Количество 312 573
Количество 312 573
GHSA-29mx-gmwr-vhpf
Cross-site scripting (XSS) vulnerability in MyBB before 1.6.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "usernames via AJAX."
GHSA-29mx-8r38-hfxq
** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote attackers to gain escalated privileges via via phpcgi_main. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
GHSA-29mx-4gvm-rgfp
Tenda AC7 V1.0 V15.03.06.44 and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter entrys and mitInterface at url /goform/addressNat.
GHSA-29mw-wpgm-hmr9
Regular Expression Denial of Service (ReDoS) in lodash
GHSA-29mw-f55p-xcww
Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a reflected and stored authenticated XSS due to the lack of propper validation of user inputs 'tname' parameter via GET and, 'teamleadname', 'teammember' and 'teamname' parameters via POST at the endpoint '/ofrs/admin/edit-team.php'. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal its cookie session details.
GHSA-29mv-jj69-j88c
Rejected reason: Not used
GHSA-29mv-gccw-23pv
The doFilter method in UrlAccessController in HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI.
GHSA-29mr-mxx6-f3f5
SQL injection vulnerability in the Pulse Infotech Sponsor Wall (com_sponsorwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
GHSA-29mr-gr4c-vf9c
Magento 2 Community Edition XSS Vulnerability
GHSA-29mr-2jgg-289p
PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files.
GHSA-29mq-gwwx-vg5f
Multiple PHP remote file inclusion vulnerabilities in the OpenWiki (formerly JD-Wiki) component (com_jd-wiki) 1.0.2, and possibly earlier, for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) dwpage.php or (2) wantedpages.php, different vectors than CVE-2006-4074. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
GHSA-29mq-c452-8pvf
Denial-of-service condition in M-Files Server versions before 25.11.15392.1 allows an authenticated user to cause the MFserver process to crash.
GHSA-29mq-6jwf-w4hx
Heap-based buffer overflow in SW3eng.exe in the eID Engine service in CA (formerly Computer Associates) eTrust Intrusion Detection 3.0.5.57 and earlier allows remote attackers to cause a denial of service (application crash) via a long key length value to the remote administration port (9191/tcp).
GHSA-29mq-29c5-43rg
The authentication-proxy implementation on Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1 and 8.2 before 8.2(5.38), 8.3 before 8.3(2.37), 8.4 before 8.4(5.3), 8.5 and 8.6 before 8.6(1.10), 8.7 before 8.7(1.4), 9.0 before 9.0(1.1), and 9.1 before 9.1(1.2) allows remote attackers to cause a denial of service (device reload) via a crafted URL, aka Bug ID CSCud16590.
GHSA-29mp-vjf6-73c4
Buffer overflow in Red Faction client 1.20 and earlier allows remote servers to execute arbitrary code via a long server name.
GHSA-29mp-2hx5-9mm4
Cross-site scripting (XSS) vulnerability in customreport.jsp in IBM Maximo Asset Management 7.5.x before 7.5.0.5 IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.
GHSA-29mm-w894-gvhw
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an integer overflow vulnerability. Successful exploitation could lead to information disclosure.
GHSA-29mm-6j7g-rc29
The Export and Import Users and Customers plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.6.2 via the download_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary log files on the server, which can contain sensitive information.
GHSA-29mj-gxqm-6x8c
ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example self-signed certificate on each system, which allows remote attackers to decrypt sessions.
