Live-Hack-CVE/CVE-2022-43976 An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. Direct access to the API is possible on TCP port 8888 via programs located in the cgi-bin folder without any authentication. CVE project by @Sn0wAlice Create: 2023-01-27 02:04:59 +0000 UTC Push: 2023-01-27 02:05:01 +0000 UTC |

Live-Hack-CVE/CVE-2022-43977 An issue was discovered on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. The debug port accessible via TCP (a qconn service) lacks access control. CVE project by @Sn0wAlice Create: 2023-01-27 02:04:55 +0000 UTC Push: 2023-01-27 02:04:57 +0000 UTC |

Live-Hack-CVE/CVE-2023-0296 The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port (9979) on etcd grp CVE project by @Sn0wAlice Create: 2023-01-27 02:04:51 +0000 UTC Push: 2023-01-27 02:04:54 +0000 UTC |

Live-Hack-CVE/CVE-2014-2383 dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter. CVE project by @Sn0wAlice Create: 2023-01-27 02:04:46 +0000 UTC Push: 2023-01-27 02:04:48 +0000 UTC |

Live-Hack-CVE/CVE-2022-48126 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the username parameter in the setting/setOpenVpnCertGenerationCfg function. CVE project by @Sn0wAlice Create: 2023-01-27 02:04:38 +0000 UTC Push: 2023-01-27 02:04:40 +0000 UTC |

Live-Hack-CVE/CVE-2022-48122 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function. CVE project by @Sn0wAlice Create: 2023-01-27 02:04:34 +0000 UTC Push: 2023-01-27 02:04:37 +0000 UTC |

Live-Hack-CVE/CVE-2022-48121 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function. CVE project by @Sn0wAlice Create: 2023-01-27 02:04:31 +0000 UTC Push: 2023-01-27 02:04:33 +0000 UTC |

Live-Hack-CVE/CVE-2022-48125 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGenerationCfg function. CVE project by @Sn0wAlice Create: 2023-01-27 02:04:27 +0000 UTC Push: 2023-01-27 02:04:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-48124 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function. CVE project by @Sn0wAlice Create: 2023-01-27 02:04:23 +0000 UTC Push: 2023-01-27 02:04:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-48123 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the servername parameter in the setting/delStaticDhcpRules function. CVE project by @Sn0wAlice Create: 2023-01-27 02:04:19 +0000 UTC Push: 2023-01-27 02:04:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-48191 A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowing a escalation of pri CVE project by @Sn0wAlice Create: 2023-01-27 02:04:16 +0000 UTC Push: 2023-01-27 02:04:18 +0000 UTC |

Live-Hack-CVE/CVE-2022-20964 A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system. This vulnerability is due to improper validation of user input within requests as part of the web-based management interf CVE project by @Sn0wAlice Create: 2023-01-27 02:04:12 +0000 UTC Push: 2023-01-27 02:04:15 +0000 UTC |

Relativ3Pa1n/CVE-2014-2383-LFI-to-RCE-Escalation Create: 2023-01-27 02:01:50 +0000 UTC Push: 2023-01-27 02:01:50 +0000 UTC |

Relativ3Pa1n/CVE-2014-2383-Escalation-to-RCE Create: 2023-01-27 01:26:50 +0000 UTC Push: 2023-01-27 01:26:51 +0000 UTC |

Live-Hack-CVE/CVE-2022-47917 Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to improper input validation of user input to several modules and services of the software. This could allow an attacker to delete arbitrary files and cause a denial-of-service condition. CVE project by @Sn0wAlice Create: 2023-01-26 23:55:11 +0000 UTC Push: 2023-01-26 23:55:13 +0000 UTC |

Live-Hack-CVE/CVE-2016-4223 Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2016-4224 and CVE-2016-4225. CVE project by @Sn0wAlice Create: 2023-01-26 23:55:07 +0000 UTC Push: 2023-01-26 23:55:09 +0000 UTC |

Live-Hack-CVE/CVE-2016-4224 Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2016-4223 and CVE-2016-4225. CVE project by @Sn0wAlice Create: 2023-01-26 23:55:02 +0000 UTC Push: 2023-01-26 23:55:05 +0000 UTC |

Live-Hack-CVE/CVE-2022-23521 Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing CVE project by @Sn0wAlice Create: 2023-01-26 23:54:58 +0000 UTC Push: 2023-01-26 23:55:01 +0000 UTC |

Live-Hack-CVE/CVE-2016-4225 Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2016-4223 and CVE-2016-4224. CVE project by @Sn0wAlice Create: 2023-01-26 23:54:54 +0000 UTC Push: 2023-01-26 23:54:57 +0000 UTC |

Live-Hack-CVE/CVE-2023-0396 A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses. CVE project by @Sn0wAlice Create: 2023-01-26 23:54:51 +0000 UTC Push: 2023-01-26 23:54:53 +0000 UTC |