Live-Hack-CVE/CVE-2020-14967 An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending '\0' bytes to ciphertexts (it decrypts modified ciphertexts without error). An attacker might prepend these bytes with the goal of triggering mem CVE project by @Sn0wAlice Create: 2023-01-28 10:02:57 +0000 UTC Push: 2023-01-28 10:02:59 +0000 UTC |

Live-Hack-CVE/CVE-2020-17366 An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation ".roa" files or X509 Certificate Revocation List files from th CVE project by @Sn0wAlice Create: 2023-01-28 07:53:13 +0000 UTC Push: 2023-01-28 07:53:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-48107 D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /setnetworksettings/IPAddress. This vulnerability allows attackers to escalate privileges to root via a crafted payload. CVE project by @Sn0wAlice Create: 2023-01-28 07:53:09 +0000 UTC Push: 2023-01-28 07:53:11 +0000 UTC |

Live-Hack-CVE/CVE-2023-0555 The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those actions intended for admini CVE project by @Sn0wAlice Create: 2023-01-28 07:53:06 +0000 UTC Push: 2023-01-28 07:53:08 +0000 UTC |

Live-Hack-CVE/CVE-2023-0554 The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to update menu items, via forged request granted they can tri CVE project by @Sn0wAlice Create: 2023-01-28 07:53:02 +0000 UTC Push: 2023-01-28 07:53:04 +0000 UTC |

Live-Hack-CVE/CVE-2023-0553 The Quick Restaurant Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, CVE project by @Sn0wAlice Create: 2023-01-28 07:52:59 +0000 UTC Push: 2023-01-28 07:53:01 +0000 UTC |

Live-Hack-CVE/CVE-2023-0550 The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu item. This makes it poss CVE project by @Sn0wAlice Create: 2023-01-28 07:52:56 +0000 UTC Push: 2023-01-28 07:52:58 +0000 UTC |

Live-Hack-CVE/CVE-2022-48108 D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to escalate privileges to root via a crafted payload. CVE project by @Sn0wAlice Create: 2023-01-28 07:52:52 +0000 UTC Push: 2023-01-28 07:52:54 +0000 UTC |

Live-Hack-CVE/CVE-2022-39380 Wire web-app is part of Wire communications. Versions prior to 2022-11-02 are subject to Improper Handling of Exceptional Conditions. In the wire-webapp, certain combinations of Markdown formatting can trigger an unhandled error in the conversion to HTML representation. The error makes it impossible to display the affe CVE project by @Sn0wAlice Create: 2023-01-28 07:52:49 +0000 UTC Push: 2023-01-28 07:52:51 +0000 UTC |

Live-Hack-CVE/CVE-2019-25053 A path traversal vulnerability exists in Sage FRP 1000 before November 2019. This allows remote unauthenticated attackers to access files outside of the web tree via a crafted URL. CVE project by @Sn0wAlice Create: 2023-01-28 07:52:45 +0000 UTC Push: 2023-01-28 07:52:47 +0000 UTC |

Live-Hack-CVE/CVE-2023-0558 The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to execute functions intended for use by users with proper API keys. CVE project by @Sn0wAlice Create: 2023-01-28 07:52:41 +0000 UTC Push: 2023-01-28 07:52:43 +0000 UTC |

Live-Hack-CVE/CVE-2023-0557 The ContentStudio plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.5. This could allow unauthenticated attackers to obtain a nonce needed for the creation of posts. CVE project by @Sn0wAlice Create: 2023-01-28 07:52:37 +0000 UTC Push: 2023-01-28 07:52:39 +0000 UTC |

Live-Hack-CVE/CVE-2023-0556 The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to obtain the blog metadata (via the function cstu_get_metadata) that includes the plugin's co CVE project by @Sn0wAlice Create: 2023-01-28 07:52:34 +0000 UTC Push: 2023-01-28 07:52:36 +0000 UTC |

Live-Hack-CVE/CVE-2022-4255 An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload. CVE project by @Sn0wAlice Create: 2023-01-28 07:52:30 +0000 UTC Push: 2023-01-28 07:52:33 +0000 UTC |

Live-Hack-CVE/CVE-2022-4205 In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash. CVE project by @Sn0wAlice Create: 2023-01-28 07:52:27 +0000 UTC Push: 2023-01-28 07:52:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-4201 A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner. CVE project by @Sn0wAlice Create: 2023-01-28 07:52:23 +0000 UTC Push: 2023-01-28 07:52:26 +0000 UTC |

Live-Hack-CVE/CVE-2022-46968 A stored cross-site scripting (XSS) vulnerability in /index.php?page=help of Revenue Collection System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into sent messages. CVE project by @Sn0wAlice Create: 2023-01-28 07:52:20 +0000 UTC Push: 2023-01-28 07:52:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-43980 There is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing functionality. An attacker could modify a network map, including on purpose the name of an XSS payload. Once created, if a user with admin privileges clicks on the edited network maps, the XSS payload will be executed. CVE project by @Sn0wAlice Create: 2023-01-28 07:52:17 +0000 UTC Push: 2023-01-28 07:52:19 +0000 UTC |

Live-Hack-CVE/CVE-2022-43979 There is a Path Traversal that leads to a Local File Inclusion in Pandora FMS v764. A function is called to check that the parameter that the user has inserted does not contain malicious characteres, but this check is insufficient. An attacker could insert an absolute path to overcome the heck, thus being able to inclu CVE project by @Sn0wAlice Create: 2023-01-28 07:52:13 +0000 UTC Push: 2023-01-28 07:52:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-43978 There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid session when he is not trying to do a login. Since the secret is static in generatePublicHash function, an attacker with knowledge of a valid session can abuse this in order to pass the authenticati CVE project by @Sn0wAlice Create: 2023-01-28 07:52:10 +0000 UTC Push: 2023-01-28 07:52:12 +0000 UTC |