Live-Hack-CVE/CVE-2019-4156 IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158572. CVE project by @Sn0wAlice Create: 2023-02-04 06:06:56 +0000 UTC Push: 2023-02-04 06:06:58 +0000 UTC |

Live-Hack-CVE/CVE-2019-4157 IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158573. CVE project by @Sn0wAlice Create: 2023-02-04 06:06:52 +0000 UTC Push: 2023-02-04 06:06:54 +0000 UTC |

Live-Hack-CVE/CVE-2019-4250 IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust CVE project by @Sn0wAlice Create: 2023-02-04 06:06:48 +0000 UTC Push: 2023-02-04 06:06:51 +0000 UTC |

Live-Hack-CVE/CVE-2019-4295 IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker with specialized access to obtain highly sensitive from the credential vault. IBM X-Force ID: 160758. CVE project by @Sn0wAlice Create: 2023-02-04 06:06:45 +0000 UTC Push: 2023-02-04 06:06:47 +0000 UTC |

Live-Hack-CVE/CVE-2019-4269 IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console could allow a remote attacker to obtain sensitive information when a specially crafted url causes a stack trace to be dumped. IBM X-Force ID: 160202. CVE project by @Sn0wAlice Create: 2023-02-04 06:06:41 +0000 UTC Push: 2023-02-04 06:06:44 +0000 UTC |

Live-Hack-CVE/CVE-2019-4252 IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 159883. CVE project by @Sn0wAlice Create: 2023-02-04 06:06:38 +0000 UTC Push: 2023-02-04 06:06:40 +0000 UTC |

Live-Hack-CVE/CVE-2019-4296 IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file. IBM X-Force ID: 160759. CVE project by @Sn0wAlice Create: 2023-02-04 06:06:34 +0000 UTC Push: 2023-02-04 06:06:36 +0000 UTC |

Live-Hack-CVE/CVE-2019-4140 IBM Tivoli Storage Manager Server (IBM Spectrum Protect 7.1 and 8.1) could allow a local user to replace existing databases by restoring old data. IBM X-Force ID: 158336. CVE project by @Sn0wAlice Create: 2023-02-04 06:06:30 +0000 UTC Push: 2023-02-04 06:06:32 +0000 UTC |

Live-Hack-CVE/CVE-2019-4260 IBM Daeja ViewONE Professional, Standard & Virtual 5.0 through 5.0.5 could allow an unauthorized user to download server files resulting in sensitive information disclosure. IBM X-Force ID: 160012. CVE project by @Sn0wAlice Create: 2023-02-04 06:06:26 +0000 UTC Push: 2023-02-04 06:06:28 +0000 UTC |

Live-Hack-CVE/CVE-2019-17342 An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced. CVE project by @Sn0wAlice Create: 2023-02-04 06:06:22 +0000 UTC Push: 2023-02-04 06:06:24 +0000 UTC |

Live-Hack-CVE/CVE-2019-17350 An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-and-exchange operation. CVE project by @Sn0wAlice Create: 2023-02-04 06:06:18 +0000 UTC Push: 2023-02-04 06:06:21 +0000 UTC |

Live-Hack-CVE/CVE-2019-17341 An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device. CVE project by @Sn0wAlice Create: 2023-02-04 06:06:14 +0000 UTC Push: 2023-02-04 06:06:16 +0000 UTC |

Live-Hack-CVE/CVE-2019-4263 IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. IBM X-Force ID: 160015. CVE project by @Sn0wAlice Create: 2023-02-04 06:06:10 +0000 UTC Push: 2023-02-04 06:06:13 +0000 UTC |

Live-Hack-CVE/CVE-2019-4162 IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 is missing the HTTP Strict Transport Security header. Users can navigate by mistake to the unencrypted version of the web application or accept invalid certificates. This leads to sensitive data being sent unencrypted over the wire. IBM X-Force ID: 158661. CVE project by @Sn0wAlice Create: 2023-02-04 06:06:06 +0000 UTC Push: 2023-02-04 06:06:09 +0000 UTC |

Live-Hack-CVE/CVE-2019-4257 IBM InfoSphere Information Server 11.5 and 11.7 is affected by an information disclosure vulnerability. Sensitive information in an error message may be used to conduct further attacks against the system. IBM X-Force ID: 159945. CVE project by @Sn0wAlice Create: 2023-02-04 06:06:03 +0000 UTC Push: 2023-02-04 06:06:05 +0000 UTC |

Live-Hack-CVE/CVE-2019-4173 IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to read secret data from process memory an CVE project by @Sn0wAlice Create: 2023-02-04 06:05:59 +0000 UTC Push: 2023-02-04 06:06:01 +0000 UTC |

Live-Hack-CVE/CVE-2019-3612 Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1 HF2 and TIE prior to 2.3.1 HF1 allows Authenticated users to view sensitive information in plain text via the GUI or command line. CVE project by @Sn0wAlice Create: 2023-02-04 06:05:55 +0000 UTC Push: 2023-02-04 06:05:58 +0000 UTC |

Live-Hack-CVE/CVE-2019-4166 IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be truste CVE project by @Sn0wAlice Create: 2023-02-04 06:05:51 +0000 UTC Push: 2023-02-04 06:05:54 +0000 UTC |

Live-Hack-CVE/CVE-2020-10963 FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution) via admin/tips_image/image/file_upload image upload with PHP content within a GIF image that has the .php extension. NOTE: this product is discontinued. CVE project by @Sn0wAlice Create: 2023-02-04 06:05:47 +0000 UTC Push: 2023-02-04 06:05:50 +0000 UTC |

Live-Hack-CVE/CVE-2019-13748 Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE project by @Sn0wAlice Create: 2023-02-04 06:05:40 +0000 UTC Push: 2023-02-04 06:05:43 +0000 UTC |