Live-Hack-CVE/CVE-2021-3643 A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information. CVE project by @Sn0wAlice Create: 2023-02-05 02:00:43 +0000 UTC Push: 2023-02-05 02:00:45 +0000 UTC |

Live-Hack-CVE/CVE-2023-0678 Improper Authorization in GitHub repository phpipam/phpipam prior to v1.5.1. CVE project by @Sn0wAlice Create: 2023-02-04 23:50:30 +0000 UTC Push: 2023-02-04 23:50:32 +0000 UTC |

Live-Hack-CVE/CVE-2023-0677 Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1. CVE project by @Sn0wAlice Create: 2023-02-04 23:50:27 +0000 UTC Push: 2023-02-04 23:50:29 +0000 UTC |

Live-Hack-CVE/CVE-2023-0676 Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1. CVE project by @Sn0wAlice Create: 2023-02-04 23:50:23 +0000 UTC Push: 2023-02-04 23:50:25 +0000 UTC |

PyterSmithDarkGhost/CVE-2023-21608-EXPLOIT Create: 2023-02-04 22:44:19 +0000 UTC Push: 2023-02-04 22:44:19 +0000 UTC |

Live-Hack-CVE/CVE-2023-0663 A vulnerability was found in Calendar Event Management System 2.3.0. It has been rated as critical. This issue affects some unknown processing of the component Login Page. The manipulation of the argument name/pwd leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public CVE project by @Sn0wAlice Create: 2023-02-04 19:26:36 +0000 UTC Push: 2023-02-04 19:26:38 +0000 UTC |

Live-Hack-CVE/CVE-2023-0675 A vulnerability, which was classified as critical, was found in Calendar Event Management System 2.3.0. This affects an unknown part. The manipulation of the argument start/end leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The ident CVE project by @Sn0wAlice Create: 2023-02-04 19:26:33 +0000 UTC Push: 2023-02-04 19:26:35 +0000 UTC |

Live-Hack-CVE/CVE-2023-0674 A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. Affected by this issue is some unknown functionality of the file /user/updatePwd of the component New Password Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been d CVE project by @Sn0wAlice Create: 2023-02-04 19:26:29 +0000 UTC Push: 2023-02-04 19:26:31 +0000 UTC |

Live-Hack-CVE/CVE-2023-0673 A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file oews/products/view_product.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The associated identifier of CVE project by @Sn0wAlice Create: 2023-02-04 19:26:26 +0000 UTC Push: 2023-02-04 19:26:28 +0000 UTC |

Live-Hack-CVE/CVE-2019-25101 A vulnerability classified as critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting. It is possible to initiate the attack remotely. Upgrading to version 1.0.11.1 CVE project by @Sn0wAlice Create: 2023-02-04 19:26:23 +0000 UTC Push: 2023-02-04 19:26:25 +0000 UTC |

Live-Hack-CVE/CVE-2018-25080 A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/session_example.php of the component Example. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated CVE project by @Sn0wAlice Create: 2023-02-04 19:26:19 +0000 UTC Push: 2023-02-04 19:26:21 +0000 UTC |

Baikuya/CVE-2022-44268-PoC CVE-2022-44268 PoC Create: 2023-02-04 18:50:20 +0000 UTC Push: 2023-02-04 18:50:21 +0000 UTC |

Live-Hack-CVE/CVE-2021-39217 OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Custom Layout enabled admin users to execute arbitrary commands via block methods. Versions 19.4.22 and 20.0.19 contain patches for this issue. CVE project by @Sn0wAlice Create: 2023-02-04 15:06:10 +0000 UTC Push: 2023-02-04 15:06:12 +0000 UTC |

Live-Hack-CVE/CVE-2022-48007 A stored cross-site scripting (XSS) vulnerability in identification.php of Piwigo v13.4.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User-Agent. CVE project by @Sn0wAlice Create: 2023-02-04 15:06:04 +0000 UTC Push: 2023-02-04 15:06:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-48008 An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file. CVE project by @Sn0wAlice Create: 2023-02-04 15:05:58 +0000 UTC Push: 2023-02-04 15:06:01 +0000 UTC |

Live-Hack-CVE/CVE-2023-24430 Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. CVE project by @Sn0wAlice Create: 2023-02-04 15:05:54 +0000 UTC Push: 2023-02-04 15:05:56 +0000 UTC |

Live-Hack-CVE/CVE-2022-48010 LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or We CVE project by @Sn0wAlice Create: 2023-02-04 15:05:51 +0000 UTC Push: 2023-02-04 15:05:53 +0000 UTC |

Live-Hack-CVE/CVE-2023-24438 A missing permission check in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. CVE project by @Sn0wAlice Create: 2023-02-04 15:05:46 +0000 UTC Push: 2023-02-04 15:05:48 +0000 UTC |

Live-Hack-CVE/CVE-2023-24429 Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extracti CVE project by @Sn0wAlice Create: 2023-02-04 15:05:43 +0000 UTC Push: 2023-02-04 15:05:45 +0000 UTC |

Live-Hack-CVE/CVE-2023-24428 A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account. CVE project by @Sn0wAlice Create: 2023-02-04 15:05:40 +0000 UTC Push: 2023-02-04 15:05:42 +0000 UTC |