0xf4n9x/CVE-2023-0669 CVE-2023-0669 GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. Create: 2023-02-10 21:02:55 +0000 UTC Push: 2023-02-11 15:18:39 +0000 UTC |

PyterSmithDarkGhost/CVE-2023-24055-PoC-KeePass-2.5x- Create: 2023-02-10 20:04:29 +0000 UTC Push: 2023-02-10 20:04:29 +0000 UTC |

DickDock/CVE-2022-46166 CVE-2022-46166 靶场环境 Create: 2023-02-10 16:29:24 +0000 UTC Push: 2023-02-10 16:29:30 +0000 UTC |

houquanen/POC_CVE-2018-19518 Create: 2023-02-10 15:47:54 +0000 UTC Push: 2023-02-10 15:47:55 +0000 UTC |

UNICORDev/exploit-CVE-2022-25765 Exploit for CVE-2022–25765 (pdfkit) - Command Injection Create: 2023-02-10 08:50:35 +0000 UTC Push: 2023-02-24 10:29:15 +0000 UTC |

Live-Hack-CVE/CVE-2023-24689 An issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files inside the root path of the webserver via manipulation of the "s" parameter in /DesignTools/ManageSkin.aspx CVE project by @Sn0wAlice Create: 2023-02-10 05:53:40 +0000 UTC Push: 2023-02-10 05:53:43 +0000 UTC |

Live-Hack-CVE/CVE-2023-24688 An issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to register a new user even if the Allow User Registrations feature is disabled. CVE project by @Sn0wAlice Create: 2023-02-10 05:53:36 +0000 UTC Push: 2023-02-10 05:53:39 +0000 UTC |

Live-Hack-CVE/CVE-2023-24687 Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Company Info Settings component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtCompanyName parameter. CVE project by @Sn0wAlice Create: 2023-02-10 05:53:32 +0000 UTC Push: 2023-02-10 05:53:35 +0000 UTC |

Live-Hack-CVE/CVE-2023-24323 Mojoportal v2.7 was discovered to contain an authenticated XML external entity (XXE) injection vulnerability. CVE project by @Sn0wAlice Create: 2023-02-10 05:53:28 +0000 UTC Push: 2023-02-10 05:53:31 +0000 UTC |

Live-Hack-CVE/CVE-2023-24322 A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters. CVE project by @Sn0wAlice Create: 2023-02-10 05:53:25 +0000 UTC Push: 2023-02-10 05:53:27 +0000 UTC |

Live-Hack-CVE/CVE-2023-23912 A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote CVE project by @Sn0wAlice Create: 2023-02-10 05:53:22 +0000 UTC Push: 2023-02-10 05:53:24 +0000 UTC |

Live-Hack-CVE/CVE-2023-22799 A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately. CVE project by @Sn0wAlice Create: 2023-02-10 05:53:18 +0000 UTC Push: 2023-02-10 05:53:20 +0000 UTC |

Live-Hack-CVE/CVE-2023-22798 Prior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0, https://github.com/brave/adblock-lists removed redirect interceptors on some websites like Facebook in which the redirect interceptor may have been there for security purposes. This could potentially cause open redirects on these websites. Brave's redirect inter CVE project by @Sn0wAlice Create: 2023-02-10 05:53:14 +0000 UTC Push: 2023-02-10 05:53:16 +0000 UTC |

Live-Hack-CVE/CVE-2023-22797 An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefu CVE project by @Sn0wAlice Create: 2023-02-10 05:53:10 +0000 UTC Push: 2023-02-10 05:53:13 +0000 UTC |

Live-Hack-CVE/CVE-2023-22796 A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible CVE project by @Sn0wAlice Create: 2023-02-10 05:53:06 +0000 UTC Push: 2023-02-10 05:53:09 +0000 UTC |

Live-Hack-CVE/CVE-2023-22795 A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the proces CVE project by @Sn0wAlice Create: 2023-02-10 05:53:03 +0000 UTC Push: 2023-02-10 05:53:05 +0000 UTC |

Live-Hack-CVE/CVE-2023-22794 A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database wi CVE project by @Sn0wAlice Create: 2023-02-10 05:52:59 +0000 UTC Push: 2023-02-10 05:53:01 +0000 UTC |

Live-Hack-CVE/CVE-2023-22792 A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amou CVE project by @Sn0wAlice Create: 2023-02-10 05:52:55 +0000 UTC Push: 2023-02-10 05:52:57 +0000 UTC |

Live-Hack-CVE/CVE-2022-44572 A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any a CVE project by @Sn0wAlice Create: 2023-02-10 05:52:51 +0000 UTC Push: 2023-02-10 05:52:54 +0000 UTC |

Live-Hack-CVE/CVE-2022-44571 There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content-Disposition header parsing in Rackto take an unexpected amount of time, possibly resulting in a denial ofservi CVE project by @Sn0wAlice Create: 2023-02-10 05:52:48 +0000 UTC Push: 2023-02-10 05:52:50 +0000 UTC |