Live-Hack-CVE/CVE-2019-4309 IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard coded credentials which could allow a local user to obtain highly sensitive information. IBM X-Force ID: 161035. CVE project by @Sn0wAlice Create: 2023-02-04 09:29:04 +0000 UTC Push: 2023-02-04 09:29:07 +0000 UTC |

Live-Hack-CVE/CVE-2019-3721 Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain an Improper Range Header Processing Vulnerability. A remote unauthenticated attacker may send crafted requests with overlapping ranges to cause the application to compress each of the requested bytes, resulting in a crash due to excessive CVE project by @Sn0wAlice Create: 2023-02-04 09:29:01 +0000 UTC Push: 2023-02-04 09:29:03 +0000 UTC |

Live-Hack-CVE/CVE-2019-13725 Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page. CVE project by @Sn0wAlice Create: 2023-02-04 09:28:57 +0000 UTC Push: 2023-02-04 09:29:00 +0000 UTC |

Live-Hack-CVE/CVE-2019-18422 An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. When an exception occurs on an ARM system which is handled without changing process CVE project by @Sn0wAlice Create: 2023-02-04 09:28:54 +0000 UTC Push: 2023-02-04 09:28:56 +0000 UTC |

Live-Hack-CVE/CVE-2021-45868 In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file. CVE project by @Sn0wAlice Create: 2023-02-04 09:28:48 +0000 UTC Push: 2023-02-04 09:28:51 +0000 UTC |

Live-Hack-CVE/CVE-2019-13750 Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page. CVE project by @Sn0wAlice Create: 2023-02-04 09:28:44 +0000 UTC Push: 2023-02-04 09:28:47 +0000 UTC |

Live-Hack-CVE/CVE-2019-13754 Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE project by @Sn0wAlice Create: 2023-02-04 09:28:41 +0000 UTC Push: 2023-02-04 09:28:43 +0000 UTC |

Live-Hack-CVE/CVE-2021-24374 The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leake CVE project by @Sn0wAlice Create: 2023-02-04 09:28:37 +0000 UTC Push: 2023-02-04 09:28:39 +0000 UTC |

Live-Hack-CVE/CVE-2019-13749 Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE project by @Sn0wAlice Create: 2023-02-04 09:28:33 +0000 UTC Push: 2023-02-04 09:28:36 +0000 UTC |

Live-Hack-CVE/CVE-2019-10440 Jenkins NeoLoad Plugin 2.2.5 and earlier stored credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. CVE project by @Sn0wAlice Create: 2023-02-04 09:28:30 +0000 UTC Push: 2023-02-04 09:28:32 +0000 UTC |

Live-Hack-CVE/CVE-2019-10443 Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. CVE project by @Sn0wAlice Create: 2023-02-04 09:28:26 +0000 UTC Push: 2023-02-04 09:28:29 +0000 UTC |

Live-Hack-CVE/CVE-2023-24806 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE project by @Sn0wAlice Create: 2023-02-04 09:28:23 +0000 UTC Push: 2023-02-04 09:28:25 +0000 UTC |

Live-Hack-CVE/CVE-2013-10018 A vulnerability was found in fanzila WebFinance 0.5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file htdocs/prospection/save_contact.php. The manipulation of the argument nom/prenom/email/tel/mobile/client/fonction/note leads to sql injection. The name of the pat CVE project by @Sn0wAlice Create: 2023-02-04 09:28:19 +0000 UTC Push: 2023-02-04 09:28:22 +0000 UTC |

Live-Hack-CVE/CVE-2013-10017 A vulnerability was found in fanzila WebFinance 0.5. It has been classified as critical. Affected is an unknown function of the file htdocs/admin/save_roles.php. The manipulation of the argument id leads to sql injection. The name of the patch is 6cfeb2f6b35c1b3a7320add07cd0493e4f752af3. It is recommended to apply a pa CVE project by @Sn0wAlice Create: 2023-02-04 09:28:16 +0000 UTC Push: 2023-02-04 09:28:18 +0000 UTC |

Live-Hack-CVE/CVE-2022-28711 A memory corruption vulnerability exists in the cgi.c unescape functionality of ArduPilot APWeb master branch 50b6b7ac - master branch 46177cb9. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. CVE project by @Sn0wAlice Create: 2023-02-04 09:28:12 +0000 UTC Push: 2023-02-04 09:28:15 +0000 UTC |

Live-Hack-CVE/CVE-2019-15015 In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system. CVE project by @Sn0wAlice Create: 2023-02-04 09:28:09 +0000 UTC Push: 2023-02-04 09:28:11 +0000 UTC |

Live-Hack-CVE/CVE-2019-15016 An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database. CVE project by @Sn0wAlice Create: 2023-02-04 09:28:05 +0000 UTC Push: 2023-02-04 09:28:07 +0000 UTC |

Live-Hack-CVE/CVE-2019-15017 The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials. CVE project by @Sn0wAlice Create: 2023-02-04 09:28:02 +0000 UTC Push: 2023-02-04 09:28:04 +0000 UTC |

Live-Hack-CVE/CVE-2019-16972 In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. CVE project by @Sn0wAlice Create: 2023-02-04 08:21:33 +0000 UTC Push: 2023-02-04 08:21:35 +0000 UTC |

Live-Hack-CVE/CVE-2019-16968 An issue was discovered in FusionPBX up to 4.5.7. In the file app\conference_controls\conference_control_details.php, an unsanitized id variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. CVE project by @Sn0wAlice Create: 2023-02-04 08:21:29 +0000 UTC Push: 2023-02-04 08:21:31 +0000 UTC |