Live-Hack-CVE/CVE-2022-4902 A vulnerability classified as problematic has been found in eXo Chat Application. Affected is an unknown function of the file application/src/main/webapp/vue-app/components/ExoChatMessageComposer.vue of the component Mention Handler. The manipulation leads to cross site scripting. It is possible to launch the attack re CVE project by @Sn0wAlice Create: 2023-02-15 03:39:13 +0000 UTC Push: 2023-02-15 03:39:15 +0000 UTC |

Live-Hack-CVE/CVE-2023-23944 Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user's passwords were stored in cleartext in the database during the duration of OAuth2 setup procedure. Any attacker or malicious user with access to the database would have access to these user passwords until the OAuth CVE project by @Sn0wAlice Create: 2023-02-15 03:39:09 +0000 UTC Push: 2023-02-15 03:39:12 +0000 UTC |

Live-Hack-CVE/CVE-2017-7308 The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted CVE project by @Sn0wAlice Create: 2023-02-15 03:39:06 +0000 UTC Push: 2023-02-15 03:39:08 +0000 UTC |

Live-Hack-CVE/CVE-2023-0687 A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier as CVE project by @Sn0wAlice Create: 2023-02-15 03:39:01 +0000 UTC Push: 2023-02-15 03:39:03 +0000 UTC |

Live-Hack-CVE/CVE-2022-32656 In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705035; Issue ID: GN20220705035. CVE project by @Sn0wAlice Create: 2023-02-15 03:38:57 +0000 UTC Push: 2023-02-15 03:39:00 +0000 UTC |

Live-Hack-CVE/CVE-2022-42439 IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211. CVE project by @Sn0wAlice Create: 2023-02-15 03:38:54 +0000 UTC Push: 2023-02-15 03:38:56 +0000 UTC |

Live-Hack-CVE/CVE-2023-24161 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the webWlanIdx parameter in the setWebWlanIdx function. CVE project by @Sn0wAlice Create: 2023-02-15 02:33:34 +0000 UTC Push: 2023-02-15 02:33:36 +0000 UTC |

Live-Hack-CVE/CVE-2023-24160 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function. CVE project by @Sn0wAlice Create: 2023-02-15 02:33:30 +0000 UTC Push: 2023-02-15 02:33:32 +0000 UTC |

Live-Hack-CVE/CVE-2023-24159 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function. CVE project by @Sn0wAlice Create: 2023-02-15 02:33:26 +0000 UTC Push: 2023-02-15 02:33:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-4286 A reflected cross-site scripting (XSS) vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions >=3.00 and <=C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session. CVE project by @Sn0wAlice Create: 2023-02-15 02:33:23 +0000 UTC Push: 2023-02-15 02:33:25 +0000 UTC |

Live-Hack-CVE/CVE-2014-6195 The (1) Java GUI and (2) Web GUI components in the IBM Tivoli Storage Manager (TSM) Backup-Archive client 5.4 and 5.5 before 5.5.4.4 on AIX, Linux, and Solaris; 5.4.x and 5.5.x on Windows and z/OS; 6.1 before 6.1.5.7 on z/OS; 6.1 and 6.2 before 6.2.5.2 on Windows, before 6.2.5.3 on AIX and Linux x86, and before 6.2.5.4 CVE project by @Sn0wAlice Create: 2023-02-15 02:33:17 +0000 UTC Push: 2023-02-15 02:33:19 +0000 UTC |

Live-Hack-CVE/CVE-2020-4870 IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack caused by an error processing connecting applications. IBM X-Force ID: 190833. CVE project by @Sn0wAlice Create: 2023-02-15 02:33:13 +0000 UTC Push: 2023-02-15 02:33:15 +0000 UTC |

Live-Hack-CVE/CVE-2020-4675 IBM InfoSphere Master Data Management Server 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186324. CVE project by @Sn0wAlice Create: 2023-02-15 02:33:09 +0000 UTC Push: 2023-02-15 02:33:11 +0000 UTC |

Live-Hack-CVE/CVE-2021-29728 IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 201160. CVE project by @Sn0wAlice Create: 2023-02-15 02:33:05 +0000 UTC Push: 2023-02-15 02:33:07 +0000 UTC |

Live-Hack-CVE/CVE-2021-29723 IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100. CVE project by @Sn0wAlice Create: 2023-02-15 02:33:01 +0000 UTC Push: 2023-02-15 02:33:04 +0000 UTC |

Live-Hack-CVE/CVE-2021-29722 IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201095. CVE project by @Sn0wAlice Create: 2023-02-15 02:32:58 +0000 UTC Push: 2023-02-15 02:33:00 +0000 UTC |

Live-Hack-CVE/CVE-2021-29841 IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205045. CVE project by @Sn0wAlice Create: 2023-02-15 02:32:54 +0000 UTC Push: 2023-02-15 02:32:56 +0000 UTC |

Live-Hack-CVE/CVE-2023-25576 @fastify/multipart is a Fastify plugin to parse the multipart content-type. Prior to versions 7.4.1 and 6.0.1, @fastify/multipart may experience denial of service due to a number of situations in which an unlimited number of parts are accepted. This includes the multipart body parser accepting an unlimited number of fi CVE project by @Sn0wAlice Create: 2023-02-15 02:32:45 +0000 UTC Push: 2023-02-15 02:32:47 +0000 UTC |

Live-Hack-CVE/CVE-2022-22564 Dell EMC Unity versions before 5.2.0.0.5.173 , use(es) broken cryptographic algorithm. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information. CVE project by @Sn0wAlice Create: 2023-02-15 02:32:41 +0000 UTC Push: 2023-02-15 02:32:43 +0000 UTC |

Live-Hack-CVE/CVE-2021-46023 An Untrusted Pointer Dereference was discovered in function mrb_vm_exec in mruby before 3.1.0-rc. The vulnerability causes a segmentation fault and application crash. CVE project by @Sn0wAlice Create: 2023-02-15 02:32:37 +0000 UTC Push: 2023-02-15 02:32:40 +0000 UTC |