Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-2ghc-6v89-pw9j

больше 4 лет назад

body-parser-xml vulnerable to Prototype Pollution

CVSS3: 7.6
EPSS: Низкий
github логотип

GHSA-2gh9-j675-j2ff

больше 3 лет назад

An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected user.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-2gh9-f6jf-23hq

почти 2 года назад

Use of Externally-Controlled Format String vulnerability in Merge DICOM Toolkit C/C++ on Windows. When MC_Open_Association() function is used to open DICOM Association and gets DICOM Application Context Name with illegal characters, it might result in an unhandled exception.

CVSS3: 5.7
EPSS: Низкий
github логотип

GHSA-2gh8-q6wj-fwpq

почти 4 года назад

Cross-site scripting (XSS) vulnerability in the Devel module before 5.x-0.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via a site variable, related to lack of escaping of the variable table.

EPSS: Низкий
github логотип

GHSA-2gh8-prg6-5v63

больше 3 лет назад

The proc_oom_score function in fs/proc/base.c in the Linux kernel before 2.6.34-rc4 uses inappropriate data structures during selection of a candidate for the OOM killer, which might allow local users to cause a denial of service via unspecified patterns of task creation.

EPSS: Низкий
github логотип

GHSA-2gh8-gx83-42h9

больше 3 лет назад

LemonLDAP::NG -2.0.3 has Incorrect Access Control.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2gh8-gr6x-7q26

больше 3 лет назад

SOAPpy vulnerable to XXE attacks

EPSS: Низкий
github логотип

GHSA-2gh7-vr34-cxv5

почти 4 года назад

SQL injection vulnerability in albums.php in Ace Image Hosting Script allows remote authenticated users to execute arbitrary SQL commands via the id parameter in editalbum mode.

EPSS: Низкий
github логотип

GHSA-2gh6-wc3m-g37f

больше 1 года назад

hermes-management is vulnerable to RCE due to Apache commons-jxpath

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2gh6-8p4x-h863

почти 4 года назад

The Authenticated User Page Caching (Authcache) module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to cached pages, which allows remote attackers with the same role-combination as the superuser to obtain sensitive information via the cached pages of the superuser.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-2gh4-q9qq-fc54

около 2 лет назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Mega – Absolute Addons For Elementor allows Reflected XSS.This issue affects HT Mega – Absolute Addons For Elementor: from n/a through 2.3.8.

CVSS3: 7.1
EPSS: Низкий
github логотип

GHSA-2gh3-rmm4-6rq5

11 месяцев назад

Crash due to uncontrolled recursion in protobuf crate

EPSS: Низкий
github логотип

GHSA-2gh3-6gpq-7rmj

почти 2 года назад

Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21829.

CVSS3: 3.3
EPSS: Низкий
github логотип

GHSA-2gh2-2xq4-xqwf

больше 3 лет назад

Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF).

CVSS3: 8.8
EPSS: Средний
github логотип

GHSA-2ggx-v668-h3cf

около 2 лет назад

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the web-based management interface of an affected device.

CVSS3: 4.8
EPSS: Низкий
github логотип

GHSA-2ggx-jwwc-p8hr

больше 3 лет назад

Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action.

CVSS3: 9.8
EPSS: Средний
github логотип

GHSA-2ggw-rq7m-r35x

почти 4 года назад

Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted Shockwave file.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2ggw-q935-g2j9

больше 3 лет назад

The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, Enterprise Manager 2.1.0 through 2.3.0 and 3.0.0 through 3.1.1, and BIG-IQ Cloud, Device, and Security 4.0.0 through 4.3.0 allows remote administrators to execute arbitrary commands via shell metacharacters in the hostname element in a SOAP request.

EPSS: Средний
github логотип

GHSA-2ggw-fmhw-m4pr

почти 2 года назад

A vulnerability, which was classified as critical, was found in SourceCodester PHP Task Management System 1.0. Affected is an unknown function of the file admin-manage-user.php. The manipulation of the argument admin_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259068.

CVSS3: 6.3
EPSS: Низкий
github логотип

GHSA-2ggw-8gmc-r2gq

больше 3 лет назад

Liferay Portal XSS vulnerability via movie parameter in the /html/portal/flash.jsp page

CVSS3: 6.1
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2ghc-6v89-pw9j

body-parser-xml vulnerable to Prototype Pollution

CVSS3: 7.6
0%
Низкий
больше 4 лет назад
github логотип
GHSA-2gh9-j675-j2ff

An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected user.

