Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-29qj-rvv6-qrmv

больше 4 лет назад

Cross-site scripting in RESTEasy

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-29qh-xc29-vp82

больше 3 лет назад

Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-29qh-hx6x-v52x

8 месяцев назад

A vulnerability classified as critical was found in code-projects Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /messageexec.php. The manipulation of the argument Name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 7.3
EPSS: Низкий
github логотип

GHSA-29qg-j923-rv8r

около 1 года назад

An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. On successful exploitation the attacker could cause high impact on confidentiality and integrity of the application.

CVSS3: 6.3
EPSS: Низкий
github логотип

GHSA-29qg-42xm-553c

8 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: can: bcm: add locking for bcm_op runtime updates The CAN broadcast manager (CAN BCM) can send a sequence of CAN frames via hrtimer. The content and also the length of the sequence can be changed resp reduced at runtime where the 'currframe' counter is then set to zero. Although this appeared to be a safe operation the updates of 'currframe' can be triggered from user space and hrtimer context in bcm_can_tx(). Anderson Nascimento created a proof of concept that triggered a KASAN slab-out-of-bounds read access which can be prevented with a spin_lock_bh. At the rework of bcm_can_tx() the 'count' variable has been moved into the protected section as this variable can be modified from both contexts too.

CVSS3: 7.1
EPSS: Низкий
github логотип

GHSA-29qf-rp4c-j9r3

больше 3 лет назад

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability specifically focuses on the unsafe use of the `WL_WPAPSK` configuration value in the function located at offset `0x1c7d28` of firmware 6.9Z.

CVSS3: 10
EPSS: Низкий
github логотип

GHSA-29qf-mcv8-6r89

почти 4 года назад

Cross-site scripting (XSS) vulnerability in Caching Proxy (CP) 5.1 through 6.1 in IBM WebSphere Edge Server, when CGI mapping rules are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger injection into an error response.

EPSS: Низкий
github логотип

GHSA-29qc-hqrg-8mpw

почти 4 года назад

CRLF injection vulnerability in phpMyVisites before 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the url parameter, when the pagename parameter begins with "FILE:".

EPSS: Низкий
github логотип

GHSA-29qc-f8cr-rmg5

почти 3 года назад

An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The disclosed information is for Diagnostics Agent Connection via Java SCS Message Server of an SAP Solution Manager system and can only be accessed by authenticated SAP Landscape Management users, but they can escalate their privileges to the SAP Solution Manager system.

CVSS3: 8.7
EPSS: Низкий
github логотип

GHSA-29qc-7h9x-7mpw

почти 4 года назад

Unrestricted file upload vulnerability in config/upload.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to upload and execute arbitrary PHP files in images/, possibly related to config/admin.php.

EPSS: Низкий
github логотип

GHSA-29q9-j4j7-vqf4

больше 3 лет назад

Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via access_token.php.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-29q9-4h2h-9p7g

почти 4 года назад

Cisco Catalyst 2900 Virtual LAN (VLAN) switches allow remote attackers to inject 802.1q frames into another VLAN by forging the VLAN identifier in the trunking tag.

EPSS: Низкий
github логотип

GHSA-29q8-r6j6-rcv6

10 месяцев назад

HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.

CVSS3: 6.3
EPSS: Низкий
github логотип

GHSA-29q7-v5hv-33hm

больше 3 лет назад

Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps Server 2010 SP2 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability."

EPSS: Средний
github логотип

GHSA-29q6-xr6f-w93f

больше 3 лет назад

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier allow remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message, a similar issue to CVE-2014-3572.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-29q6-p2cg-4v23

больше 3 лет назад

Arbitrary file write vulnerability in Jenkins Pipeline: Input Step Plugin

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-29q6-h2f3-x724

почти 2 года назад

Missing Authorization vulnerability in AddonMaster Post Grid Master.This issue affects Post Grid Master: from n/a through 3.4.7.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-29q6-2h5v-5h96

больше 3 лет назад

SQL injection vulnerability in comments.php in WSN Links 2.20 allows remote attackers to execute arbitrary SQL commands via the id parameter.

