Live-Hack-CVE/CVE-2018-3899 An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans_info call can overwrite a buffer of size 0x104, which is more than enough to overflow the return addre CVE project by @Sn0wAlice Create: 2023-02-02 14:21:48 +0000 UTC Push: 2023-02-02 14:21:50 +0000 UTC |

Live-Hack-CVE/CVE-2018-3898 An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans_info call can overwrite a buffer of size 0x104, which is more than enough to overflow the return addre CVE project by @Sn0wAlice Create: 2023-02-02 14:21:44 +0000 UTC Push: 2023-02-02 14:21:47 +0000 UTC |

Live-Hack-CVE/CVE-2018-3891 An exploitable firmware downgrade vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw, resulting in a firmware downgrade. An attacker can insert an SD card to trigger this vulnerability. CVE project by @Sn0wAlice Create: 2023-02-02 14:21:41 +0000 UTC Push: 2023-02-02 14:21:43 +0000 UTC |

Live-Hack-CVE/CVE-2018-3888 A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code executio CVE project by @Sn0wAlice Create: 2023-02-02 14:21:37 +0000 UTC Push: 2023-02-02 14:21:39 +0000 UTC |

Live-Hack-CVE/CVE-2018-3887 A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code executio CVE project by @Sn0wAlice Create: 2023-02-02 14:21:22 +0000 UTC Push: 2023-02-02 14:21:23 +0000 UTC |

Live-Hack-CVE/CVE-2018-3981 An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. CVE project by @Sn0wAlice Create: 2023-02-02 14:21:18 +0000 UTC Push: 2023-02-02 14:21:21 +0000 UTC |

Live-Hack-CVE/CVE-2019-19746 make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. CVE project by @Sn0wAlice Create: 2023-02-02 14:21:15 +0000 UTC Push: 2023-02-02 14:21:17 +0000 UTC |

Live-Hack-CVE/CVE-2019-7004 A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not evaluated. CVE project by @Sn0wAlice Create: 2023-02-02 14:21:11 +0000 UTC Push: 2023-02-02 14:21:13 +0000 UTC |

Live-Hack-CVE/CVE-2019-19649 Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function. CVE project by @Sn0wAlice Create: 2023-02-02 14:21:08 +0000 UTC Push: 2023-02-02 14:21:10 +0000 UTC |

Live-Hack-CVE/CVE-2018-1386 IBM Tivoli Workload Automation for AIX (IBM Workload Scheduler 8.6, 9.1, 9.2, 9.3, and 9.4) contains directories with improper permissions that could allow a local user to with special access to gain root privileges. IBM X-Force ID: 138208. CVE project by @Sn0wAlice Create: 2023-02-02 14:21:04 +0000 UTC Push: 2023-02-02 14:21:07 +0000 UTC |

Live-Hack-CVE/CVE-2019-19722 In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient. CVE project by @Sn0wAlice Create: 2023-02-02 14:21:01 +0000 UTC Push: 2023-02-02 14:21:03 +0000 UTC |

Live-Hack-CVE/CVE-2023-25015 Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF. CVE project by @Sn0wAlice Create: 2023-02-02 14:20:56 +0000 UTC Push: 2023-02-02 14:20:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-0599 Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another Metasploit Pro user using CVE project by @Sn0wAlice Create: 2023-02-02 09:50:12 +0000 UTC Push: 2023-02-02 09:50:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-37034 In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting the dotCMS server to download a large file. If done repeatedly, this will result in Tomcat request-thread exhaustion and ultimately a denial of any other requests. CVE project by @Sn0wAlice Create: 2023-02-02 09:50:09 +0000 UTC Push: 2023-02-02 09:50:11 +0000 UTC |

Live-Hack-CVE/CVE-2023-25012 The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long. CVE project by @Sn0wAlice Create: 2023-02-02 09:50:01 +0000 UTC Push: 2023-02-02 09:50:04 +0000 UTC |

imbas007/Atlassian-Bitbucket-CVE-2022-36804 Create: 2023-02-02 09:37:37 +0000 UTC Push: 2023-02-02 09:37:37 +0000 UTC |

Live-Hack-CVE/CVE-2022-3083 All versions of Landis+Gyr E850 (ZMQ200) are vulnerable to CWE-784: Reliance on Cookies Without Validation and Integrity. The device's web application navigation depends on the value of the session cookie. The web application could become inaccessible for the user if an attacker changes the cookie values. CVE project by @Sn0wAlice Create: 2023-02-02 07:40:04 +0000 UTC Push: 2023-02-02 07:40:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-31364 Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is lower_transport_layer_on_seg. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerabilit CVE project by @Sn0wAlice Create: 2023-02-02 07:40:01 +0000 UTC Push: 2023-02-02 07:40:03 +0000 UTC |

Live-Hack-CVE/CVE-2022-31363 Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is pb_transport_handle_frag_. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability t CVE project by @Sn0wAlice Create: 2023-02-02 07:39:57 +0000 UTC Push: 2023-02-02 07:39:59 +0000 UTC |

Live-Hack-CVE/CVE-2022-30904 In Bestechnic Bluetooth Mesh SDK (BES2300) V1.0, a buffer overflow vulnerability can be triggered during provisioning, because there is no check for the SegN field of the Transaction Start PDU. CVE project by @Sn0wAlice Create: 2023-02-02 07:39:54 +0000 UTC Push: 2023-02-02 07:39:56 +0000 UTC |