Live-Hack-CVE/CVE-2023-24977 Out-of-bounds Read vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7214 https://github.com/apache/inlong/pull/7214 to solve it. CVE project by @Sn0wAlice Create: 2023-02-01 19:22:58 +0000 UTC Push: 2023-02-01 19:23:01 +0000 UTC |

Live-Hack-CVE/CVE-2023-0587 A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Using a malformed Content-Length header in an HTTP PUT message sent to URL /officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated remote attacker can upload arbitrary files to the SampleSubmission directory (i.e., \PCCSRV\TEMP\Sa CVE project by @Sn0wAlice Create: 2023-02-01 15:03:10 +0000 UTC Push: 2023-02-01 15:03:12 +0000 UTC |

Live-Hack-CVE/CVE-2022-4206 A sensitive information leak issue has been discovered in all versions of DAST API scanner from 1.6.50 prior to 2.0.102, exposing the Authorization header in the vulnerability report CVE project by @Sn0wAlice Create: 2023-02-01 15:03:06 +0000 UTC Push: 2023-02-01 15:03:09 +0000 UTC |

Live-Hack-CVE/CVE-2023-0454 OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an internal path. CVE project by @Sn0wAlice Create: 2023-02-01 15:03:03 +0000 UTC Push: 2023-02-01 15:03:05 +0000 UTC |

Live-Hack-CVE/CVE-2023-23846 Due to insufficient length validation in the Open5GS GTP library versions prior to versions 2.4.13 and 2.5.7, when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol payload with any extension header length set to zero causes an infinite loop. The affected process becomes immediately un CVE project by @Sn0wAlice Create: 2023-02-01 15:02:59 +0000 UTC Push: 2023-02-01 15:03:02 +0000 UTC |

Live-Hack-CVE/CVE-2023-20856 VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user. CVE project by @Sn0wAlice Create: 2023-02-01 15:02:56 +0000 UTC Push: 2023-02-01 15:02:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-0524 As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue and also made several d CVE project by @Sn0wAlice Create: 2023-02-01 15:02:52 +0000 UTC Push: 2023-02-01 15:02:55 +0000 UTC |

Live-Hack-CVE/CVE-2022-42973 A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monito CVE project by @Sn0wAlice Create: 2023-02-01 15:02:49 +0000 UTC Push: 2023-02-01 15:02:50 +0000 UTC |

Live-Hack-CVE/CVE-2021-22786 A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) (Versions prior to V3.30), Modicon M580 CPU (part numbers BMEP* a CVE project by @Sn0wAlice Create: 2023-02-01 15:02:45 +0000 UTC Push: 2023-02-01 15:02:47 +0000 UTC |

Live-Hack-CVE/CVE-2023-0607 Cross-site Scripting (XSS) - Stored in GitHub repository projectsend/projectsend prior to r1606. CVE project by @Sn0wAlice Create: 2023-02-01 15:02:41 +0000 UTC Push: 2023-02-01 15:02:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-4062 A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission (Versions prior to V2.25) CVE project by @Sn0wAlice Create: 2023-02-01 15:02:37 +0000 UTC Push: 2023-02-01 15:02:40 +0000 UTC |

Live-Hack-CVE/CVE-2022-42970 A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 CVE project by @Sn0wAlice Create: 2023-02-01 15:02:33 +0000 UTC Push: 2023-02-01 15:02:36 +0000 UTC |

Live-Hack-CVE/CVE-2022-2329 A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer overflow, leading to denial of service and potentially remote code execution when an attacker sends multiple specially crafted messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.2 CVE project by @Sn0wAlice Create: 2023-02-01 15:02:30 +0000 UTC Push: 2023-02-01 15:02:32 +0000 UTC |

Live-Hack-CVE/CVE-2022-42971 A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UP CVE project by @Sn0wAlice Create: 2023-02-01 15:02:25 +0000 UTC Push: 2023-02-01 15:02:28 +0000 UTC |

Live-Hack-CVE/CVE-2022-42972 A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5 CVE project by @Sn0wAlice Create: 2023-02-01 15:02:22 +0000 UTC Push: 2023-02-01 15:02:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-24324 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22073) CVE project by @Sn0wAlice Create: 2023-02-01 15:02:18 +0000 UTC Push: 2023-02-01 15:02:20 +0000 UTC |

Live-Hack-CVE/CVE-2022-45101 Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling of Insufficient Privileges vulnerability in NFS. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and remote execution. CVE project by @Sn0wAlice Create: 2023-02-01 15:02:14 +0000 UTC Push: 2023-02-01 15:02:17 +0000 UTC |

Live-Hack-CVE/CVE-2022-45097 Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure. CVE project by @Sn0wAlice Create: 2023-02-01 15:02:11 +0000 UTC Push: 2023-02-01 15:02:13 +0000 UTC |

Live-Hack-CVE/CVE-2022-45096 Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface Security Issue. An unauthenticated remote user could unintentionally lead an administrator to enable this vulnerability, leading to disclosure of information. CVE project by @Sn0wAlice Create: 2023-02-01 15:02:07 +0000 UTC Push: 2023-02-01 15:02:09 +0000 UTC |

Live-Hack-CVE/CVE-2022-45095 Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to execute arbitrary commands, denial of service, information disclosure, and data CVE project by @Sn0wAlice Create: 2023-02-01 15:02:04 +0000 UTC Push: 2023-02-01 15:02:06 +0000 UTC |