Live-Hack-CVE/CVE-2022-27507 Authenticated denial of service CVE project by @Sn0wAlice Create: 2023-02-02 05:28:18 +0000 UTC Push: 2023-02-02 05:28:20 +0000 UTC |

Live-Hack-CVE/CVE-2022-27508 Unauthenticated denial of service CVE project by @Sn0wAlice Create: 2023-02-02 05:28:14 +0000 UTC Push: 2023-02-02 05:28:17 +0000 UTC |

Live-Hack-CVE/CVE-2023-24165 Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/initIpAddrInfo. CVE project by @Sn0wAlice Create: 2023-02-02 05:28:10 +0000 UTC Push: 2023-02-02 05:28:13 +0000 UTC |

Live-Hack-CVE/CVE-2023-24164 Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_000c2318. CVE project by @Sn0wAlice Create: 2023-02-02 05:28:07 +0000 UTC Push: 2023-02-02 05:28:09 +0000 UTC |

Live-Hack-CVE/CVE-2022-43864 IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 239427. CVE project by @Sn0wAlice Create: 2023-02-02 05:28:03 +0000 UTC Push: 2023-02-02 05:28:05 +0000 UTC |

Live-Hack-CVE/CVE-2022-40036 An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to obtain sensitive user information by bypassing permission checks via the /adminGetUserList component. CVE project by @Sn0wAlice Create: 2023-02-02 05:28:00 +0000 UTC Push: 2023-02-02 05:28:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-43917 IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045. CVE project by @Sn0wAlice Create: 2023-02-02 05:27:56 +0000 UTC Push: 2023-02-02 05:27:58 +0000 UTC |

Live-Hack-CVE/CVE-2022-40035 File Upload Vulnerability found in Rawchen Blog-ssm v1.0 allowing attackers to execute arbitrary commands and gain escalated privileges via the /uploadFileList component. CVE project by @Sn0wAlice Create: 2023-02-02 05:27:52 +0000 UTC Push: 2023-02-02 05:27:55 +0000 UTC |

Live-Hack-CVE/CVE-2022-41941 GLPI is a Free Asset and IT Management Software package. Versions 10.0.0 and above, prior to 10.0.6, are subject to Cross-site Scripting. An administrator may store malicious code in help links. This issue is patched in 10.0.6. CVE project by @Sn0wAlice Create: 2023-02-02 05:27:49 +0000 UTC Push: 2023-02-02 05:27:51 +0000 UTC |

Live-Hack-CVE/CVE-2023-22500 GLPI is a Free Asset and IT Management Software package. Versions 10.0.0 and above, prior to 10.0.6 are vulnerable to Incorrect Authorization. This vulnerability allow unauthorized access to inventory files. Thus, if anonymous access to FAQ is allowed, inventory files are accessbile by unauthenticated users. This issue CVE project by @Sn0wAlice Create: 2023-02-02 05:27:45 +0000 UTC Push: 2023-02-02 05:27:48 +0000 UTC |

Live-Hack-CVE/CVE-2023-22724 GLPI is a Free Asset and IT Management Software package. Versions prior to 10.0.6 are subject to Cross-site Scripting via malicious RSS feeds. An Administrator can import a malicious RSS feed that contains Cross Site Scripting (XSS) payloads inside RSS links. Victims who wish to visit an RSS content and click on the li CVE project by @Sn0wAlice Create: 2023-02-02 05:27:42 +0000 UTC Push: 2023-02-02 05:27:44 +0000 UTC |

Live-Hack-CVE/CVE-2023-22722 GLPI is a Free Asset and IT Management Software package. Versions 9.4.0 and above, prior to 10.0.6 are subject to Cross-site Scripting. An attacker can persuade a victim into opening a URL containing a payload exploiting this vulnerability. After exploited, the attacker can make actions as the victim or exfiltrate sess CVE project by @Sn0wAlice Create: 2023-02-02 05:27:39 +0000 UTC Push: 2023-02-02 05:27:41 +0000 UTC |

Live-Hack-CVE/CVE-2023-22664 On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have CVE project by @Sn0wAlice Create: 2023-02-02 04:19:18 +0000 UTC Push: 2023-02-02 04:19:20 +0000 UTC |

Live-Hack-CVE/CVE-2023-22657 On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant file names may allow for command injection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. CVE project by @Sn0wAlice Create: 2023-02-02 04:19:14 +0000 UTC Push: 2023-02-02 04:19:17 +0000 UTC |

Live-Hack-CVE/CVE-2023-22422 On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, when a HTTP profile with the non-default Enforcement options of Enforce HTTP Compliance and Unknown Methods: Reject are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Softwa CVE project by @Sn0wAlice Create: 2023-02-02 04:19:11 +0000 UTC Push: 2023-02-02 04:19:13 +0000 UTC |

Live-Hack-CVE/CVE-2023-22418 On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.7, 14.1.x before 14.1.5.3, and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious attacker to build an open redirec CVE project by @Sn0wAlice Create: 2023-02-02 04:19:07 +0000 UTC Push: 2023-02-02 04:19:09 +0000 UTC |

Live-Hack-CVE/CVE-2023-22374 In BIG-IP starting in versions 17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6, and 13.1.5 on their respective branches, a format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful CVE project by @Sn0wAlice Create: 2023-02-02 04:19:03 +0000 UTC Push: 2023-02-02 04:19:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-22358 In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. CVE project by @Sn0wAlice Create: 2023-02-02 04:19:00 +0000 UTC Push: 2023-02-02 04:19:02 +0000 UTC |

Live-Hack-CVE/CVE-2023-22341 On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel (TMM) to terminate: * An OAuth Server that references an OAuth Provider * An OAuth profile with the Authorization End CVE project by @Sn0wAlice Create: 2023-02-02 04:18:56 +0000 UTC Push: 2023-02-02 04:18:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-22340 On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are n CVE project by @Sn0wAlice Create: 2023-02-02 04:18:52 +0000 UTC Push: 2023-02-02 04:18:54 +0000 UTC |