Live-Hack-CVE/CVE-2023-0561 A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file /user/s.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed t CVE project by @Sn0wAlice Create: 2023-01-29 03:42:55 +0000 UTC Push: 2023-01-29 03:42:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-0560 A vulnerability, which was classified as critical, has been found in SourceCodester Online Tours & Travels Management System 1.0. This issue affects some unknown processing of the file admin/practice_pdf.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit h CVE project by @Sn0wAlice Create: 2023-01-29 03:42:52 +0000 UTC Push: 2023-01-29 03:42:54 +0000 UTC |

Live-Hack-CVE/CVE-2020-16093 In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. CVE project by @Sn0wAlice Create: 2023-01-29 03:42:48 +0000 UTC Push: 2023-01-29 03:42:51 +0000 UTC |

dpbe32/CVE-2022-23935-PoC-Exploit CVE-2022-23935 exploit PoC exiftool version 12.37 Create: 2023-01-29 02:04:05 +0000 UTC Push: 2023-01-29 02:04:06 +0000 UTC |

mauricelambert/LabAutomationCVE-2021-43798 This script implements a lab automation where I exploit CVE-2021-43798 to steal user secrets and then gain privileges on a Linux system. Create: 2023-01-28 19:12:22 +0000 UTC Push: 2023-01-28 19:12:22 +0000 UTC |

Live-Hack-CVE/CVE-2020-24371 lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage. CVE project by @Sn0wAlice Create: 2023-01-28 14:35:43 +0000 UTC Push: 2023-01-28 14:35:45 +0000 UTC |

Live-Hack-CVE/CVE-2020-14947 OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mib_file in plugins/main_sections/ms_config/ms_snmp_config.php is mishandled in get_mib_oid. CVE project by @Sn0wAlice Create: 2023-01-28 14:35:39 +0000 UTC Push: 2023-01-28 14:35:41 +0000 UTC |

Live-Hack-CVE/CVE-2019-11165 Improper conditions check in the Linux kernel driver for the Intel(R) FPGA SDK for OpenCL(TM) Pro Edition before version 19.4 may allow an authenticated user to potentially enable denial of service via local access. CVE project by @Sn0wAlice Create: 2023-01-28 14:35:35 +0000 UTC Push: 2023-01-28 14:35:38 +0000 UTC |

Live-Hack-CVE/CVE-2019-10695 When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user’s username and password were exposed in the job’s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the puppetlabs/cd4pe module. CVE project by @Sn0wAlice Create: 2023-01-28 14:35:32 +0000 UTC Push: 2023-01-28 14:35:34 +0000 UTC |

Live-Hack-CVE/CVE-2019-19740 Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignID in Campaign.Get is vulnerable. CVE project by @Sn0wAlice Create: 2023-01-28 14:35:28 +0000 UTC Push: 2023-01-28 14:35:31 +0000 UTC |

Live-Hack-CVE/CVE-2023-23014 Cross Site Scripting (XSS) vulnerability in InventorySystem thru commit e08fbbe17902146313501ed0b5feba81d58f455c (on Apr 23, 2021) via edit_store_name and edit_active inputs in file InventorySystem.php. CVE project by @Sn0wAlice Create: 2023-01-28 14:35:25 +0000 UTC Push: 2023-01-28 14:35:27 +0000 UTC |

Live-Hack-CVE/CVE-2023-23010 Cross Site Scripting (XSS) vulnerability in Ecommerce-CodeIgniter-Bootstrap thru commit d5904379ca55014c5df34c67deda982c73dc7fe5 (on Dec 27, 2022), allows attackers to execute arbitrary code via the languages and trans_load parameters in file add_product.php. CVE project by @Sn0wAlice Create: 2023-01-28 14:35:21 +0000 UTC Push: 2023-01-28 14:35:23 +0000 UTC |

Live-Hack-CVE/CVE-2022-45748 An issue was discovered with assimp 5.1.4, a use after free occurred in function ColladaParser::ExtractDataObjectFromChannel in file /code/AssetLib/Collada/ColladaParser.cpp. CVE project by @Sn0wAlice Create: 2023-01-28 14:35:17 +0000 UTC Push: 2023-01-28 14:35:19 +0000 UTC |

Live-Hack-CVE/CVE-2022-47012 Use of uninitialized variable in function gen_eth_recv in GNS3 dynamips 0.2.21. CVE project by @Sn0wAlice Create: 2023-01-28 14:35:13 +0000 UTC Push: 2023-01-28 14:35:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-42410 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PGM files. Crafted data CVE project by @Sn0wAlice Create: 2023-01-28 14:35:10 +0000 UTC Push: 2023-01-28 14:35:12 +0000 UTC |

Live-Hack-CVE/CVE-2022-42409 This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Craf CVE project by @Sn0wAlice Create: 2023-01-28 14:35:06 +0000 UTC Push: 2023-01-28 14:35:08 +0000 UTC |

Live-Hack-CVE/CVE-2022-47015 MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer. CVE project by @Sn0wAlice Create: 2023-01-28 14:35:02 +0000 UTC Push: 2023-01-28 14:35:05 +0000 UTC |

Live-Hack-CVE/CVE-2023-23012 Cross Site Scripting (XSS) vulnerability in craigrodway classroombookings 2.6.4 allows attackers to execute arbitrary code or other unspecified impacts via the input bgcol in file Weeks.php. CVE project by @Sn0wAlice Create: 2023-01-28 14:34:59 +0000 UTC Push: 2023-01-28 14:35:01 +0000 UTC |

Live-Hack-CVE/CVE-2023-0101 A privilege escalation vulnerability was identified in Nessus versions 8.10.1 through 8.15.8 and 10.0.0 through 10.4.1. An authenticated attacker could potentially execute a specially crafted file to obtain root or NT AUTHORITY / SYSTEM privileges on the Nessus host. CVE project by @Sn0wAlice Create: 2023-01-28 14:34:54 +0000 UTC Push: 2023-01-28 14:34:58 +0000 UTC |

Live-Hack-CVE/CVE-2022-42417 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. Crafted data CVE project by @Sn0wAlice Create: 2023-01-28 14:34:51 +0000 UTC Push: 2023-01-28 14:34:53 +0000 UTC |