Live-Hack-CVE/CVE-2019-25097 A vulnerability was found in soerennb eXtplorer up to 2.1.12 and classified as critical. Affected by this issue is some unknown functionality of the component Directory Content Handler. The manipulation leads to path traversal. Upgrading to version 2.1.13 is able to address this issue. The name of the patch is b8fcb888 CVE project by @Sn0wAlice Create: 2023-01-05 19:32:33 +0000 UTC Push: 2023-01-05 19:32:35 +0000 UTC |

Live-Hack-CVE/CVE-2019-25096 A vulnerability has been found in soerennb eXtplorer up to 2.1.12 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.1.13 is able to address this issue. The name of the pat CVE project by @Sn0wAlice Create: 2023-01-05 19:32:28 +0000 UTC Push: 2023-01-05 19:32:31 +0000 UTC |

Live-Hack-CVE/CVE-2022-4869 A vulnerability was found in Evolution Events Artaxerxes. It has been declared as problematic. This vulnerability affects unknown code of the file arta/common/middleware.py of the component POST Parameter Handler. The manipulation of the argument password leads to information disclosure. The attack can be initiated rem CVE project by @Sn0wAlice Create: 2023-01-05 19:32:23 +0000 UTC Push: 2023-01-05 19:32:27 +0000 UTC |

Live-Hack-CVE/CVE-2021-4303 A vulnerability, which was classified as problematic, has been found in shannah Xataface up to 2.x. Affected by this issue is the function testftp of the file install/install_form.js.php of the component Installer. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version CVE project by @Sn0wAlice Create: 2023-01-05 19:32:18 +0000 UTC Push: 2023-01-05 19:32:22 +0000 UTC |

Live-Hack-CVE/CVE-2018-25064 A vulnerability was found in OSM Lab show-me-the-way. It has been rated as problematic. This issue affects some unknown processing of the file js/site.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 4bed3b34dcc01fe6661f39c0e5d2285b340f7cac. It is recomm CVE project by @Sn0wAlice Create: 2023-01-05 19:32:14 +0000 UTC Push: 2023-01-05 19:32:17 +0000 UTC |

Live-Hack-CVE/CVE-2016-15010 ** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1. Affected by this vulnerability is an unknown functionality of the component Lookup Handler. The manipulation leads to cross site scripting. The at CVE project by @Sn0wAlice Create: 2023-01-05 19:32:09 +0000 UTC Push: 2023-01-05 19:32:13 +0000 UTC |

Live-Hack-CVE/CVE-2016-15009 A vulnerability classified as problematic has been found in OpenACS bug-tracker. Affected is an unknown function of the file lib/nav-bar.adp of the component Search. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is aee43e5714cd8b697355ec3bf83ee CVE project by @Sn0wAlice Create: 2023-01-05 19:32:05 +0000 UTC Push: 2023-01-05 19:32:08 +0000 UTC |

Live-Hack-CVE/CVE-2023-0077 Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors. CVE project by @Sn0wAlice Create: 2023-01-05 19:32:00 +0000 UTC Push: 2023-01-05 19:32:03 +0000 UTC |

Live-Hack-CVE/CVE-2022-4877 A vulnerability has been found in snoyberg keter up to 1.8.1 and classified as problematic. This vulnerability affects unknown code of the file Keter/Proxy.hs. The manipulation of the argument host leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.8.2 is able to address this is CVE project by @Sn0wAlice Create: 2023-01-05 19:31:56 +0000 UTC Push: 2023-01-05 19:31:58 +0000 UTC |

Live-Hack-CVE/CVE-2022-43932 Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitrary files via unspecified vectors. CVE project by @Sn0wAlice Create: 2023-01-05 19:31:52 +0000 UTC Push: 2023-01-05 19:31:55 +0000 UTC |

Live-Hack-CVE/CVE-2021-4304 A vulnerability was found in eprintsug ulcc-core. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file cgi/toolbox/toolbox. The manipulation of the argument password leads to command injection. The attack can be launched remotely. The name of the patch is 811edaae81eb CVE project by @Sn0wAlice Create: 2023-01-05 19:31:47 +0000 UTC Push: 2023-01-05 19:31:50 +0000 UTC |

Live-Hack-CVE/CVE-2020-36640 A vulnerability, which was classified as problematic, was found in bonitasoft bonita-connector-webservice up to 1.3.0. This affects the function TransformerConfigurationException of the file src/main/java/org/bonitasoft/connectors/ws/SecureWSConnector.java. The manipulation leads to xml external entity reference. Upgra CVE project by @Sn0wAlice Create: 2023-01-05 19:31:43 +0000 UTC Push: 2023-01-05 19:31:46 +0000 UTC |

Live-Hack-CVE/CVE-2018-25065 A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags and classified as problematic. This issue affects some unknown processing of the file I18nTags_body.php of the component Unlike Parser. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is b4bc CVE project by @Sn0wAlice Create: 2023-01-05 19:31:39 +0000 UTC Push: 2023-01-05 19:31:41 +0000 UTC |

Live-Hack-CVE/CVE-2015-10013 A vulnerability was found in WebDevStudios taxonomy-switcher Plugin up to 1.0.3. It has been classified as problematic. Affected is the function taxonomy_switcher_init of the file taxonomy-switcher.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1. CVE project by @Sn0wAlice Create: 2023-01-05 19:31:34 +0000 UTC Push: 2023-01-05 19:31:37 +0000 UTC |

Live-Hack-CVE/CVE-2022-45434 Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could exploit the victim server to launch ICMP request attack to the des CVE project by @Sn0wAlice Create: 2023-01-05 15:12:58 +0000 UTC Push: 2023-01-05 15:13:00 +0000 UTC |

Live-Hack-CVE/CVE-2022-45425 Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability. CVE project by @Sn0wAlice Create: 2023-01-05 15:12:53 +0000 UTC Push: 2023-01-05 15:12:56 +0000 UTC |

Live-Hack-CVE/CVE-2022-45430 Some Dahua software products have a vulnerability of unauthenticated enable or disable SSHD service. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could enable or disable the SSHD service. CVE project by @Sn0wAlice Create: 2023-01-05 15:12:49 +0000 UTC Push: 2023-01-05 15:12:52 +0000 UTC |

Live-Hack-CVE/CVE-2022-45432 Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated search for devices in range of IPs from remote DSS Server. CVE project by @Sn0wAlice Create: 2023-01-05 15:12:45 +0000 UTC Push: 2023-01-05 15:12:48 +0000 UTC |

Live-Hack-CVE/CVE-2022-45431 Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server. CVE project by @Sn0wAlice Create: 2023-01-05 15:12:41 +0000 UTC Push: 2023-01-05 15:12:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-45427 Some Dahua software products have a vulnerability of unrestricted upload of file. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can upload arbitrary files. CVE project by @Sn0wAlice Create: 2023-01-05 15:12:37 +0000 UTC Push: 2023-01-05 15:12:39 +0000 UTC |