Live-Hack-CVE/CVE-2020-12077 The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces (or capability checks), leading to remote code execution. CVE project by @Sn0wAlice Create: 2023-02-10 01:29:39 +0000 UTC Push: 2023-02-10 01:29:41 +0000 UTC |

Live-Hack-CVE/CVE-2020-12675 The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. NOTE: this issue exists because of an incomplete fix for CVE-2020-12077. CVE project by @Sn0wAlice Create: 2023-02-10 01:29:35 +0000 UTC Push: 2023-02-10 01:29:38 +0000 UTC |

Live-Hack-CVE/CVE-2021-38291 FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c. CVE project by @Sn0wAlice Create: 2023-02-10 01:29:32 +0000 UTC Push: 2023-02-10 01:29:34 +0000 UTC |

Live-Hack-CVE/CVE-2023-23469 IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 244504. CVE project by @Sn0wAlice Create: 2023-02-10 01:29:27 +0000 UTC Push: 2023-02-10 01:29:30 +0000 UTC |

Live-Hack-CVE/CVE-2017-15699 A Denial of Service vulnerability was found in Apache Qpid Dispatch Router versions 0.7.0 and 0.8.0. To exploit this vulnerability, a remote user must be able to establish an AMQP connection to the Qpid Dispatch Router and send a specifically crafted AMQP frame which will cause it to segfault and shut down. CVE project by @Sn0wAlice Create: 2023-02-10 01:29:22 +0000 UTC Push: 2023-02-10 01:29:25 +0000 UTC |

Live-Hack-CVE/CVE-2017-5546 The freelist-randomization feature in mm/slab.c in the Linux kernel 4.8.x and 4.9.x before 4.9.5 allows local users to cause a denial of service (duplicate freelist entries and system crash) or possibly have unspecified other impact in opportunistic circumstances by leveraging the selection of a large value for a rando CVE project by @Sn0wAlice Create: 2023-02-10 01:29:17 +0000 UTC Push: 2023-02-10 01:29:19 +0000 UTC |

Live-Hack-CVE/CVE-2017-12621 During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. This could lead to XML External Entity (XXE) attacks in Apache C CVE project by @Sn0wAlice Create: 2023-02-10 01:29:13 +0000 UTC Push: 2023-02-10 01:29:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-46457 NASM v2.16 was discovered to contain a segmentation violation in the component ieee_write_file at /output/outieee.c. CVE project by @Sn0wAlice Create: 2023-02-10 01:29:10 +0000 UTC Push: 2023-02-10 01:29:12 +0000 UTC |

Live-Hack-CVE/CVE-2023-24021 Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection. CVE project by @Sn0wAlice Create: 2023-02-10 01:29:04 +0000 UTC Push: 2023-02-10 01:29:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-0624 OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html. CVE project by @Sn0wAlice Create: 2023-02-10 01:29:00 +0000 UTC Push: 2023-02-10 01:29:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-46552 D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request. CVE project by @Sn0wAlice Create: 2023-02-10 01:28:54 +0000 UTC Push: 2023-02-10 01:28:57 +0000 UTC |

Live-Hack-CVE/CVE-2023-25396 Privilege escalation in the MSI repair functionality in Caphyon Advanced Installer 20.0 and below allows attackers to access and manipulate system files. CVE project by @Sn0wAlice Create: 2023-02-09 23:15:36 +0000 UTC Push: 2023-02-09 23:15:38 +0000 UTC |

Live-Hack-CVE/CVE-2023-25152 Wings is Pterodactyl's server control plane. Affected versions are subject to a vulnerability which can be used to create new files and directory structures on the host system that previously did not exist, potentially allowing attackers to change their resource allocations, promote their containers to privileged mode, CVE project by @Sn0wAlice Create: 2023-02-09 23:15:32 +0000 UTC Push: 2023-02-09 23:15:34 +0000 UTC |

Live-Hack-CVE/CVE-2023-23475 IBM Infosphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245423. CVE project by @Sn0wAlice Create: 2023-02-09 23:15:28 +0000 UTC Push: 2023-02-09 23:15:31 +0000 UTC |

Live-Hack-CVE/CVE-2023-0690 HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key Management Service (KMS) defined in the configuration file, new credentials created after an automatic rotation may not have been encrypted via the intended KMS. This would result in the credentials being store CVE project by @Sn0wAlice Create: 2023-02-09 23:15:25 +0000 UTC Push: 2023-02-09 23:15:27 +0000 UTC |

Live-Hack-CVE/CVE-2022-45755 Cross-site scripting (XSS) vulnerability in EyouCMS v1.6.0 allows attackers to execute arbitrary code via the home page description on the basic information page. CVE project by @Sn0wAlice Create: 2023-02-09 23:15:20 +0000 UTC Push: 2023-02-09 23:15:23 +0000 UTC |

Live-Hack-CVE/CVE-2022-45527 File upload vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows unauthorized attackers to directly upload malicious files to the courseimg directory. CVE project by @Sn0wAlice Create: 2023-02-09 23:15:16 +0000 UTC Push: 2023-02-09 23:15:19 +0000 UTC |

Live-Hack-CVE/CVE-2022-34362 IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 230523. CVE project by @Sn0wAlice Create: 2023-02-09 23:15:13 +0000 UTC Push: 2023-02-09 23:15:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-45526 SQL Injection vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows attackers to execute arbitrary commands via the ad parameter to /admin_area/login_transfer.php. CVE project by @Sn0wAlice Create: 2023-02-09 23:15:09 +0000 UTC Push: 2023-02-09 23:15:11 +0000 UTC |

Live-Hack-CVE/CVE-2022-42438 IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. IBM X-Force ID: 238210. CVE project by @Sn0wAlice Create: 2023-02-09 23:15:05 +0000 UTC Push: 2023-02-09 23:15:08 +0000 UTC |