Live-Hack-CVE/CVE-2019-15020 A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection. CVE project by @Sn0wAlice Create: 2023-02-15 14:48:08 +0000 UTC Push: 2023-02-15 14:48:10 +0000 UTC |

Live-Hack-CVE/CVE-2019-15019 A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector. CVE project by @Sn0wAlice Create: 2023-02-15 14:48:04 +0000 UTC Push: 2023-02-15 14:48:07 +0000 UTC |

Live-Hack-CVE/CVE-2019-15023 A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration. CVE project by @Sn0wAlice Create: 2023-02-15 14:48:01 +0000 UTC Push: 2023-02-15 14:48:03 +0000 UTC |

Live-Hack-CVE/CVE-2019-15022 A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing. CVE project by @Sn0wAlice Create: 2023-02-15 14:47:57 +0000 UTC Push: 2023-02-15 14:47:59 +0000 UTC |

Live-Hack-CVE/CVE-2019-1584 A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an attacker's cloud endpoint. CVE project by @Sn0wAlice Create: 2023-02-15 14:47:53 +0000 UTC Push: 2023-02-15 14:47:56 +0000 UTC |

Live-Hack-CVE/CVE-2023-20949 In s2mpg11_pmic_probe of s2mpg11-regulator.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-259323 CVE project by @Sn0wAlice Create: 2023-02-15 14:47:48 +0000 UTC Push: 2023-02-15 14:47:50 +0000 UTC |

Live-Hack-CVE/CVE-2023-20927 In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-24 CVE project by @Sn0wAlice Create: 2023-02-15 14:47:44 +0000 UTC Push: 2023-02-15 14:47:47 +0000 UTC |

Live-Hack-CVE/CVE-2022-32953 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the SdHostDriver buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated by using IOMMU protection for the ACPI r CVE project by @Sn0wAlice Create: 2023-02-15 14:47:41 +0000 UTC Push: 2023-02-15 14:47:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-32476 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the AhciBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI CVE project by @Sn0wAlice Create: 2023-02-15 14:47:37 +0000 UTC Push: 2023-02-15 14:47:39 +0000 UTC |

Live-Hack-CVE/CVE-2022-32473 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the HddPassword shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACP CVE project by @Sn0wAlice Create: 2023-02-15 14:47:34 +0000 UTC Push: 2023-02-15 14:47:36 +0000 UTC |

Live-Hack-CVE/CVE-2022-32470 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the FwBlockServiceSmm shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for t CVE project by @Sn0wAlice Create: 2023-02-15 14:47:30 +0000 UTC Push: 2023-02-15 14:47:33 +0000 UTC |

Live-Hack-CVE/CVE-2023-25011 PC settings tool Ver10.1.26.0 and earlier, PC settings tool Ver11.0.22.0 and earlier allows a attacker to write to the registry as administrator privileges with standard user privileges. CVE project by @Sn0wAlice Create: 2023-02-15 14:47:27 +0000 UTC Push: 2023-02-15 14:47:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-47373 Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malicious JavaScript payload. CVE project by @Sn0wAlice Create: 2023-02-15 14:47:23 +0000 UTC Push: 2023-02-15 14:47:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-47372 Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability by injecting XSS payloads on popular pages of a site or passing a link to a victim, tricking them into viewing the page that contains the stored XSS payload. CVE project by @Sn0wAlice Create: 2023-02-15 14:47:19 +0000 UTC Push: 2023-02-15 14:47:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-45437 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all allows Cross-Site Scripting (XSS). A user with edition privileges can create a Payload in the reporting dashboard module. An admin user can observe the Payload without interaction an CVE project by @Sn0wAlice Create: 2023-02-15 14:47:16 +0000 UTC Push: 2023-02-15 14:47:18 +0000 UTC |

Live-Hack-CVE/CVE-2022-45436 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting (XSS). As a manager privilege user , create a network map containing name as xss payload. Once created, admin user must click on the edit netwo CVE project by @Sn0wAlice Create: 2023-02-15 14:47:12 +0000 UTC Push: 2023-02-15 14:47:14 +0000 UTC |

Live-Hack-CVE/CVE-2022-25978 All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme. CVE project by @Sn0wAlice Create: 2023-02-15 14:47:09 +0000 UTC Push: 2023-02-15 14:47:11 +0000 UTC |

Small-ears/CVE-2023-0297 poc Create: 2023-02-15 14:28:40 +0000 UTC Push: 2023-02-15 14:28:41 +0000 UTC |

bypazs/CVE-2023-26982 Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function. Create: 2023-02-15 12:49:38 +0000 UTC Push: 2023-03-29 02:00:52 +0000 UTC |

Live-Hack-CVE/CVE-2023-23618 Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, when `gitk` is run on Windows, it potentially runs executables from the current directory inadvertently, which can be exploited with some social engineering to trick users into running untrusted code. A patc CVE project by @Sn0wAlice Create: 2023-02-15 10:18:05 +0000 UTC Push: 2023-02-15 10:18:07 +0000 UTC |