Halcy0nic/CVE-2022-41220 Proof of concept for CVE-2022-41220 Create: 2023-02-01 07:05:31 +0000 UTC Push: 2023-02-01 07:05:32 +0000 UTC |

Halcy0nic/CVE-2022-34913 Proof of concept for CVE-2022-34913 Create: 2023-02-01 06:37:29 +0000 UTC Push: 2023-02-01 06:37:29 +0000 UTC |

Live-Hack-CVE/CVE-2019-14322 In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames. CVE project by @Sn0wAlice Create: 2023-02-01 06:08:08 +0000 UTC Push: 2023-02-01 06:08:11 +0000 UTC |

Live-Hack-CVE/CVE-2016-15023 A vulnerability, which was classified as problematic, was found in SiteFusion Application Server up to 6.6.6. This affects an unknown part of the file getextension.php of the component Extension Handler. The manipulation leads to path traversal. Upgrading to version 6.6.7 is able to address this issue. The name of the CVE project by @Sn0wAlice Create: 2023-02-01 06:07:57 +0000 UTC Push: 2023-02-01 06:08:00 +0000 UTC |

Live-Hack-CVE/CVE-2019-19509 An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution. CVE project by @Sn0wAlice Create: 2023-02-01 06:07:53 +0000 UTC Push: 2023-02-01 06:07:56 +0000 UTC |

Halcy0nic/CVE-2022-34556 Proof of concept for CVE-2022-34556 Create: 2023-02-01 06:07:50 +0000 UTC Push: 2023-02-01 06:07:51 +0000 UTC |

Live-Hack-CVE/CVE-2019-19585 An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions. CVE project by @Sn0wAlice Create: 2023-02-01 06:07:50 +0000 UTC Push: 2023-02-01 06:07:52 +0000 UTC |

Live-Hack-CVE/CVE-2019-14834 A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation. CVE project by @Sn0wAlice Create: 2023-02-01 06:07:46 +0000 UTC Push: 2023-02-01 06:07:49 +0000 UTC |

Live-Hack-CVE/CVE-2019-20387 repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema. CVE project by @Sn0wAlice Create: 2023-02-01 06:07:43 +0000 UTC Push: 2023-02-01 06:07:45 +0000 UTC |

Live-Hack-CVE/CVE-2018-3914 An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 2000 bytes. An attacker can send an arbitrarily l CVE project by @Sn0wAlice Create: 2023-02-01 06:07:39 +0000 UTC Push: 2023-02-01 06:07:41 +0000 UTC |

Live-Hack-CVE/CVE-2019-3691 A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE Linux Enterprise Server 15; openSUSE Factory allowed local attackers to escalate privileges from user munge to root. This issue affects: SUSE Linux Enterprise Server 15 munge versions prior to 0.5.13-4.3.1. openSUSE Factory munge versio CVE project by @Sn0wAlice Create: 2023-02-01 06:07:34 +0000 UTC Push: 2023-02-01 06:07:37 +0000 UTC |

Live-Hack-CVE/CVE-2019-19547 Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially bypass access contr CVE project by @Sn0wAlice Create: 2023-02-01 06:07:30 +0000 UTC Push: 2023-02-01 06:07:33 +0000 UTC |

Live-Hack-CVE/CVE-2019-20361 There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability). CVE project by @Sn0wAlice Create: 2023-02-01 06:07:27 +0000 UTC Push: 2023-02-01 06:07:29 +0000 UTC |

Live-Hack-CVE/CVE-2019-17190 A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the elevated process cl CVE project by @Sn0wAlice Create: 2023-02-01 06:07:22 +0000 UTC Push: 2023-02-01 06:07:25 +0000 UTC |

Live-Hack-CVE/CVE-2020-1767 Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: ((OTRS)) Community Edition 6.0.x version 6.0.24 and prior ver CVE project by @Sn0wAlice Create: 2023-02-01 06:07:18 +0000 UTC Push: 2023-02-01 06:07:21 +0000 UTC |

Live-Hack-CVE/CVE-2019-18859 Digi AnywhereUSB 14 allows XSS via a link for the Digi Page. CVE project by @Sn0wAlice Create: 2023-02-01 06:07:15 +0000 UTC Push: 2023-02-01 06:07:17 +0000 UTC |

Live-Hack-CVE/CVE-2020-7108 The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field. CVE project by @Sn0wAlice Create: 2023-02-01 06:07:11 +0000 UTC Push: 2023-02-01 06:07:13 +0000 UTC |

Live-Hack-CVE/CVE-2020-7105 async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked. CVE project by @Sn0wAlice Create: 2023-02-01 06:07:07 +0000 UTC Push: 2023-02-01 06:07:10 +0000 UTC |

Halcy0nic/CVE-2022-36234 Create: 2023-02-01 04:59:35 +0000 UTC Push: 2023-02-01 04:59:35 +0000 UTC |

Live-Hack-CVE/CVE-2022-45172 An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can occur under the /api/v1/registration/validateEmail endpoint, the /api/v1/vdeskintegration/user/adduser endpoint, and the /api/v1/registration/changePasswordUser endpoint. The web application is affected by flaws in authorizati CVE project by @Sn0wAlice Create: 2023-02-01 03:58:26 +0000 UTC Push: 2023-02-01 03:58:28 +0000 UTC |