CVSS3: 6.1
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2gh9-f6jf-23hq

Use of Externally-Controlled Format String vulnerability in Merge DICOM Toolkit C/C++ on Windows. When MC_Open_Association() function is used to open DICOM Association and gets DICOM Application Context Name with illegal characters, it might result in an unhandled exception.

CVSS3: 5.7
0%
Низкий
почти 2 года назад
github логотип
GHSA-2gh8-q6wj-fwpq

Cross-site scripting (XSS) vulnerability in the Devel module before 5.x-0.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via a site variable, related to lack of escaping of the variable table.

0%
Низкий
почти 4 года назад
github логотип
GHSA-2gh8-prg6-5v63

The proc_oom_score function in fs/proc/base.c in the Linux kernel before 2.6.34-rc4 uses inappropriate data structures during selection of a candidate for the OOM killer, which might allow local users to cause a denial of service via unspecified patterns of task creation.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2gh8-gx83-42h9

LemonLDAP::NG -2.0.3 has Incorrect Access Control.

CVSS3: 9.8
1%
Низкий
больше 3 лет назад
github логотип
GHSA-2gh8-gr6x-7q26

SOAPpy vulnerable to XXE attacks

1%
Низкий
больше 3 лет назад
github логотип
GHSA-2gh7-vr34-cxv5

SQL injection vulnerability in albums.php in Ace Image Hosting Script allows remote authenticated users to execute arbitrary SQL commands via the id parameter in editalbum mode.

0%
Низкий
почти 4 года назад
github логотип
GHSA-2gh6-wc3m-g37f

hermes-management is vulnerable to RCE due to Apache commons-jxpath

CVSS3: 9.8
больше 1 года назад
github логотип
GHSA-2gh6-8p4x-h863

The Authenticated User Page Caching (Authcache) module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to cached pages, which allows remote attackers with the same role-combination as the superuser to obtain sensitive information via the cached pages of the superuser.

CVSS3: 6.5
0%
Низкий
почти 4 года назад
github логотип
GHSA-2gh4-q9qq-fc54

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Mega – Absolute Addons For Elementor allows Reflected XSS.This issue affects HT Mega – Absolute Addons For Elementor: from n/a through 2.3.8.

CVSS3: 7.1
0%
Низкий
около 2 лет назад
github логотип
GHSA-2gh3-rmm4-6rq5

Crash due to uncontrolled recursion in protobuf crate

0%
Низкий
11 месяцев назад
github логотип
GHSA-2gh3-6gpq-7rmj

Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21829.

CVSS3: 3.3
0%
Низкий
почти 2 года назад
github логотип
GHSA-2gh2-2xq4-xqwf

Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF).

CVSS3: 8.8
40%
Средний
больше 3 лет назад
github логотип
GHSA-2ggx-v668-h3cf

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the web-based management interface of an affected device.

CVSS3: 4.8
0%
Низкий
около 2 лет назад
github логотип
GHSA-2ggx-jwwc-p8hr

Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action.

CVSS3: 9.8
12%
Средний
больше 3 лет назад
github логотип
GHSA-2ggw-rq7m-r35x

Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted Shockwave file.

CVSS3: 8.8
8%
Низкий
почти 4 года назад
github логотип
GHSA-2ggw-q935-g2j9

The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, Enterprise Manager 2.1.0 through 2.3.0 and 3.0.0 through 3.1.1, and BIG-IQ Cloud, Device, and Security 4.0.0 through 4.3.0 allows remote administrators to execute arbitrary commands via shell metacharacters in the hostname element in a SOAP request.

65%
Средний
больше 3 лет назад
github логотип
GHSA-2ggw-fmhw-m4pr

A vulnerability, which was classified as critical, was found in SourceCodester PHP Task Management System 1.0. Affected is an unknown function of the file admin-manage-user.php. The manipulation of the argument admin_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259068.

CVSS3: 6.3
0%
Низкий
почти 2 года назад
github логотип
GHSA-2ggw-8gmc-r2gq

Liferay Portal XSS vulnerability via movie parameter in the /html/portal/flash.jsp page

CVSS3: 6.1
0%
Низкий
больше 3 лет назад

Уязвимостей на страницу