Live-Hack-CVE/CVE-2022-25881 This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library. CVE project by @Sn0wAlice Create: 2023-01-31 14:47:40 +0000 UTC Push: 2023-01-31 14:47:42 +0000 UTC |

Live-Hack-CVE/CVE-2022-21129 Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. **Note:** In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies. CVE project by @Sn0wAlice Create: 2023-01-31 14:47:37 +0000 UTC Push: 2023-01-31 14:47:39 +0000 UTC |

Live-Hack-CVE/CVE-2022-32517 A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames on external addresses. CVE project by @Sn0wAlice Create: 2023-01-31 10:17:30 +0000 UTC Push: 2023-01-31 10:17:33 +0000 UTC |

Live-Hack-CVE/CVE-2022-48175 Rukovoditel v3.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request. CVE project by @Sn0wAlice Create: 2023-01-31 10:17:27 +0000 UTC Push: 2023-01-31 10:17:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-32514 A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to gain control of the device when logging into a web page. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Versions prior to V1.10.0 CVE project by @Sn0wAlice Create: 2023-01-31 10:17:24 +0000 UTC Push: 2023-01-31 10:17:26 +0000 UTC |

Live-Hack-CVE/CVE-2022-32748 A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise other devices in the ne CVE project by @Sn0wAlice Create: 2023-01-31 10:17:19 +0000 UTC Push: 2023-01-31 10:17:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-32747 A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2) CVE project by @Sn0wAlice Create: 2023-01-31 10:17:15 +0000 UTC Push: 2023-01-31 10:17:18 +0000 UTC |

Live-Hack-CVE/CVE-2022-32512 A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause remote code execution when a command which exploits this vulnerability is utilized. Affected Products: CanBRASS (Versions prior to V7.5.1) CVE project by @Sn0wAlice Create: 2023-01-31 10:17:12 +0000 UTC Push: 2023-01-31 10:17:14 +0000 UTC |

Live-Hack-CVE/CVE-2022-32529 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted log data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0. CVE project by @Sn0wAlice Create: 2023-01-31 10:17:08 +0000 UTC Push: 2023-01-31 10:17:11 +0000 UTC |

Live-Hack-CVE/CVE-2022-32528 A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause access to manipulate and read files in the IGSS project report directory when an attacker sends specific messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170) CVE project by @Sn0wAlice Create: 2023-01-31 10:17:05 +0000 UTC Push: 2023-01-31 10:17:07 +0000 UTC |

Live-Hack-CVE/CVE-2022-22732 A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) supplied by the server when an attacker sends a fetch request from third-party site or malicious site. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22) CVE project by @Sn0wAlice Create: 2023-01-31 10:17:01 +0000 UTC Push: 2023-01-31 10:17:04 +0000 UTC |

Live-Hack-CVE/CVE-2022-32527 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm cache data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0. CVE project by @Sn0wAlice Create: 2023-01-31 10:16:58 +0000 UTC Push: 2023-01-31 10:17:00 +0000 UTC |

Live-Hack-CVE/CVE-2022-22731 A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in a function that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause path traversal attacks. Affected Products: EcoStruxure Pow CVE project by @Sn0wAlice Create: 2023-01-31 10:16:55 +0000 UTC Push: 2023-01-31 10:16:57 +0000 UTC |

Live-Hack-CVE/CVE-2022-32526 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted setting value messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.221 CVE project by @Sn0wAlice Create: 2023-01-31 10:16:51 +0000 UTC Push: 2023-01-31 10:16:53 +0000 UTC |

Live-Hack-CVE/CVE-2022-0223 A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause unauthenticated code execution. Affected Products: EcoStruxure Power Com CVE project by @Sn0wAlice Create: 2023-01-31 10:16:48 +0000 UTC Push: 2023-01-31 10:16:50 +0000 UTC |

Live-Hack-CVE/CVE-2022-32525 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170) CVE project by @Sn0wAlice Create: 2023-01-31 10:16:44 +0000 UTC Push: 2023-01-31 10:16:47 +0000 UTC |

Live-Hack-CVE/CVE-2022-32524 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted time reduced data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0 CVE project by @Sn0wAlice Create: 2023-01-31 10:16:41 +0000 UTC Push: 2023-01-31 10:16:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-32522 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted mathematically reduced data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Version CVE project by @Sn0wAlice Create: 2023-01-31 10:16:37 +0000 UTC Push: 2023-01-31 10:16:40 +0000 UTC |

Live-Hack-CVE/CVE-2022-32521 A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server. Affected Products: Data Center Expert (Versions prior to V7.9.0) CVE project by @Sn0wAlice Create: 2023-01-31 10:16:34 +0000 UTC Push: 2023-01-31 10:16:36 +0000 UTC |

Live-Hack-CVE/CVE-2022-32520 A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32518. Affected Products: Data Center Expert (Versions prior to V7.9.0) CVE project by @Sn0wAlice Create: 2023-01-31 10:16:31 +0000 UTC Push: 2023-01-31 10:16:31 +0000 UTC |