GHSA-29mh-w3r4-79cm
Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-29mx-gmwr-vhpf Cross-site scripting (XSS) vulnerability in MyBB before 1.6.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "usernames via AJAX." | 0% Низкий | больше 3 лет назад | ||
GHSA-29mx-8r38-hfxq ** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote attackers to gain escalated privileges via via phpcgi_main. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | CVSS3: 9.8 | 0% Низкий | больше 2 лет назад | |
GHSA-29mx-4gvm-rgfp Tenda AC7 V1.0 V15.03.06.44 and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter entrys and mitInterface at url /goform/addressNat. | CVSS3: 9.8 | 0% Низкий | больше 2 лет назад | |
GHSA-29mw-wpgm-hmr9 Regular Expression Denial of Service (ReDoS) in lodash | CVSS3: 5.3 | 0% Низкий | около 4 лет назад | |
GHSA-29mw-f55p-xcww Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a reflected and stored authenticated XSS due to the lack of propper validation of user inputs 'tname' parameter via GET and, 'teamleadname', 'teammember' and 'teamname' parameters via POST at the endpoint '/ofrs/admin/edit-team.php'. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal its cookie session details. | CVSS3: 5.4 | 0% Низкий | 5 месяцев назад | |
GHSA-29mv-jj69-j88c Rejected reason: Not used | около 1 месяца назад | |||
GHSA-29mv-gccw-23pv The doFilter method in UrlAccessController in HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI. | CVSS3: 9.8 | 64% Средний | больше 3 лет назад | |
GHSA-29mr-mxx6-f3f5 SQL injection vulnerability in the Pulse Infotech Sponsor Wall (com_sponsorwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | 2% Низкий | больше 3 лет назад | ||
GHSA-29mr-gr4c-vf9c Magento 2 Community Edition XSS Vulnerability | CVSS3: 4.8 | 2% Низкий | больше 3 лет назад | |
GHSA-29mr-2jgg-289p PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files. | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад | |
GHSA-29mq-gwwx-vg5f Multiple PHP remote file inclusion vulnerabilities in the OpenWiki (formerly JD-Wiki) component (com_jd-wiki) 1.0.2, and possibly earlier, for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) dwpage.php or (2) wantedpages.php, different vectors than CVE-2006-4074. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 0% Низкий | почти 4 года назад | ||
GHSA-29mq-c452-8pvf Denial-of-service condition in M-Files Server versions before 25.11.15392.1 allows an authenticated user to cause the MFserver process to crash. | CVSS3: 6.5 | 0% Низкий | 3 месяца назад | |
GHSA-29mq-6jwf-w4hx Heap-based buffer overflow in SW3eng.exe in the eID Engine service in CA (formerly Computer Associates) eTrust Intrusion Detection 3.0.5.57 and earlier allows remote attackers to cause a denial of service (application crash) via a long key length value to the remote administration port (9191/tcp). | 3% Низкий | почти 4 года назад | ||
GHSA-29mq-29c5-43rg The authentication-proxy implementation on Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1 and 8.2 before 8.2(5.38), 8.3 before 8.3(2.37), 8.4 before 8.4(5.3), 8.5 and 8.6 before 8.6(1.10), 8.7 before 8.7(1.4), 9.0 before 9.0(1.1), and 9.1 before 9.1(1.2) allows remote attackers to cause a denial of service (device reload) via a crafted URL, aka Bug ID CSCud16590. | 1% Низкий | больше 3 лет назад | ||
GHSA-29mp-vjf6-73c4 Buffer overflow in Red Faction client 1.20 and earlier allows remote servers to execute arbitrary code via a long server name. | 5% Низкий | почти 4 года назад | ||
GHSA-29mp-2hx5-9mm4 Cross-site scripting (XSS) vulnerability in customreport.jsp in IBM Maximo Asset Management 7.5.x before 7.5.0.5 IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified parameters. | 0% Низкий | больше 3 лет назад | ||
GHSA-29mm-w894-gvhw Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an integer overflow vulnerability. Successful exploitation could lead to information disclosure. | CVSS3: 6.5 | 2% Низкий | больше 3 лет назад | |
GHSA-29mm-6j7g-rc29 The Export and Import Users and Customers plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.6.2 via the download_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary log files on the server, which can contain sensitive information. | CVSS3: 4.9 | 0% Низкий | 11 месяцев назад | |
GHSA-29mj-gxqm-6x8c ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example self-signed certificate on each system, which allows remote attackers to decrypt sessions. | 0% Низкий | почти 4 года назад | ||
GHSA-29mh-w3r4-79cm Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress. | CVSS3: 6.1 | 0% Низкий | около 3 лет назад |
Уязвимостей на страницу