Live-Hack-CVE/CVE-2020-15620 This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the id parameter, the process does not properly CVE project by @Sn0wAlice Create: 2023-01-25 03:50:40 +0000 UTC Push: 2023-01-25 03:50:42 +0000 UTC |

Live-Hack-CVE/CVE-2019-13359 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user. CVE project by @Sn0wAlice Create: 2023-01-25 03:50:35 +0000 UTC Push: 2023-01-25 03:50:38 +0000 UTC |

Live-Hack-CVE/CVE-2020-15422 This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When parsing the archivo parameter, the process does not properly val CVE project by @Sn0wAlice Create: 2023-01-25 03:50:32 +0000 UTC Push: 2023-01-25 03:50:34 +0000 UTC |

Live-Hack-CVE/CVE-2020-15429 This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_crons.php. When parsing the user parameter, the process does not properly validate a us CVE project by @Sn0wAlice Create: 2023-01-25 03:50:28 +0000 UTC Push: 2023-01-25 03:50:30 +0000 UTC |

Live-Hack-CVE/CVE-2020-15612 This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_ftp_manager.php. When parsing the userLogin parameter, the process does not properly va CVE project by @Sn0wAlice Create: 2023-01-25 03:50:24 +0000 UTC Push: 2023-01-25 03:50:27 +0000 UTC |

Live-Hack-CVE/CVE-2019-15235 CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an attacker to get a victim's session file name from /home/[USERNAME]/tmp/session/sess_xxxxxx, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to gain access to the victim's password (for the OS and phpMyAdmin) via an att CVE project by @Sn0wAlice Create: 2023-01-25 03:50:21 +0000 UTC Push: 2023-01-25 03:50:23 +0000 UTC |

Live-Hack-CVE/CVE-2018-18322 CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Command Injection via shell metacharacters in the admin/index.php service_start, service_restart, service_fullstatus, or service_stop parameter. CVE project by @Sn0wAlice Create: 2023-01-25 03:50:17 +0000 UTC Push: 2023-01-25 03:50:20 +0000 UTC |

Live-Hack-CVE/CVE-2018-5961 CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file. CVE project by @Sn0wAlice Create: 2023-01-25 03:50:13 +0000 UTC Push: 2023-01-25 03:50:15 +0000 UTC |

Live-Hack-CVE/CVE-2018-18772 CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command. CVE project by @Sn0wAlice Create: 2023-01-25 03:50:09 +0000 UTC Push: 2023-01-25 03:50:12 +0000 UTC |

Live-Hack-CVE/CVE-2019-7646 CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter. CVE project by @Sn0wAlice Create: 2023-01-25 03:50:05 +0000 UTC Push: 2023-01-25 03:50:08 +0000 UTC |

Live-Hack-CVE/CVE-2018-5962 index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the id parameter to the phpini_editor module or the email_address parameter to the mail_add-new module. CVE project by @Sn0wAlice Create: 2023-01-25 03:50:02 +0000 UTC Push: 2023-01-25 03:50:04 +0000 UTC |

Live-Hack-CVE/CVE-2021-31324 The unprivileged user portal part of CentOS Web Panel is affected by a Command Injection vulnerability leading to root Remote Code Execution. CVE project by @Sn0wAlice Create: 2023-01-25 03:49:58 +0000 UTC Push: 2023-01-25 03:50:00 +0000 UTC |

Live-Hack-CVE/CVE-2021-31316 The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the 'idsession' HTTP POST parameter. CVE project by @Sn0wAlice Create: 2023-01-25 03:49:55 +0000 UTC Push: 2023-01-25 03:49:57 +0000 UTC |

Live-Hack-CVE/CVE-2023-22398 An Access of Uninitialized Pointer vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). When an MPLS ping is performed on BGP LSPs, the RPD might crash. Repeated execution of t CVE project by @Sn0wAlice Create: 2023-01-25 03:49:48 +0000 UTC Push: 2023-01-25 03:49:50 +0000 UTC |

deetl/CVE-2023-24055 POC and Scanner for CVE-2023-24055 Create: 2023-01-25 03:19:23 +0000 UTC Push: 2023-01-25 03:19:23 +0000 UTC |

r3nt0n/CVE-2023-23488-PoC Unauthenticated SQL Injection - Paid Memberships Pro < 2.9.8 (WordPress Plugin) Create: 2023-01-25 02:26:10 +0000 UTC Push: 2023-01-25 02:26:10 +0000 UTC |

Live-Hack-CVE/CVE-2022-0808 Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in a series of user interaction to potentially exploit heap corruption via user interactions. CVE project by @Sn0wAlice Create: 2023-01-25 01:40:35 +0000 UTC Push: 2023-01-25 01:40:38 +0000 UTC |

Live-Hack-CVE/CVE-2021-39027 IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved. IBM X-Force ID: 213865. CVE project by @Sn0wAlice Create: 2023-01-25 01:40:29 +0000 UTC Push: 2023-01-25 01:40:32 +0000 UTC |

Live-Hack-CVE/CVE-2009-3732 Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors. CVE project by @Sn0wAlice Create: 2023-01-25 01:40:25 +0000 UTC Push: 2023-01-25 01:40:27 +0000 UTC |

Live-Hack-CVE/CVE-2014-3394 The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to bypass certificate validation via an arbitrary VeriSign certificate, aka Bug ID CSCun10916. CVE project by @Sn0wAlice Create: 2023-01-25 01:40:21 +0000 UTC Push: 2023-01-25 01:40:23 +0000 UTC |