Количество 312 573
Количество 312 573
GHSA-2cv7-m7r7-5xxj
rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory.
GHSA-2cv7-399j-p9vv
SQL injection vulnerability in ajax.php in SCORM Cloud For WordPress plugin before 1.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the active parameter. NOTE: some of these details are obtained from third party information.
GHSA-2cv6-6437-39p2
Cross-site Scripting in microweber
GHSA-2cv6-5p72-5vx5
The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce.
GHSA-2cv6-4f2r-jq2c
Apache Felix HTTP Webconsole Plugin: XSS in HTTP Webconsole Plugin
GHSA-2cv5-qvq3-6276
TeamPass vulnerable to Improper Encoding or Escaping of Output
GHSA-2cv5-5qgg-939j
choose_file.php in easy-CMS 0.1.2, when mod_mime is installed, does not restrict uploads of filenames with multiple extensions, which allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a GIF file extension, then directly accessing that file in the Repositories directory.
GHSA-2cv4-7rxg-7hp8
Cross-site scripting (XSS) vulnerability in index.php in Siteman 2.0.x2 allows remote attackers to inject arbitrary web script or HTML via the module parameter, which leaks the path in an error message.
GHSA-2cv3-9jp8-rgg3
Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
GHSA-2cv2-pmj7-qmcg
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).
GHSA-2cv2-83wv-6whc
An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The extension fails to restrict the image download to the configured pixx.io DAM URL, resulting in SSRF. As a result, an attacker can download various content from a remote location and save it to a user-controlled filename, which may result in Remote Code Execution. A TYPO3 backend user account is required to exploit this.
GHSA-2crw-vwxg-vxcx
Simple Machines Forum (SMF) through 2.0.5 has XSS
GHSA-2crw-gg34-7j66
teTeX filter before 1.0.7 allows local users to gain privileges via a symlink attack on temporary files that are produced when printing .dvi files using lpr.
GHSA-2crw-c3p5-4j2g
In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.
GHSA-2crv-pj7h-4r9x
In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r357214, and 11.3-RELEASE before 11.3-RELEASE-p6, URL handling in libfetch with URLs containing username and/or password components is vulnerable to a heap buffer overflow allowing program misbehavior or malicious code execution.
GHSA-2crr-5j3x-mqhx
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ninja Team File Manager Pro allows Stored XSS. This issue affects File Manager Pro: from n/a through 1.8.8.
GHSA-2crr-37jg-749x
Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the room_name parameter.
GHSA-2crq-wx4p-2m52
Unspecified vulnerability in the Java agent in Cisco Application Networking Manager (ANM) before 2.0 Update A allows remote attackers to gain privileges, and cause a denial of service (service outage) by stopping processes, or obtain sensitive information by reading configuration files.
GHSA-2crq-pm63-66xm
Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7070.
GHSA-2crq-h74r-554p
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21132)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-2cv7-m7r7-5xxj rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory. | 0% Низкий | почти 4 года назад | ||
GHSA-2cv7-399j-p9vv SQL injection vulnerability in ajax.php in SCORM Cloud For WordPress plugin before 1.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the active parameter. NOTE: some of these details are obtained from third party information. | 1% Низкий | больше 3 лет назад | ||
GHSA-2cv6-6437-39p2 Cross-site Scripting in microweber | CVSS3: 4.8 | 0% Низкий | почти 4 года назад | |
GHSA-2cv6-5p72-5vx5 The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce. | 1% Низкий | больше 3 лет назад | ||
GHSA-2cv6-4f2r-jq2c Apache Felix HTTP Webconsole Plugin: XSS in HTTP Webconsole Plugin | CVSS3: 5.6 | 0% Низкий | 11 месяцев назад | |
GHSA-2cv5-qvq3-6276 TeamPass vulnerable to Improper Encoding or Escaping of Output | CVSS3: 7.6 | 0% Низкий | больше 2 лет назад | |
GHSA-2cv5-5qgg-939j choose_file.php in easy-CMS 0.1.2, when mod_mime is installed, does not restrict uploads of filenames with multiple extensions, which allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a GIF file extension, then directly accessing that file in the Repositories directory. | 1% Низкий | почти 4 года назад | ||
GHSA-2cv4-7rxg-7hp8 Cross-site scripting (XSS) vulnerability in index.php in Siteman 2.0.x2 allows remote attackers to inject arbitrary web script or HTML via the module parameter, which leaks the path in an error message. | 3% Низкий | почти 4 года назад | ||
GHSA-2cv3-9jp8-rgg3 Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | CVSS3: 8.8 | 1% Низкий | больше 3 лет назад | |
GHSA-2cv2-pmj7-qmcg Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N). | CVSS3: 4.3 | 0% Низкий | 7 месяцев назад | |
GHSA-2cv2-83wv-6whc An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The extension fails to restrict the image download to the configured pixx.io DAM URL, resulting in SSRF. As a result, an attacker can download various content from a remote location and save it to a user-controlled filename, which may result in Remote Code Execution. A TYPO3 backend user account is required to exploit this. | 1% Низкий | больше 3 лет назад | ||
GHSA-2crw-vwxg-vxcx Simple Machines Forum (SMF) through 2.0.5 has XSS | 0% Низкий | почти 4 года назад | ||
GHSA-2crw-gg34-7j66 teTeX filter before 1.0.7 allows local users to gain privileges via a symlink attack on temporary files that are produced when printing .dvi files using lpr. | 0% Низкий | почти 4 года назад | ||
GHSA-2crw-c3p5-4j2g In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed. | CVSS3: 7.8 | 0% Низкий | больше 3 лет назад | |
GHSA-2crv-pj7h-4r9x In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r357214, and 11.3-RELEASE before 11.3-RELEASE-p6, URL handling in libfetch with URLs containing username and/or password components is vulnerable to a heap buffer overflow allowing program misbehavior or malicious code execution. | 1% Низкий | больше 3 лет назад | ||
GHSA-2crr-5j3x-mqhx Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ninja Team File Manager Pro allows Stored XSS. This issue affects File Manager Pro: from n/a through 1.8.8. | CVSS3: 5.9 | 0% Низкий | 8 месяцев назад | |
GHSA-2crr-37jg-749x Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the room_name parameter. | 0% Низкий | больше 3 лет назад | ||
GHSA-2crq-wx4p-2m52 Unspecified vulnerability in the Java agent in Cisco Application Networking Manager (ANM) before 2.0 Update A allows remote attackers to gain privileges, and cause a denial of service (service outage) by stopping processes, or obtain sensitive information by reading configuration files. | 1% Низкий | почти 4 года назад | ||
GHSA-2crq-pm63-66xm Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7070. | 1% Низкий | больше 3 лет назад | ||
GHSA-2crq-h74r-554p A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21132) | CVSS3: 7.8 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу