Live-Hack-CVE/CVE-2022-4878 A vulnerability classified as critical has been found in JATOS. Affected is the function ZipUtil of the file modules/common/app/utils/common/ZipUtil.java of the component ZIP Handler. The manipulation leads to path traversal. Upgrading to version 3.7.5-alpha is able to address this issue. The name of the patch is 2b425 CVE project by @Sn0wAlice Create: 2023-01-06 19:40:41 +0000 UTC Push: 2023-01-06 19:40:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-45935 Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions. CVE project by @Sn0wAlice Create: 2023-01-06 19:40:36 +0000 UTC Push: 2023-01-06 19:40:39 +0000 UTC |

Live-Hack-CVE/CVE-2022-45787 Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or later. CVE project by @Sn0wAlice Create: 2023-01-06 19:40:33 +0000 UTC Push: 2023-01-06 19:40:35 +0000 UTC |

Live-Hack-CVE/CVE-2016-15011 A vulnerability classified as problematic was found in e-Contract dssp up to 1.3.1. Affected by this vulnerability is the function checkSignResponse of the file dssp-client/src/main/java/be/e_contract/dssp/client/SignResponseVerifier.java. The manipulation leads to xml external entity reference. Upgrading to version 1. CVE project by @Sn0wAlice Create: 2023-01-06 19:40:28 +0000 UTC Push: 2023-01-06 19:40:31 +0000 UTC |

Live-Hack-CVE/CVE-2015-10016 A vulnerability, which was classified as critical, has been found in jeff-kelley opensim-utils. Affected by this issue is the function DatabaseForRegion of the file regionscrits.php. The manipulation of the argument region leads to sql injection. The name of the patch is c29e5c729a833a29dbf5b1e505a0553fe154575e. It is CVE project by @Sn0wAlice Create: 2023-01-06 19:40:24 +0000 UTC Push: 2023-01-06 19:40:27 +0000 UTC |

Live-Hack-CVE/CVE-2014-125046 A vulnerability, which was classified as critical, was found in Seiji42 cub-scout-tracker. This affects an unknown part of the file databaseAccessFunctions.js. The manipulation leads to sql injection. The name of the patch is b4bc1a328b1f59437db159f9d136d9ed15707e31. It is recommended to apply a patch to fix this issue CVE project by @Sn0wAlice Create: 2023-01-06 19:40:19 +0000 UTC Push: 2023-01-06 19:40:23 +0000 UTC |

Live-Hack-CVE/CVE-2020-36564 Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid. CVE project by @Sn0wAlice Create: 2023-01-06 14:14:26 +0000 UTC Push: 2023-01-06 14:14:29 +0000 UTC |

Live-Hack-CVE/CVE-2020-36561 Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory. CVE project by @Sn0wAlice Create: 2023-01-06 14:14:22 +0000 UTC Push: 2023-01-06 14:14:24 +0000 UTC |

Live-Hack-CVE/CVE-2021-4235 Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector. CVE project by @Sn0wAlice Create: 2023-01-06 14:14:17 +0000 UTC Push: 2023-01-06 14:14:21 +0000 UTC |

Live-Hack-CVE/CVE-2020-36569 Authentication is globally bypassed in github.com/nanobox-io/golang-nanoauth between v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896 if ListenAndServe is called with an empty token. CVE project by @Sn0wAlice Create: 2023-01-06 14:14:13 +0000 UTC Push: 2023-01-06 14:14:16 +0000 UTC |

Live-Hack-CVE/CVE-2021-4239 The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 (~18.4 quintillion) messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to be encrypted with the CVE project by @Sn0wAlice Create: 2023-01-06 14:14:09 +0000 UTC Push: 2023-01-06 14:14:12 +0000 UTC |

Live-Hack-CVE/CVE-2022-46442 dedecms <=V5.7.102 is vulnerable to SQL Injection. In sys_ sql_ n query.php there are no restrictions on the sql query. CVE project by @Sn0wAlice Create: 2023-01-06 14:14:05 +0000 UTC Push: 2023-01-06 14:14:08 +0000 UTC |

Live-Hack-CVE/CVE-2022-4822 A vulnerability, which was classified as problematic, has been found in FlatPress. This issue affects some unknown processing of the file setup/lib/main.lib.php of the component Setup. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 5f23b4c2eac294cc0ba5e541 CVE project by @Sn0wAlice Create: 2023-01-06 14:13:59 +0000 UTC Push: 2023-01-06 14:14:00 +0000 UTC |

Live-Hack-CVE/CVE-2022-4821 A vulnerability classified as problematic was found in FlatPress. This vulnerability affects the function onupload of the file admin/panels/uploader/admin.uploader.php of the component XML File Handler/MD File Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the CVE project by @Sn0wAlice Create: 2023-01-06 14:13:54 +0000 UTC Push: 2023-01-06 14:13:57 +0000 UTC |

Live-Hack-CVE/CVE-2022-4820 A vulnerability classified as problematic has been found in FlatPress. This affects an unknown part of the file admin/panels/entry/admin.entry.list.php of the component Admin Area. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is 229752b51025e67837 CVE project by @Sn0wAlice Create: 2023-01-06 14:13:51 +0000 UTC Push: 2023-01-06 14:13:53 +0000 UTC |

Live-Hack-CVE/CVE-2022-4819 A vulnerability was found in HotCRP. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is d4ffdb0ef806453c54ddca7fdda3e5c60356285c. It is recommended to apply a patch to fix t CVE project by @Sn0wAlice Create: 2023-01-06 14:13:47 +0000 UTC Push: 2023-01-06 14:13:49 +0000 UTC |

Live-Hack-CVE/CVE-2020-36636 A vulnerability classified as problematic has been found in OpenMRS Admin UI Module up to 1.4.x. Affected is the function sendErrorMessage of the file omod/src/main/java/org/openmrs/module/adminui/page/controller/systemadmin/accounts/AccountPageController.java of the component Account Setup Handler. The manipulation le CVE project by @Sn0wAlice Create: 2023-01-06 14:13:42 +0000 UTC Push: 2023-01-06 14:13:45 +0000 UTC |

Live-Hack-CVE/CVE-2021-4291 A vulnerability was found in OpenMRS Admin UI Module up to 1.5.x. It has been declared as problematic. This vulnerability affects unknown code of the file omod/src/main/webapp/pages/metadata/locations/location.gsp. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to versio CVE project by @Sn0wAlice Create: 2023-01-06 14:13:38 +0000 UTC Push: 2023-01-06 14:13:41 +0000 UTC |

Live-Hack-CVE/CVE-2015-5521 Cross-site scripting (XSS) vulnerability in BlackCat CMS 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the name in a new group to backend/groups/index.php. CVE project by @Sn0wAlice Create: 2023-01-06 14:13:34 +0000 UTC Push: 2023-01-06 14:13:37 +0000 UTC |

Live-Hack-CVE/CVE-2022-25923 Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess() functionality due to improper user-input sanitization. CVE project by @Sn0wAlice Create: 2023-01-06 14:13:29 +0000 UTC Push: 2023-01-06 14:13:32 +0000 UTC |