Live-Hack-CVE/CVE-2023-23073 Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component. CVE project by @Sn0wAlice Create: 2023-02-09 03:21:41 +0000 UTC Push: 2023-02-09 03:21:44 +0000 UTC |

Live-Hack-CVE/CVE-2021-25296 Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the N CVE project by @Sn0wAlice Create: 2023-02-09 03:21:38 +0000 UTC Push: 2023-02-09 03:21:40 +0000 UTC |

Live-Hack-CVE/CVE-2021-25297 Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI CVE project by @Sn0wAlice Create: 2023-02-09 03:21:34 +0000 UTC Push: 2023-02-09 03:21:36 +0000 UTC |

Live-Hack-CVE/CVE-2021-25298 Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagio CVE project by @Sn0wAlice Create: 2023-02-09 03:21:30 +0000 UTC Push: 2023-02-09 03:21:33 +0000 UTC |

Live-Hack-CVE/CVE-2023-0003 A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server. CVE project by @Sn0wAlice Create: 2023-02-09 03:21:26 +0000 UTC Push: 2023-02-09 03:21:28 +0000 UTC |

Live-Hack-CVE/CVE-2023-0002 A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent. CVE project by @Sn0wAlice Create: 2023-02-09 03:21:22 +0000 UTC Push: 2023-02-09 03:21:25 +0000 UTC |

Live-Hack-CVE/CVE-2023-0001 An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent. CVE project by @Sn0wAlice Create: 2023-02-09 03:21:18 +0000 UTC Push: 2023-02-09 03:21:21 +0000 UTC |

Live-Hack-CVE/CVE-2023-23692 Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability. An authenticated non admin attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. CVE project by @Sn0wAlice Create: 2023-02-09 03:21:12 +0000 UTC Push: 2023-02-09 03:21:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-48094 lmxcms v1.41 was discovered to contain an arbitrary file read vulnerability via TemplateAction.class.php. CVE project by @Sn0wAlice Create: 2023-02-09 03:21:06 +0000 UTC Push: 2023-02-09 03:21:08 +0000 UTC |

Live-Hack-CVE/CVE-2023-24997 Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7223 https://github.com/apache/inlong/pull/7223 to s CVE project by @Sn0wAlice Create: 2023-02-09 03:21:03 +0000 UTC Push: 2023-02-09 03:21:05 +0000 UTC |

Live-Hack-CVE/CVE-2022-48093 Seacms v12.7 was discovered to contain a remote code execution (RCE) vulnerability via the ip parameter at admin_ ip.php. CVE project by @Sn0wAlice Create: 2023-02-09 03:20:59 +0000 UTC Push: 2023-02-09 03:21:01 +0000 UTC |

Live-Hack-CVE/CVE-2023-24610 NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. The client-side checks can be bypassed. This may allow attackers to steal Protected Health Information because the product is for health charting. CVE project by @Sn0wAlice Create: 2023-02-09 03:20:55 +0000 UTC Push: 2023-02-09 03:20:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-23132 Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys. CVE project by @Sn0wAlice Create: 2023-02-09 03:20:49 +0000 UTC Push: 2023-02-09 03:20:52 +0000 UTC |

Live-Hack-CVE/CVE-2022-45770 Improper input validation in driver adgnetworkwfpdrv.sys in Adguard For Windows x86 up to version 7.11 allows attacker to gain local privileges escalation. CVE project by @Sn0wAlice Create: 2023-02-09 03:20:42 +0000 UTC Push: 2023-02-09 03:20:45 +0000 UTC |

Live-Hack-CVE/CVE-2023-0748 Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6. CVE project by @Sn0wAlice Create: 2023-02-09 02:15:50 +0000 UTC Push: 2023-02-09 02:15:52 +0000 UTC |

Live-Hack-CVE/CVE-2023-22572 Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in change password api. A low privilege local attacker could potentially exploit this vulnerability, leading to system takeover. CVE project by @Sn0wAlice Create: 2023-02-09 02:15:39 +0000 UTC Push: 2023-02-09 02:15:41 +0000 UTC |

Live-Hack-CVE/CVE-2023-23135 An arbitrary file upload vulnerability in Ftdms v3.1.6 allows attackers to execute arbitrary code via uploading a crafted JPG file. CVE project by @Sn0wAlice Create: 2023-02-09 02:15:26 +0000 UTC Push: 2023-02-09 02:15:28 +0000 UTC |

KTN1990/CVE-2022-0316_wordpress_multiple_themes_exploit Wordpress Multiple themes - Unauthenticated Arbitrary File Upload Create: 2023-02-09 01:37:09 +0000 UTC Push: 2023-02-09 09:46:27 +0000 UTC |

Live-Hack-CVE/CVE-2023-0747 Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6. CVE project by @Sn0wAlice Create: 2023-02-09 00:01:48 +0000 UTC Push: 2023-02-09 00:01:51 +0000 UTC |

Live-Hack-CVE/CVE-2022-41620 Cross-Site Request Forgery (CSRF) vulnerability in SeoSamba for WordPress Webmasters plugin <= 1.0.5 versions. CVE project by @Sn0wAlice Create: 2023-02-09 00:01:44 +0000 UTC Push: 2023-02-09 00:01:47 +0000 UTC |