CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10031 – purpleparrots 491-Project Highscore update.php sql injection
https://notcve.org/view.php?id=CVE-2015-10031
A vulnerability classified as critical was found in purpleparrots 491-Project. This vulnerability affects unknown code of the file update.php of the component Highscore Handler. The manipulation leads to sql injection. The name of the patch is a812a5e4cf72f2a635a716086fe1ee2b8fa0b1ab. It is recommended to apply a patch to fix this issue. • https://github.com/purpleparrots/491-Project/commit/a812a5e4cf72f2a635a716086fe1ee2b8fa0b1ab https://vuldb.com/?ctiid.217648 https://vuldb.com/?id.217648 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-25084 – Hide Files on GitHub options.js addEventListener cross site scripting
https://notcve.org/view.php?id=CVE-2019-25084
A vulnerability, which was classified as problematic, has been found in Hide Files on GitHub up to 2.x. This issue affects the function addEventListener of the file extension/options.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.0.0 is able to address this issue. • https://github.com/sindresorhus/hide-files-on-github/commit/9de0c57df81db1178e0e79431d462f6d9842742e https://github.com/sindresorhus/hide-files-on-github/pull/73 https://github.com/sindresorhus/hide-files-on-github/releases/tag/3.0.0 https://vuldb.com/?ctiid.216767 https://vuldb.com/?id.216767 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2022-46256 – Path traversal in GitHub Enterprise Server leading to remote code execution in GitHub Pages
https://notcve.org/view.php?id=CVE-2022-46256
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, 3.6.5 and 3.7.2. This vulnerability was reported via the GitHub Bug Bounty program. Se identificó una vulnerabilidad de path traversal en GitHub Enterprise Server que permitía la ejecución remota de código al crear un sitio de GitHub Pages. • https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.17 https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.12 https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.9 https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.5 https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2022-23741 – Incorrect authorization in GitHub Enterprise Server token generation leading to full admin access
https://notcve.org/view.php?id=CVE-2022-23741
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, and 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program. Se identificó una vulnerabilidad de autorización incorrecta en GitHub Enterprise Server que permitió que un token de usuario a servidor con alcance escalara a privilegios completos de administrador/propietario. • https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.17 https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.12 https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.9 https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.5 • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46255 – Improper Limitation of a Pathname to a Restricted Directory in GitHub Enterprise Server leading to RCE
https://notcve.org/view.php?id=CVE-2022-46255
An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. A check was added within Pages to ensure the working directory is clean before unpacking new content to prevent an arbitrary file overwrite bug. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program. Se identificó una limitación inadecuada de un nombre de ruta a una vulnerabilidad de directorio restringido en GitHub Enterprise Server que permitía la ejecución remota de código. • https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •