Live-Hack-CVE/CVE-2022-4720 Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.5. CVE project by @Sn0wAlice Create: 2023-01-05 23:53:46 +0000 UTC Push: 2023-01-05 23:53:49 +0000 UTC |

Live-Hack-CVE/CVE-2022-4723 Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.5. CVE project by @Sn0wAlice Create: 2023-01-05 23:53:41 +0000 UTC Push: 2023-01-05 23:53:44 +0000 UTC |

Live-Hack-CVE/CVE-2022-4722 Authentication Bypass by Primary Weakness in GitHub repository ikus060/rdiffweb prior to 2.5.5. CVE project by @Sn0wAlice Create: 2023-01-05 23:53:36 +0000 UTC Push: 2023-01-05 23:53:40 +0000 UTC |

Live-Hack-CVE/CVE-2022-4719 Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.5. CVE project by @Sn0wAlice Create: 2023-01-05 23:53:32 +0000 UTC Push: 2023-01-05 23:53:35 +0000 UTC |

Live-Hack-CVE/CVE-2022-4721 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository ikus060/rdiffweb prior to 2.5.5. CVE project by @Sn0wAlice Create: 2023-01-05 23:53:27 +0000 UTC Push: 2023-01-05 23:53:31 +0000 UTC |

Live-Hack-CVE/CVE-2021-4305 A vulnerability was found in Woorank robots-txt-guard. It has been rated as problematic. Affected by this issue is the function makePathPattern of the file lib/patterns.js. The manipulation of the argument pattern leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may b CVE project by @Sn0wAlice Create: 2023-01-05 21:43:22 +0000 UTC Push: 2023-01-05 21:43:25 +0000 UTC |

Live-Hack-CVE/CVE-2020-36641 A vulnerability classified as problematic was found in gturri aXMLRPC up to 1.12.0. This vulnerability affects the function ResponseParser of the file src/main/java/de/timroes/axmlrpc/ResponseParser.java. The manipulation leads to xml external entity reference. Upgrading to version 1.12.1 is able to address this issue. CVE project by @Sn0wAlice Create: 2023-01-05 21:43:16 +0000 UTC Push: 2023-01-05 21:43:20 +0000 UTC |

Live-Hack-CVE/CVE-2017-20162 A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to the pu CVE project by @Sn0wAlice Create: 2023-01-05 21:43:12 +0000 UTC Push: 2023-01-05 21:43:15 +0000 UTC |

Live-Hack-CVE/CVE-2007-10001 A vulnerability classified as problematic has been found in web-cyradm. This affects an unknown part of the file search.php. The manipulation of the argument searchstring leads to sql injection. It is recommended to apply a patch to fix this issue. The identifier VDB-217449 was assigned to this vulnerability. CVE project by @Sn0wAlice Create: 2023-01-05 21:43:07 +0000 UTC Push: 2023-01-05 21:43:10 +0000 UTC |

Live-Hack-CVE/CVE-2022-43532 A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's bro CVE project by @Sn0wAlice Create: 2023-01-05 19:33:19 +0000 UTC Push: 2023-01-05 19:33:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-43529 A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an remote attacker to persist a session after a password reset or similar session clearing event. Successful exploitation of this vulnerability could allow an authenticated attacker to remain on the system wit CVE project by @Sn0wAlice Create: 2023-01-05 19:33:16 +0000 UTC Push: 2023-01-05 19:33:18 +0000 UTC |

Live-Hack-CVE/CVE-2022-43522 Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify s CVE project by @Sn0wAlice Create: 2023-01-05 19:33:12 +0000 UTC Push: 2023-01-05 19:33:14 +0000 UTC |

Live-Hack-CVE/CVE-2022-22371 IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 221195. CVE project by @Sn0wAlice Create: 2023-01-05 19:33:07 +0000 UTC Push: 2023-01-05 19:33:11 +0000 UTC |

Live-Hack-CVE/CVE-2021-25223 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. CVE project by @Sn0wAlice Create: 2023-01-05 19:33:02 +0000 UTC Push: 2023-01-05 19:33:06 +0000 UTC |

Live-Hack-CVE/CVE-2021-25222 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. CVE project by @Sn0wAlice Create: 2023-01-05 19:32:58 +0000 UTC Push: 2023-01-05 19:33:01 +0000 UTC |

Live-Hack-CVE/CVE-2022-45857 An incorrect user management vulnerability [CWE-286] in the FortiManager version 6.4.6 and below VDOM creation component may allow an attacker to access a FortiGate without a password via newly created VDOMs after the super_admin account is deleted. CVE project by @Sn0wAlice Create: 2023-01-05 19:32:53 +0000 UTC Push: 2023-01-05 19:32:56 +0000 UTC |

Live-Hack-CVE/CVE-2019-25098 A vulnerability was found in soerennb eXtplorer up to 2.1.12. It has been classified as critical. This affects an unknown part of the file include/archive.php of the component Archive Handler. The manipulation leads to path traversal. Upgrading to version 2.1.13 is able to address this issue. The name of the patch is b CVE project by @Sn0wAlice Create: 2023-01-05 19:32:50 +0000 UTC Push: 2023-01-05 19:32:52 +0000 UTC |

Live-Hack-CVE/CVE-2019-25095 A vulnerability, which was classified as problematic, was found in kakwa LdapCherry up to 0.x. Affected is an unknown function of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The name of CVE project by @Sn0wAlice Create: 2023-01-05 19:32:46 +0000 UTC Push: 2023-01-05 19:32:49 +0000 UTC |

Live-Hack-CVE/CVE-2023-22626 PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. (Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server.) CVE project by @Sn0wAlice Create: 2023-01-05 19:32:41 +0000 UTC Push: 2023-01-05 19:32:44 +0000 UTC |

Live-Hack-CVE/CVE-2022-47523 Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection. CVE project by @Sn0wAlice Create: 2023-01-05 19:32:37 +0000 UTC Push: 2023-01-05 19:32:40 +0000 UTC |