EPSS: Низкий
github логотип

GHSA-29q4-jv6w-vrg6

больше 3 лет назад

IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

EPSS: Низкий
github логотип

GHSA-29q4-gxjq-rx5c

почти 5 лет назад

Remote Code Execution in SCIMono

EPSS: Высокий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-29qj-rvv6-qrmv

Cross-site scripting in RESTEasy

CVSS3: 5.4
0%
Низкий
больше 4 лет назад
github логотип
GHSA-29qh-xc29-vp82

Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS3: 6.1
0%
Низкий
больше 3 лет назад
github логотип
GHSA-29qh-hx6x-v52x

A vulnerability classified as critical was found in code-projects Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /messageexec.php. The manipulation of the argument Name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 7.3
0%
Низкий
8 месяцев назад
github логотип
GHSA-29qg-j923-rv8r

An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. On successful exploitation the attacker could cause high impact on confidentiality and integrity of the application.

CVSS3: 6.3
0%
Низкий
около 1 года назад
github логотип
GHSA-29qg-42xm-553c

In the Linux kernel, the following vulnerability has been resolved: can: bcm: add locking for bcm_op runtime updates The CAN broadcast manager (CAN BCM) can send a sequence of CAN frames via hrtimer. The content and also the length of the sequence can be changed resp reduced at runtime where the 'currframe' counter is then set to zero. Although this appeared to be a safe operation the updates of 'currframe' can be triggered from user space and hrtimer context in bcm_can_tx(). Anderson Nascimento created a proof of concept that triggered a KASAN slab-out-of-bounds read access which can be prevented with a spin_lock_bh. At the rework of bcm_can_tx() the 'count' variable has been moved into the protected section as this variable can be modified from both contexts too.

CVSS3: 7.1
0%
Низкий
8 месяцев назад
github логотип
GHSA-29qf-rp4c-j9r3

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability specifically focuses on the unsafe use of the `WL_WPAPSK` configuration value in the function located at offset `0x1c7d28` of firmware 6.9Z.

CVSS3: 10
1%
Низкий
больше 3 лет назад
github логотип
GHSA-29qf-mcv8-6r89

Cross-site scripting (XSS) vulnerability in Caching Proxy (CP) 5.1 through 6.1 in IBM WebSphere Edge Server, when CGI mapping rules are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger injection into an error response.

0%
Низкий
почти 4 года назад
github логотип
GHSA-29qc-hqrg-8mpw

CRLF injection vulnerability in phpMyVisites before 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the url parameter, when the pagename parameter begins with "FILE:".

1%
Низкий
почти 4 года назад
github логотип
GHSA-29qc-f8cr-rmg5

An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The disclosed information is for Diagnostics Agent Connection via Java SCS Message Server of an SAP Solution Manager system and can only be accessed by authenticated SAP Landscape Management users, but they can escalate their privileges to the SAP Solution Manager system.

CVSS3: 8.7
0%
Низкий
почти 3 года назад
github логотип
GHSA-29qc-7h9x-7mpw

Unrestricted file upload vulnerability in config/upload.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to upload and execute arbitrary PHP files in images/, possibly related to config/admin.php.

1%
Низкий
почти 4 года назад
github логотип
GHSA-29q9-j4j7-vqf4

Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via access_token.php.

CVSS3: 6.1
5%
Низкий
больше 3 лет назад
github логотип
GHSA-29q9-4h2h-9p7g

Cisco Catalyst 2900 Virtual LAN (VLAN) switches allow remote attackers to inject 802.1q frames into another VLAN by forging the VLAN identifier in the trunking tag.

1%
Низкий
почти 4 года назад
github логотип
GHSA-29q8-r6j6-rcv6

HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.

CVSS3: 6.3
0%
Низкий
10 месяцев назад
github логотип
GHSA-29q7-v5hv-33hm

Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps Server 2010 SP2 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability."

55%
Средний
больше 3 лет назад
github логотип
GHSA-29q6-xr6f-w93f

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier allow remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message, a similar issue to CVE-2014-3572.

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-29q6-p2cg-4v23

Arbitrary file write vulnerability in Jenkins Pipeline: Input Step Plugin

CVSS3: 8.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-29q6-h2f3-x724

Missing Authorization vulnerability in AddonMaster Post Grid Master.This issue affects Post Grid Master: from n/a through 3.4.7.

CVSS3: 5.3
0%
Низкий
почти 2 года назад
github логотип
GHSA-29q6-2h5v-5h96

SQL injection vulnerability in comments.php in WSN Links 2.20 allows remote attackers to execute arbitrary SQL commands via the id parameter.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-29q4-jv6w-vrg6

IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-29q4-gxjq-rx5c

Remote Code Execution in SCIMono

86%
Высокий
почти 5 лет назад

Уязвимостей на страницу