Live-Hack-CVE/CVE-2023-24141 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingTimeOut parameter in the setNetworkDiag function. CVE project by @Sn0wAlice Create: 2023-02-11 00:30:08 +0000 UTC Push: 2023-02-11 00:30:11 +0000 UTC |

Live-Hack-CVE/CVE-2023-24142 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingSize parameter in the setNetworkDiag function. CVE project by @Sn0wAlice Create: 2023-02-11 00:30:04 +0000 UTC Push: 2023-02-11 00:30:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-24144 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hour parameter in the setRebootScheCfg function. CVE project by @Sn0wAlice Create: 2023-02-11 00:30:00 +0000 UTC Push: 2023-02-11 00:30:02 +0000 UTC |

Live-Hack-CVE/CVE-2023-24143 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagTracertHop parameter in the setNetworkDiag function. CVE project by @Sn0wAlice Create: 2023-02-11 00:29:56 +0000 UTC Push: 2023-02-11 00:29:58 +0000 UTC |

dhina016/CVE-2022-47986 Create: 2023-02-10 21:16:42 +0000 UTC Push: 2023-02-10 21:17:09 +0000 UTC |

0xf4n9x/CVE-2023-0669 CVE-2023-0669 GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. Create: 2023-02-10 21:02:55 +0000 UTC Push: 2023-02-11 15:18:39 +0000 UTC |

PyterSmithDarkGhost/CVE-2023-24055-PoC-KeePass-2.5x- Create: 2023-02-10 20:04:29 +0000 UTC Push: 2023-02-10 20:04:29 +0000 UTC |

DickDock/CVE-2022-46166 CVE-2022-46166 靶场环境 Create: 2023-02-10 16:29:24 +0000 UTC Push: 2023-02-10 16:29:30 +0000 UTC |

houquanen/POC_CVE-2018-19518 Create: 2023-02-10 15:47:54 +0000 UTC Push: 2023-02-10 15:47:55 +0000 UTC |

UNICORDev/exploit-CVE-2022-25765 Exploit for CVE-2022–25765 (pdfkit) - Command Injection Create: 2023-02-10 08:50:35 +0000 UTC Push: 2023-02-24 10:29:15 +0000 UTC |

Live-Hack-CVE/CVE-2023-24689 An issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files inside the root path of the webserver via manipulation of the "s" parameter in /DesignTools/ManageSkin.aspx CVE project by @Sn0wAlice Create: 2023-02-10 05:53:40 +0000 UTC Push: 2023-02-10 05:53:43 +0000 UTC |

Live-Hack-CVE/CVE-2023-24688 An issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to register a new user even if the Allow User Registrations feature is disabled. CVE project by @Sn0wAlice Create: 2023-02-10 05:53:36 +0000 UTC Push: 2023-02-10 05:53:39 +0000 UTC |

Live-Hack-CVE/CVE-2023-24687 Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Company Info Settings component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtCompanyName parameter. CVE project by @Sn0wAlice Create: 2023-02-10 05:53:32 +0000 UTC Push: 2023-02-10 05:53:35 +0000 UTC |

Live-Hack-CVE/CVE-2023-24323 Mojoportal v2.7 was discovered to contain an authenticated XML external entity (XXE) injection vulnerability. CVE project by @Sn0wAlice Create: 2023-02-10 05:53:28 +0000 UTC Push: 2023-02-10 05:53:31 +0000 UTC |

Live-Hack-CVE/CVE-2023-24322 A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters. CVE project by @Sn0wAlice Create: 2023-02-10 05:53:25 +0000 UTC Push: 2023-02-10 05:53:27 +0000 UTC |

Live-Hack-CVE/CVE-2023-23912 A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote CVE project by @Sn0wAlice Create: 2023-02-10 05:53:22 +0000 UTC Push: 2023-02-10 05:53:24 +0000 UTC |

Live-Hack-CVE/CVE-2023-22799 A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately. CVE project by @Sn0wAlice Create: 2023-02-10 05:53:18 +0000 UTC Push: 2023-02-10 05:53:20 +0000 UTC |

Live-Hack-CVE/CVE-2023-22798 Prior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0, https://github.com/brave/adblock-lists removed redirect interceptors on some websites like Facebook in which the redirect interceptor may have been there for security purposes. This could potentially cause open redirects on these websites. Brave's redirect inter CVE project by @Sn0wAlice Create: 2023-02-10 05:53:14 +0000 UTC Push: 2023-02-10 05:53:16 +0000 UTC |

Live-Hack-CVE/CVE-2023-22797 An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefu CVE project by @Sn0wAlice Create: 2023-02-10 05:53:10 +0000 UTC Push: 2023-02-10 05:53:13 +0000 UTC |

Live-Hack-CVE/CVE-2023-22796 A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible CVE project by @Sn0wAlice Create: 2023-02-10 05:53:06 +0000 UTC Push: 2023-02-10 05:53:09 +0000 UTC |