Live-Hack-CVE/CVE-2019-4080 IBM WebSphere Application Server Admin Console 7.5, 8.0, 8.5, and 9.0 is vulnerable to a potential denial of service, caused by improper parameter parsing. A remote attacker could exploit this to consume all available CPU resources. IBM X-Force ID: 157380. CVE project by @Sn0wAlice Create: 2023-02-04 03:53:27 +0000 UTC Push: 2023-02-04 03:53:30 +0000 UTC |

agathanon/cve-2022-44268 Create: 2023-02-04 03:02:27 +0000 UTC Push: 2023-02-04 04:39:51 +0000 UTC |

agathanon/cve-2023-44268 Create: 2023-02-04 02:24:45 +0000 UTC Push: 2023-02-04 02:55:16 +0000 UTC |

Live-Hack-CVE/CVE-2023-24138 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the host_time parameter in the NTPSyncWithHost function. CVE project by @Sn0wAlice Create: 2023-02-04 01:43:00 +0000 UTC Push: 2023-02-04 01:43:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-34138 Insecure direct object references (IDOR) in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information. CVE project by @Sn0wAlice Create: 2023-02-04 01:42:56 +0000 UTC Push: 2023-02-04 01:42:59 +0000 UTC |

Live-Hack-CVE/CVE-2020-0305 In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153467744 CVE project by @Sn0wAlice Create: 2023-02-04 01:42:53 +0000 UTC Push: 2023-02-04 01:42:55 +0000 UTC |

Live-Hack-CVE/CVE-2020-16118 In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c. CVE project by @Sn0wAlice Create: 2023-02-04 01:42:49 +0000 UTC Push: 2023-02-04 01:42:51 +0000 UTC |

Live-Hack-CVE/CVE-2020-14347 A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable. CVE project by @Sn0wAlice Create: 2023-02-04 01:42:42 +0000 UTC Push: 2023-02-04 01:42:44 +0000 UTC |

Live-Hack-CVE/CVE-2022-40998 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer ove CVE project by @Sn0wAlice Create: 2023-02-04 01:42:38 +0000 UTC Push: 2023-02-04 01:42:40 +0000 UTC |

Live-Hack-CVE/CVE-2020-10675 The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call. CVE project by @Sn0wAlice Create: 2023-02-04 01:42:34 +0000 UTC Push: 2023-02-04 01:42:36 +0000 UTC |

Live-Hack-CVE/CVE-2019-20485 qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage). CVE project by @Sn0wAlice Create: 2023-02-04 01:42:29 +0000 UTC Push: 2023-02-04 01:42:32 +0000 UTC |

Live-Hack-CVE/CVE-2020-5267 In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2. CVE project by @Sn0wAlice Create: 2023-02-04 01:42:23 +0000 UTC Push: 2023-02-04 01:42:25 +0000 UTC |

Live-Hack-CVE/CVE-2019-15654 Comba AC2400 devices are prone to password disclosure via a simple crafted /09/business/upgrade/upcfgAction.php?download=true request to the web management server. The request doesn't require any authentication and will lead to saving the DBconfig.cfg file. At the end of the file, the login information is stored in cle CVE project by @Sn0wAlice Create: 2023-02-04 01:42:19 +0000 UTC Push: 2023-02-04 01:42:22 +0000 UTC |

Live-Hack-CVE/CVE-2020-1878 Huawei smartphone OxfordS-AN00A with versions earlier than 10.0.1.152D(C735E152R3P3),versions earlier than 10.0.1.160(C00E160R4P1) have an improper authentication vulnerability. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some informat CVE project by @Sn0wAlice Create: 2023-02-04 01:42:15 +0000 UTC Push: 2023-02-04 01:42:17 +0000 UTC |

Live-Hack-CVE/CVE-2021-24467 The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF nonce when saving its settings, which allows attackers to make a logged in admin update the settings via a Cross-Site Request Forgery attack. This could lead to Cross-Site Scripting issues by either changing the URL of the JavaScript library being u CVE project by @Sn0wAlice Create: 2023-02-03 23:30:34 +0000 UTC Push: 2023-02-03 23:30:36 +0000 UTC |

Live-Hack-CVE/CVE-2018-14622 A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to c CVE project by @Sn0wAlice Create: 2023-02-03 23:30:28 +0000 UTC Push: 2023-02-03 23:30:31 +0000 UTC |

Live-Hack-CVE/CVE-2018-16869 A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS conne CVE project by @Sn0wAlice Create: 2023-02-03 23:30:23 +0000 UTC Push: 2023-02-03 23:30:25 +0000 UTC |

Live-Hack-CVE/CVE-2019-10129 A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CV CVE project by @Sn0wAlice Create: 2023-02-03 23:30:19 +0000 UTC Push: 2023-02-03 23:30:22 +0000 UTC |

Live-Hack-CVE/CVE-2019-10163 A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected b CVE project by @Sn0wAlice Create: 2023-02-03 23:30:15 +0000 UTC Push: 2023-02-03 23:30:18 +0000 UTC |

Live-Hack-CVE/CVE-2019-7003 A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupp CVE project by @Sn0wAlice Create: 2023-02-03 23:30:11 +0000 UTC Push: 2023-02-03 23:30:13 +0000 UTC |