Live-Hack-CVE/CVE-2023-0174 The WP VR WordPress plugin before 8.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. CVE project by @Sn0wAlice Create: 2023-02-14 23:15:55 +0000 UTC Push: 2023-02-14 23:15:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-0236 The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the reset_key and user_id parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin CVE project by @Sn0wAlice Create: 2023-02-14 23:15:52 +0000 UTC Push: 2023-02-14 23:15:54 +0000 UTC |

Live-Hack-CVE/CVE-2023-0178 The Annual Archive WordPress plugin before 1.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. CVE project by @Sn0wAlice Create: 2023-02-14 23:15:48 +0000 UTC Push: 2023-02-14 23:15:50 +0000 UTC |

Live-Hack-CVE/CVE-2023-0176 The Giveaways and Contests by RafflePress WordPress plugin before 1.11.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. CVE project by @Sn0wAlice Create: 2023-02-14 23:15:44 +0000 UTC Push: 2023-02-14 23:15:46 +0000 UTC |

Live-Hack-CVE/CVE-2021-32936 An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or exe CVE project by @Sn0wAlice Create: 2023-02-14 22:10:28 +0000 UTC Push: 2023-02-14 22:10:30 +0000 UTC |

Live-Hack-CVE/CVE-2021-43391 An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid dash counter in line types) can trigger a read past the end of an allocated buffer. An attacker can CVE project by @Sn0wAlice Create: 2023-02-14 22:10:22 +0000 UTC Push: 2023-02-14 22:10:24 +0000 UTC |

Live-Hack-CVE/CVE-2021-43336 An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF and DWG files. Crafted data in a DXF or DWG file (an invalid number of properties) can trigger a write operation past the end of an alloc CVE project by @Sn0wAlice Create: 2023-02-14 22:10:17 +0000 UTC Push: 2023-02-14 22:10:21 +0000 UTC |

Live-Hack-CVE/CVE-2023-25065 Cross-Site Request Forgery (CSRF) vulnerability in ShapedPlugin WP Tabs – Responsive Tabs Plugin for WordPress plugin <= 2.1.14 versions. CVE project by @Sn0wAlice Create: 2023-02-14 22:09:58 +0000 UTC Push: 2023-02-14 22:10:00 +0000 UTC |

Live-Hack-CVE/CVE-2023-24382 Cross-Site Request Forgery (CSRF) vulnerability in Photon WP Material Design Icons for Page Builders plugin <= 1.4.2 versions. CVE project by @Sn0wAlice Create: 2023-02-14 22:09:54 +0000 UTC Push: 2023-02-14 22:09:56 +0000 UTC |

Live-Hack-CVE/CVE-2023-24377 Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.3 versions. CVE project by @Sn0wAlice Create: 2023-02-14 22:09:50 +0000 UTC Push: 2023-02-14 22:09:53 +0000 UTC |

Live-Hack-CVE/CVE-2022-46862 Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin <= 8.0.7 versions. CVE project by @Sn0wAlice Create: 2023-02-14 22:09:46 +0000 UTC Push: 2023-02-14 22:09:49 +0000 UTC |

Live-Hack-CVE/CVE-2023-25066 Cross-Site Request Forgery (CSRF) vulnerability in FolioVision FV Flowplayer Video Player plugin <= 7.5.30.7212 versions. CVE project by @Sn0wAlice Create: 2023-02-14 19:56:15 +0000 UTC Push: 2023-02-14 19:56:18 +0000 UTC |

Live-Hack-CVE/CVE-2022-43469 Cross-Site Request Forgery (CSRF) vulnerability in Orchestrated Corona Virus (COVID-19) Banner & Live Data plugin <= 1.7.0.6 versions. CVE project by @Sn0wAlice Create: 2023-02-14 19:56:11 +0000 UTC Push: 2023-02-14 19:56:13 +0000 UTC |

Live-Hack-CVE/CVE-2012-3287 Poul-Henning Kamp md5crypt has insufficient algorithmic complexity and a consequently short runtime, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack, as demonstrated by an attack using GPU hardware. CVE project by @Sn0wAlice Create: 2023-02-14 19:56:07 +0000 UTC Push: 2023-02-14 19:56:10 +0000 UTC |

Live-Hack-CVE/CVE-2023-25758 Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.10.0 allow man-in-the-middle attackers to obtain the seed phase. The man-in-the-middle access can only be obtained after disassembling a device (i.e., here, "man-in-the-middle" does not refer to the attacker's position on an IP network). NOTE: the ven CVE project by @Sn0wAlice Create: 2023-02-14 19:56:03 +0000 UTC Push: 2023-02-14 19:56:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-22375 ** UNSUPPORTED WHEN ASSIGNED ** Cross-site request forgery (CSRF) vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to hijack the authentication and conduct arbitrary operations by having a logged-in user to view a malicious page. NOTE: This vuln CVE project by @Sn0wAlice Create: 2023-02-14 14:27:50 +0000 UTC Push: 2023-02-14 14:27:53 +0000 UTC |

Live-Hack-CVE/CVE-2023-22370 ** UNSUPPORTED WHEN ASSIGNED ** Stored cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a network-adjacent authenticated attacker to inject an arbitrary script. NOTE: This vulnerability only affects products that are no longer supported by the developer. CVE project by @Sn0wAlice Create: 2023-02-14 14:27:47 +0000 UTC Push: 2023-02-14 14:27:49 +0000 UTC |

Live-Hack-CVE/CVE-2023-0655 SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that includes sensitive information about users email addresses. CVE project by @Sn0wAlice Create: 2023-02-14 14:27:43 +0000 UTC Push: 2023-02-14 14:27:46 +0000 UTC |

Live-Hack-CVE/CVE-2023-25614 SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allow an unauthenticated attacker to inject the code that can be executed by the application over the network. On successful exploitation it can gain access to the sensitive information which le CVE project by @Sn0wAlice Create: 2023-02-14 14:27:40 +0000 UTC Push: 2023-02-14 14:27:42 +0000 UTC |

Live-Hack-CVE/CVE-2023-24530 SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed by the application over the network. On successful exploitation, attacker can perform operations that may completely compromise the application causing high impa CVE project by @Sn0wAlice Create: 2023-02-14 14:27:37 +0000 UTC Push: 2023-02-14 14:27:39 +0000 UTC |