious "program.exe" file in the C: folder.

0%
Низкий
почти 4 года назад
github логотип
GHSA-2h6r-jw9f-853p

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2. An app may be able to access sensitive user data.

CVSS3: 5.5
около 2 лет назад
github логотип
GHSA-2h6r-fv94-m5cr

Rejected reason: Not used

11 месяцев назад
github логотип
GHSA-2h6r-fgmg-ppfq

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in The Wikimedia Foundation Mediawiki Foundation - Springboard Extension allows Command Injection.This issue affects Mediawiki Foundation - Springboard Extension: master.

2%
Низкий
4 месяца назад
github логотип
GHSA-2h6p-mjgc-6qrf

A denial-of-service issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, iOS 18.7 and iPadOS 18.7. An app may be able to cause a denial-of-service.

CVSS3: 5.5
0%
Низкий
5 месяцев назад

Уязвимостей на страницу