Live-Hack-CVE/CVE-2022-39813 Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under NMSCIWebGui/j_security_check via the j_username parameter, or NMSCIWebGui/actloglineview.jsp via the name or actLine parameter. An attacker leveraging this vulnerability could inject arbitrary JavaScript. The payload would then be tr CVE project by @Sn0wAlice Create: 2023-01-28 07:52:06 +0000 UTC Push: 2023-01-28 07:52:08 +0000 UTC |

Live-Hack-CVE/CVE-2022-39812 Italtel NetMatch-S CI 5.2.0-20211008 allows Absolute Path Traversal under NMSCI-WebGui/SaveFileUploader. An unauthenticated user can upload files to an arbitrary path. An attacker can change the uploadDir parameter in a POST request (not possible using the GUI) to an arbitrary directory. Because the application does no CVE project by @Sn0wAlice Create: 2023-01-28 07:52:03 +0000 UTC Push: 2023-01-28 07:52:05 +0000 UTC |

Live-Hack-CVE/CVE-2022-39811 Italtel NetMatch-S CI 5.2.0-20211008 has incorrect Access Control under NMSCI-WebGui/advancedsettings.jsp and NMSCIWebGui/SaveFileUploader. By not verifying permissions for access to resources, it allows an attacker to view pages that are not allowed, and modify the system configuration, bypassing all controls (without CVE project by @Sn0wAlice Create: 2023-01-28 07:51:59 +0000 UTC Push: 2023-01-28 07:52:01 +0000 UTC |

Live-Hack-CVE/CVE-2022-48116 AyaCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/tpl_edit.inc.php. CVE project by @Sn0wAlice Create: 2023-01-28 05:41:14 +0000 UTC Push: 2023-01-28 05:41:16 +0000 UTC |

Live-Hack-CVE/CVE-2022-32952 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CVE project by @Sn0wAlice Create: 2023-01-28 05:41:10 +0000 UTC Push: 2023-01-28 05:41:13 +0000 UTC |

Live-Hack-CVE/CVE-2022-32472 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CVE project by @Sn0wAlice Create: 2023-01-28 05:41:07 +0000 UTC Push: 2023-01-28 05:41:09 +0000 UTC |

Live-Hack-CVE/CVE-2022-42400 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data CVE project by @Sn0wAlice Create: 2023-01-28 05:41:03 +0000 UTC Push: 2023-01-28 05:41:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-42399 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data CVE project by @Sn0wAlice Create: 2023-01-28 05:41:00 +0000 UTC Push: 2023-01-28 05:41:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-42407 This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. Craf CVE project by @Sn0wAlice Create: 2023-01-28 05:40:55 +0000 UTC Push: 2023-01-28 05:40:57 +0000 UTC |

Live-Hack-CVE/CVE-2022-42406 This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. Craf CVE project by @Sn0wAlice Create: 2023-01-28 05:40:50 +0000 UTC Push: 2023-01-28 05:40:53 +0000 UTC |

Live-Hack-CVE/CVE-2022-42405 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. The issue re CVE project by @Sn0wAlice Create: 2023-01-28 05:40:47 +0000 UTC Push: 2023-01-28 05:40:49 +0000 UTC |

Live-Hack-CVE/CVE-2022-42403 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue re CVE project by @Sn0wAlice Create: 2023-01-28 05:40:43 +0000 UTC Push: 2023-01-28 05:40:46 +0000 UTC |

Live-Hack-CVE/CVE-2020-14073 XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScript code. This can be exploited against any user with View Maps or Edit Maps access. CVE project by @Sn0wAlice Create: 2023-01-28 05:40:38 +0000 UTC Push: 2023-01-28 05:40:41 +0000 UTC |

Live-Hack-CVE/CVE-2019-13033 In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload the data of additional sc CVE project by @Sn0wAlice Create: 2023-01-28 05:40:35 +0000 UTC Push: 2023-01-28 05:40:37 +0000 UTC |

Live-Hack-CVE/CVE-2019-17637 In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06), XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences. CVE project by @Sn0wAlice Create: 2023-01-28 05:40:31 +0000 UTC Push: 2023-01-28 05:40:33 +0000 UTC |

Live-Hack-CVE/CVE-2020-8559 The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise. CVE project by @Sn0wAlice Create: 2023-01-28 05:40:28 +0000 UTC Push: 2023-01-28 05:40:30 +0000 UTC |

Live-Hack-CVE/CVE-2020-8557 The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If CVE project by @Sn0wAlice Create: 2023-01-28 05:40:24 +0000 UTC Push: 2023-01-28 05:40:26 +0000 UTC |

Live-Hack-CVE/CVE-2020-16207 Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by opening specially crafted project files that may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. CVE project by @Sn0wAlice Create: 2023-01-28 05:40:20 +0000 UTC Push: 2023-01-28 05:40:22 +0000 UTC |

Live-Hack-CVE/CVE-2020-17446 asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder. CVE project by @Sn0wAlice Create: 2023-01-28 05:40:16 +0000 UTC Push: 2023-01-28 05:40:18 +0000 UTC |

Live-Hack-CVE/CVE-2020-15689 Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service. CVE project by @Sn0wAlice Create: 2023-01-28 05:40:12 +0000 UTC Push: 2023-01-28 05:40:15 +0000 UTC |