y1nglamore/CVE-2022-44268-ImageMagick-Vulnerable-Docker-Environment The vulnerable recurrence docker environment for CVE-2022-44268 Create: 2023-02-03 16:02:28 +0000 UTC Push: 2023-02-03 16:03:19 +0000 UTC |

Live-Hack-CVE/CVE-2019-5447 A path traversal vulnerability in <= v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders. CVE project by @Sn0wAlice Create: 2023-02-03 14:37:59 +0000 UTC Push: 2023-02-03 14:38:01 +0000 UTC |

Live-Hack-CVE/CVE-2020-12673 In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read. CVE project by @Sn0wAlice Create: 2023-02-03 14:37:54 +0000 UTC Push: 2023-02-03 14:37:57 +0000 UTC |

Live-Hack-CVE/CVE-2020-12674 In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled. CVE project by @Sn0wAlice Create: 2023-02-03 14:37:50 +0000 UTC Push: 2023-02-03 14:37:53 +0000 UTC |

Live-Hack-CVE/CVE-2020-14042 ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site Scripting (XSS) vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder's name $path variable in components/filemanager/class.filemanager.php. NOTE: the vendor states "Codiad is no longer under act CVE project by @Sn0wAlice Create: 2023-02-03 14:37:47 +0000 UTC Push: 2023-02-03 14:37:49 +0000 UTC |

Live-Hack-CVE/CVE-2019-5454 SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmful query is executed requiring to resetup the account. CVE project by @Sn0wAlice Create: 2023-02-03 14:37:43 +0000 UTC Push: 2023-02-03 14:37:46 +0000 UTC |

Live-Hack-CVE/CVE-2020-10730 A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This fl CVE project by @Sn0wAlice Create: 2023-02-03 14:37:40 +0000 UTC Push: 2023-02-03 14:37:42 +0000 UTC |

Live-Hack-CVE/CVE-2020-7923 A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.0-rc7; v4.2 versions prior to 4.2.8; v4.0 versions prior to CVE project by @Sn0wAlice Create: 2023-02-03 14:37:37 +0000 UTC Push: 2023-02-03 14:37:39 +0000 UTC |

Live-Hack-CVE/CVE-2020-16845 Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs. CVE project by @Sn0wAlice Create: 2023-02-03 14:37:33 +0000 UTC Push: 2023-02-03 14:37:35 +0000 UTC |

Live-Hack-CVE/CVE-2020-7576 A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2), Opcenter Execution Core (V8.2). An authenticated user with the ability to create containers, packages or register defects could perform stored Cross-Site Scripting (XSS) attacks within the v CVE project by @Sn0wAlice Create: 2023-02-03 14:37:30 +0000 UTC Push: 2023-02-03 14:37:32 +0000 UTC |

Live-Hack-CVE/CVE-2020-16251 HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1. CVE project by @Sn0wAlice Create: 2023-02-03 14:37:26 +0000 UTC Push: 2023-02-03 14:37:28 +0000 UTC |

Live-Hack-CVE/CVE-2018-3868 A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. CVE project by @Sn0wAlice Create: 2023-02-03 14:37:21 +0000 UTC Push: 2023-02-03 14:37:23 +0000 UTC |

Live-Hack-CVE/CVE-2018-3876 An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long "bucket" value in order to expl CVE project by @Sn0wAlice Create: 2023-02-03 14:37:17 +0000 UTC Push: 2023-02-03 14:37:19 +0000 UTC |

Live-Hack-CVE/CVE-2023-23120 The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes TRENDnet TV-IP651WI Network Camera firmware version v1.07.01 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and byp CVE project by @Sn0wAlice Create: 2023-02-03 14:37:11 +0000 UTC Push: 2023-02-03 14:37:13 +0000 UTC |

Live-Hack-CVE/CVE-2023-23119 The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes Ubiquiti airFiber AF2X Radio firmware version 3.2.2 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the c CVE project by @Sn0wAlice Create: 2023-02-03 14:37:07 +0000 UTC Push: 2023-02-03 14:37:09 +0000 UTC |

Live-Hack-CVE/CVE-2023-0124 Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to an out-of-bounds write, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software. CVE project by @Sn0wAlice Create: 2023-02-03 14:37:03 +0000 UTC Push: 2023-02-03 14:37:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-0123 Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software. CVE project by @Sn0wAlice Create: 2023-02-03 14:37:00 +0000 UTC Push: 2023-02-03 14:37:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-4634 All versions prior to Delta Electronic’s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code. CVE project by @Sn0wAlice Create: 2023-02-03 14:36:56 +0000 UTC Push: 2023-02-03 14:36:59 +0000 UTC |

Live-Hack-CVE/CVE-2023-25135 vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions are 5.6.7 PL1, 5.6.8 PL CVE project by @Sn0wAlice Create: 2023-02-03 14:36:50 +0000 UTC Push: 2023-02-03 14:36:52 +0000 UTC |

galoget/ResponsiveFilemanager-CVE-2022-46604 Responsive Filemanager v9.9.5 vulnerable to CVE-2022–46604. Create: 2023-02-03 14:34:46 +0000 UTC Push: 2023-02-03 14:34:46 +0000 UTC |