Live-Hack-CVE/CVE-2022-32519 A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. Affected Products: Data Center Expert (Versions prior to V7.9.0) CVE project by @Sn0wAlice Create: 2023-01-31 10:16:27 +0000 UTC Push: 2023-01-31 10:16:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-32516 A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). Affected Products: Conext™ ComBox (All Versions) CVE project by @Sn0wAlice Create: 2023-01-31 10:16:23 +0000 UTC Push: 2023-01-31 10:16:26 +0000 UTC |

Live-Hack-CVE/CVE-2022-32515 A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext™ ComBox (All Versions) CVE project by @Sn0wAlice Create: 2023-01-31 10:16:19 +0000 UTC Push: 2023-01-31 10:16:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-32513 A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Version CVE project by @Sn0wAlice Create: 2023-01-31 10:16:16 +0000 UTC Push: 2023-01-31 10:16:18 +0000 UTC |

Live-Hack-CVE/CVE-2022-26117 An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI. CVE project by @Sn0wAlice Create: 2023-01-31 10:16:12 +0000 UTC Push: 2023-01-31 10:16:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-48176 Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7960P before v1.4.4.94, and R8000P before v1.4.4.94 were discovered to contain a pre-authentication stack overflow. CVE project by @Sn0wAlice Create: 2023-01-31 10:16:09 +0000 UTC Push: 2023-01-31 10:16:11 +0000 UTC |

Live-Hack-CVE/CVE-2022-45897 On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attacker can view the SMB server settings and can obtain the stored cleartext credentials associated with those settings. CVE project by @Sn0wAlice Create: 2023-01-31 10:16:05 +0000 UTC Push: 2023-01-31 10:16:07 +0000 UTC |

Live-Hack-CVE/CVE-2022-4395 The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE. CVE project by @Sn0wAlice Create: 2023-01-31 08:06:20 +0000 UTC Push: 2023-01-31 08:06:23 +0000 UTC |

Live-Hack-CVE/CVE-2023-0097 The Post Grid, Post Carousel, & List Category Posts WordPress plugin before 2.4.19 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. CVE project by @Sn0wAlice Create: 2023-01-31 08:06:17 +0000 UTC Push: 2023-01-31 08:06:19 +0000 UTC |

Live-Hack-CVE/CVE-2022-4306 The Panda Pods Repeater Field WordPress plugin before 1.5.4 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a user having at least Contributor permission. CVE project by @Sn0wAlice Create: 2023-01-31 08:06:13 +0000 UTC Push: 2023-01-31 08:06:16 +0000 UTC |

Live-Hack-CVE/CVE-2022-4680 The Revive Old Posts WordPress plugin before 9.0.11 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. CVE project by @Sn0wAlice Create: 2023-01-31 08:06:09 +0000 UTC Push: 2023-01-31 08:06:12 +0000 UTC |

Live-Hack-CVE/CVE-2022-4671 The PixCodes WordPress plugin before 2.3.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. CVE project by @Sn0wAlice Create: 2023-01-31 08:06:06 +0000 UTC Push: 2023-01-31 08:06:08 +0000 UTC |

Live-Hack-CVE/CVE-2022-4831 The Custom User Profile Fields for User Registration WordPress plugin before 1.8.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against h CVE project by @Sn0wAlice Create: 2023-01-31 08:06:01 +0000 UTC Push: 2023-01-31 08:06:05 +0000 UTC |

Live-Hack-CVE/CVE-2022-4667 The RSS Aggregator by Feedzy WordPress plugin before 4.1.1 does not validate and escape some of its block options before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as adm CVE project by @Sn0wAlice Create: 2023-01-31 08:05:58 +0000 UTC Push: 2023-01-31 08:06:00 +0000 UTC |

Live-Hack-CVE/CVE-2022-4793 The Blog Designer WordPress plugin before 2.4.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. CVE project by @Sn0wAlice Create: 2023-01-31 08:05:54 +0000 UTC Push: 2023-01-31 08:05:56 +0000 UTC |

Live-Hack-CVE/CVE-2022-4651 The Justified Gallery WordPress plugin before 1.7.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. CVE project by @Sn0wAlice Create: 2023-01-31 08:05:50 +0000 UTC Push: 2023-01-31 08:05:53 +0000 UTC |

Live-Hack-CVE/CVE-2022-4776 The CC Child Pages WordPress plugin before 1.43 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. CVE project by @Sn0wAlice Create: 2023-01-31 08:05:47 +0000 UTC Push: 2023-01-31 08:05:49 +0000 UTC |

Live-Hack-CVE/CVE-2022-4699 The MediaElement.js WordPress plugin through 4.2.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high-privilege users such as admi CVE project by @Sn0wAlice Create: 2023-01-31 08:05:43 +0000 UTC Push: 2023-01-31 08:05:45 +0000 UTC |

Live-Hack-CVE/CVE-2022-4472 The Simple Sitemap WordPress plugin before 3.5.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins CVE project by @Sn0wAlice Create: 2023-01-31 08:05:38 +0000 UTC Push: 2023-01-31 08:05:42 +0000 UTC |

Live-Hack-CVE/CVE-2022-4496 The SAML SSO Standard WordPress plugin version 16.0.0 before 16.0.8, SAML SSO Premium WordPress plugin version 12.0.0 before 12.1.0 and SAML SSO Premium Multisite WordPress plugin version 20.0.0 before 20.0.7 does not validate that the redirect parameter to its SSO login endpoint points to an internal site URL, making CVE project by @Sn0wAlice Create: 2023-01-31 08:05:35 +0000 UTC Push: 2023-01-31 08:05:37 +0000 UTC |