Live-Hack-CVE/CVE-2019-13223 A reachable assertion in the lookup1_values function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. CVE project by @Sn0wAlice Create: 2023-02-01 09:25:39 +0000 UTC Push: 2023-02-01 09:25:41 +0000 UTC |

Live-Hack-CVE/CVE-2019-13222 An out-of-bounds read of a global buffer in the draw_line function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file. CVE project by @Sn0wAlice Create: 2023-02-01 09:25:36 +0000 UTC Push: 2023-02-01 09:25:38 +0000 UTC |

Live-Hack-CVE/CVE-2019-13219 A NULL pointer dereference in the get_window function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. CVE project by @Sn0wAlice Create: 2023-02-01 09:25:32 +0000 UTC Push: 2023-02-01 09:25:34 +0000 UTC |

Live-Hack-CVE/CVE-2019-13218 Division by zero in the predict_point function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. CVE project by @Sn0wAlice Create: 2023-02-01 09:25:28 +0000 UTC Push: 2023-02-01 09:25:31 +0000 UTC |

Live-Hack-CVE/CVE-2019-13220 Use of uninitialized stack variables in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file. CVE project by @Sn0wAlice Create: 2023-02-01 09:25:25 +0000 UTC Push: 2023-02-01 09:25:27 +0000 UTC |

Live-Hack-CVE/CVE-2018-16981 stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function. CVE project by @Sn0wAlice Create: 2023-02-01 09:25:21 +0000 UTC Push: 2023-02-01 09:25:24 +0000 UTC |

Live-Hack-CVE/CVE-2019-13217 A heap buffer overflow in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file. CVE project by @Sn0wAlice Create: 2023-02-01 09:25:18 +0000 UTC Push: 2023-02-01 09:25:20 +0000 UTC |

Live-Hack-CVE/CVE-2021-42715 An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files. CVE project by @Sn0wAlice Create: 2023-02-01 09:25:15 +0000 UTC Push: 2023-02-01 09:25:17 +0000 UTC |

Live-Hack-CVE/CVE-2021-28021 Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file. CVE project by @Sn0wAlice Create: 2023-02-01 09:25:11 +0000 UTC Push: 2023-02-01 09:25:13 +0000 UTC |

Live-Hack-CVE/CVE-2022-28041 stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. CVE project by @Sn0wAlice Create: 2023-02-01 09:25:07 +0000 UTC Push: 2023-02-01 09:25:09 +0000 UTC |

Live-Hack-CVE/CVE-2022-28042 stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode. CVE project by @Sn0wAlice Create: 2023-02-01 09:25:04 +0000 UTC Push: 2023-02-01 09:25:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-24956 Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /cha.php. CVE project by @Sn0wAlice Create: 2023-02-01 09:24:58 +0000 UTC Push: 2023-02-01 09:25:01 +0000 UTC |

Live-Hack-CVE/CVE-2023-24241 Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php. CVE project by @Sn0wAlice Create: 2023-02-01 09:24:55 +0000 UTC Push: 2023-02-01 09:24:57 +0000 UTC |

Live-Hack-CVE/CVE-2023-23924 Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `<image>` tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the `phar` URL wrapper. An attacker can exploit the vulnerability to call arbitrary URL with arbitrary CVE project by @Sn0wAlice Create: 2023-02-01 09:24:52 +0000 UTC Push: 2023-02-01 09:24:54 +0000 UTC |

Live-Hack-CVE/CVE-2023-0341 A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over the p_pcre buffer. CVE project by @Sn0wAlice Create: 2023-02-01 09:24:48 +0000 UTC Push: 2023-02-01 09:24:50 +0000 UTC |

Live-Hack-CVE/CVE-2022-48161 Easy Images v2.0 was discovered to contain an arbitrary file download vulnerability via the component /application/down.php. This vulnerability is exploited via a crafted GET request. CVE project by @Sn0wAlice Create: 2023-02-01 09:24:44 +0000 UTC Push: 2023-02-01 09:24:47 +0000 UTC |

Halcy0nic/CVE-2022-44318 Proof of concept for CVE-2022-44318 Create: 2023-02-01 09:00:33 +0000 UTC Push: 2023-02-01 09:00:34 +0000 UTC |

Halcy0nic/CVE-2022-43343 Proof of concept for (CVE-2022-43343) Create: 2023-02-01 08:33:57 +0000 UTC Push: 2023-02-01 08:33:57 +0000 UTC |

Halcy0nic/CVE-2022-44311 Proof of concept for CVE-2022-44311 Create: 2023-02-01 07:53:39 +0000 UTC Push: 2023-02-01 07:53:40 +0000 UTC |

Live-Hack-CVE/CVE-2019-4308 IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034. CVE project by @Sn0wAlice Create: 2023-02-01 07:14:32 +0000 UTC Push: 2023-02-01 07:14:35 +0000 UTC |