Live-Hack-CVE/CVE-2022-48006 An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php. CVE project by @Sn0wAlice Create: 2023-01-31 08:05:12 +0000 UTC Push: 2023-01-31 08:05:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-40137 A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code. CVE project by @Sn0wAlice Create: 2023-01-31 08:05:08 +0000 UTC Push: 2023-01-31 08:05:10 +0000 UTC |

Live-Hack-CVE/CVE-2022-40136 An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory. CVE project by @Sn0wAlice Create: 2023-01-31 08:05:05 +0000 UTC Push: 2023-01-31 08:05:07 +0000 UTC |

Live-Hack-CVE/CVE-2022-40135 An information leak vulnerability in the Smart USB Protection SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory. CVE project by @Sn0wAlice Create: 2023-01-31 08:05:01 +0000 UTC Push: 2023-01-31 08:05:03 +0000 UTC |

Live-Hack-CVE/CVE-2022-40134 An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory. CVE project by @Sn0wAlice Create: 2023-01-31 08:04:57 +0000 UTC Push: 2023-01-31 08:05:00 +0000 UTC |

Live-Hack-CVE/CVE-2022-34885 An improper input sanitization vulnerability in the Motorola MR2600 router could allow a local user with elevated permissions to execute arbitrary code. CVE project by @Sn0wAlice Create: 2023-01-31 08:04:53 +0000 UTC Push: 2023-01-31 08:04:56 +0000 UTC |

julesbozouklian/PoC_CVE-2023-24055 Create: 2023-01-31 06:03:09 +0000 UTC Push: 2023-01-31 06:03:10 +0000 UTC |

Live-Hack-CVE/CVE-2023-20043 A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by calling the script with sudo. A successful exploit could allow the attacker to take complete contro CVE project by @Sn0wAlice Create: 2023-01-31 05:54:53 +0000 UTC Push: 2023-01-31 05:54:55 +0000 UTC |

Live-Hack-CVE/CVE-2017-2781 An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution. To trigger this vulnerability, a specially crafted x509 certificate mu CVE project by @Sn0wAlice Create: 2023-01-31 05:54:49 +0000 UTC Push: 2023-01-31 05:54:51 +0000 UTC |

Live-Hack-CVE/CVE-2022-4475 The Collapse-O-Matic WordPress plugin before 1.8.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admi CVE project by @Sn0wAlice Create: 2023-01-31 05:54:45 +0000 UTC Push: 2023-01-31 05:54:47 +0000 UTC |

Live-Hack-CVE/CVE-2022-4542 The Compact WP Audio Player WordPress plugin before 1.9.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such CVE project by @Sn0wAlice Create: 2023-01-31 05:54:41 +0000 UTC Push: 2023-01-31 05:54:44 +0000 UTC |

Live-Hack-CVE/CVE-2017-2786 A denial of service vulnerability exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to an out of bounds read causing a crash and a denial of service. CVE project by @Sn0wAlice Create: 2023-01-31 05:54:38 +0000 UTC Push: 2023-01-31 05:54:40 +0000 UTC |

Live-Hack-CVE/CVE-2022-4625 The Login Logout Menu WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as adm CVE project by @Sn0wAlice Create: 2023-01-31 05:54:34 +0000 UTC Push: 2023-01-31 05:54:36 +0000 UTC |

Live-Hack-CVE/CVE-2016-8339 A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to CVE project by @Sn0wAlice Create: 2023-01-31 05:54:30 +0000 UTC Push: 2023-01-31 05:54:33 +0000 UTC |

Live-Hack-CVE/CVE-2020-7588 A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All CVE project by @Sn0wAlice Create: 2023-01-31 05:54:27 +0000 UTC Push: 2023-01-31 05:54:29 +0000 UTC |

Live-Hack-CVE/CVE-2020-7587 A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All CVE project by @Sn0wAlice Create: 2023-01-31 05:54:23 +0000 UTC Push: 2023-01-31 05:54:26 +0000 UTC |

Live-Hack-CVE/CVE-2022-4650 The HashBar WordPress plugin before 1.3.6 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. CVE project by @Sn0wAlice Create: 2023-01-31 05:54:20 +0000 UTC Push: 2023-01-31 05:54:22 +0000 UTC |

Live-Hack-CVE/CVE-2020-7581 A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC Notifier Se CVE project by @Sn0wAlice Create: 2023-01-31 05:54:16 +0000 UTC Push: 2023-01-31 05:54:18 +0000 UTC |

Live-Hack-CVE/CVE-2019-14861 All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS part CVE project by @Sn0wAlice Create: 2023-01-31 05:54:12 +0000 UTC Push: 2023-01-31 05:54:15 +0000 UTC |

Live-Hack-CVE/CVE-2019-1458 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. CVE project by @Sn0wAlice Create: 2023-01-31 05:54:08 +0000 UTC Push: 2023-01-31 05:54:11 +0000 UTC |