Live-Hack-CVE/CVE-2019-11728 The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded. This vulnerability affects Firefox < 68. CVE project by @Sn0wAlice Create: 2023-01-31 23:33:34 +0000 UTC Push: 2023-01-31 23:33:37 +0000 UTC |

Live-Hack-CVE/CVE-2019-11718 Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper Service were compromised. CVE project by @Sn0wAlice Create: 2023-01-31 23:33:31 +0000 UTC Push: 2023-01-31 23:33:33 +0000 UTC |

Live-Hack-CVE/CVE-2019-11724 Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. This additional permission is unnecessary and is a potential vector for malicious attacks. This vulnerability affects Firefox < 68. CVE project by @Sn0wAlice Create: 2023-01-31 23:33:27 +0000 UTC Push: 2023-01-31 23:33:29 +0000 UTC |

Live-Hack-CVE/CVE-2019-11723 A vulnerability exists during the installation of add-ons where the initial fetch ignored the origin attributes of the browsing context. This could leak cookies in private browsing mode or across different "containers" for people who use the Firefox Multi-Account Containers Web Extension. This vulnerability affects Fir CVE project by @Sn0wAlice Create: 2023-01-31 23:33:23 +0000 UTC Push: 2023-01-31 23:33:25 +0000 UTC |

Live-Hack-CVE/CVE-2019-11725 When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources from the same site loaded through websockets are not blocked, leading to the loading of unsafe resources and bypassing safebrowsing protections. This vulnerability affects F CVE project by @Sn0wAlice Create: 2023-01-31 23:33:19 +0000 UTC Push: 2023-01-31 23:33:21 +0000 UTC |

Live-Hack-CVE/CVE-2018-11563 An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer's browser in the context of the OTRS customer panel application. CVE project by @Sn0wAlice Create: 2023-01-31 23:33:15 +0000 UTC Push: 2023-01-31 23:33:17 +0000 UTC |

Live-Hack-CVE/CVE-2019-11707 A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2. CVE project by @Sn0wAlice Create: 2023-01-31 23:33:11 +0000 UTC Push: 2023-01-31 23:33:14 +0000 UTC |

Live-Hack-CVE/CVE-2022-4629 The Product Slider for WooCommerce WordPress plugin before 2.6.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege user CVE project by @Sn0wAlice Create: 2023-01-31 23:33:07 +0000 UTC Push: 2023-01-31 23:33:09 +0000 UTC |

Live-Hack-CVE/CVE-2019-0988 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0920, CVE-2019-1005, CVE-2019-1055, CVE-2019-1080. CVE project by @Sn0wAlice Create: 2023-01-31 23:33:03 +0000 UTC Push: 2023-01-31 23:33:06 +0000 UTC |

Live-Hack-CVE/CVE-2019-2587 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vul CVE project by @Sn0wAlice Create: 2023-01-31 23:32:59 +0000 UTC Push: 2023-01-31 23:33:02 +0000 UTC |

antunesmpedro/CVE-2018-6574 CVE-2018-6574 go get Create: 2023-01-31 23:01:45 +0000 UTC Push: 2023-01-31 23:01:46 +0000 UTC |

Live-Hack-CVE/CVE-2022-45789 A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure™ Control Expert (All Versions), EcoStruxure™ Process Expert (Version V2020 & prior), Modico CVE project by @Sn0wAlice Create: 2023-01-31 20:16:56 +0000 UTC Push: 2023-01-31 20:16:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-22900 Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database. CVE project by @Sn0wAlice Create: 2023-01-31 20:16:52 +0000 UTC Push: 2023-01-31 20:16:54 +0000 UTC |

Live-Hack-CVE/CVE-2022-39061 ChangingTech MegaServiSignAdapter component has a vulnerability of Out-of-bounds Read due to insufficient validation for parameter length. An unauthenticated remote attacker can exploit this vulnerability to access partial sensitive content in memory and disrupts partial services. CVE project by @Sn0wAlice Create: 2023-01-31 20:16:49 +0000 UTC Push: 2023-01-31 20:16:51 +0000 UTC |

Live-Hack-CVE/CVE-2022-39060 ChangingTech MegaServiSignAdapter component has a vulnerability of improper input validation. An unauthenticated remote attacker can exploit this vulnerability to access and modify HKEY_CURRENT_USER subkey (ex: AutoRUN) in Registry where malicious scripts can be executed to take control of the system or to terminate th CVE project by @Sn0wAlice Create: 2023-01-31 20:16:45 +0000 UTC Push: 2023-01-31 20:16:47 +0000 UTC |

Live-Hack-CVE/CVE-2022-39059 ChangingTech MegaServiSignAdapter component has a path traversal vulnerability within its file reading function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files. CVE project by @Sn0wAlice Create: 2023-01-31 20:16:41 +0000 UTC Push: 2023-01-31 20:16:44 +0000 UTC |

Live-Hack-CVE/CVE-2022-44645 In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameters in the jdbc url shou CVE project by @Sn0wAlice Create: 2023-01-31 20:16:36 +0000 UTC Push: 2023-01-31 20:16:39 +0000 UTC |

Live-Hack-CVE/CVE-2023-24829 Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.3 of iotdb-web-workbenc CVE project by @Sn0wAlice Create: 2023-01-31 20:16:33 +0000 UTC Push: 2023-01-31 20:16:35 +0000 UTC |

Live-Hack-CVE/CVE-2023-0593 A path traversal vulnerability affects yaffshiv YAFFS filesystem extractor. By crafting a malicious YAFFS file, an attacker could force yaffshiv to write outside of the extraction directory. This issue affects yaffshiv up to version 0.1 included, which is the most recent at time of publication. CVE project by @Sn0wAlice Create: 2023-01-31 20:16:29 +0000 UTC Push: 2023-01-31 20:16:31 +0000 UTC |

Live-Hack-CVE/CVE-2023-0592 A path traversal vulnerability affects jefferson's JFFS2 filesystem extractor. By crafting malicious JFFS2 files, attackers could force jefferson to write outside of the extraction directory.This issue affects jefferson: before 0.4.1. CVE project by @Sn0wAlice Create: 2023-01-31 20:16:26 +0000 UTC Push: 2023-01-31 20:16:28 +0000 UTC |