Live-Hack-CVE/CVE-2021-32821 MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite common with e.g. jQuery CVE project by @Sn0wAlice Create: 2023-01-04 03:44:00 +0000 UTC Push: 2023-01-04 03:44:03 +0000 UTC |

Live-Hack-CVE/CVE-2021-32824 Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-auth remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers some basic methods to collect information a CVE project by @Sn0wAlice Create: 2023-01-04 03:43:51 +0000 UTC Push: 2023-01-04 03:43:54 +0000 UTC |

ajith737/Spring4Shell-CVE-2022-22965-POC User friendly Spring4Shell POC Create: 2023-01-04 02:15:07 +0000 UTC Push: 2023-01-04 02:15:11 +0000 UTC |

Live-Hack-CVE/CVE-2022-28388 usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. CVE project by @Sn0wAlice Create: 2023-01-04 01:31:22 +0000 UTC Push: 2023-01-04 01:31:26 +0000 UTC |

Live-Hack-CVE/CVE-2023-0039 The User Post Gallery - UPG plugin for WordPress is vulnerable to authorization bypass which leads to remote command execution due to the use of a nopriv AJAX action and user supplied function calls and parameters in versions up to, and including 2.19. This makes it possible for unauthenticated attackers to call arbitr CVE project by @Sn0wAlice Create: 2023-01-04 01:31:12 +0000 UTC Push: 2023-01-04 01:31:16 +0000 UTC |

Live-Hack-CVE/CVE-2022-38766 The remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MHz RF signals from the same Rolling Codes set for each door-open request, which allows for a replay attack. CVE project by @Sn0wAlice Create: 2023-01-04 01:31:08 +0000 UTC Push: 2023-01-04 01:31:11 +0000 UTC |

Live-Hack-CVE/CVE-2023-0038 The "Survey Maker – Best WordPress Survey Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via survey answers in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts CVE project by @Sn0wAlice Create: 2023-01-03 23:19:27 +0000 UTC Push: 2023-01-03 23:19:30 +0000 UTC |

Live-Hack-CVE/CVE-2022-4663 The Members Import plugin for WordPress is vulnerable to Self Cross-Site Scripting via the user_login parameter in an imported CSV file in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that e CVE project by @Sn0wAlice Create: 2023-01-03 23:19:23 +0000 UTC Push: 2023-01-03 23:19:26 +0000 UTC |

Live-Hack-CVE/CVE-2013-10007 A vulnerability classified as problematic has been found in ethitter WP-Print-Friendly up to 0.5.2. This affects an unknown part of the file wp-print-friendly.php. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. Upgrading to version 0.5.3 is able to address this issue. CVE project by @Sn0wAlice Create: 2023-01-03 22:14:17 +0000 UTC Push: 2023-01-03 22:14:19 +0000 UTC |

Live-Hack-CVE/CVE-2022-4871 A vulnerability classified as problematic was found in ummmmm nflpick-em.com up to 2.2.x. This vulnerability affects the function _Load_Users of the file html/includes/runtime/admin/JSON/LoadUsers.php. The manipulation of the argument sort leads to sql injection. The attack can be initiated remotely. The name of the pa CVE project by @Sn0wAlice Create: 2023-01-03 22:14:11 +0000 UTC Push: 2023-01-03 22:14:14 +0000 UTC |

Live-Hack-CVE/CVE-2012-10003 A vulnerability, which was classified as problematic, has been found in ahmyi RivetTracker. This issue affects some unknown processing. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated remotely. The name of the patch is f053c5cc2bc44269b0496b5f275e349928a9 CVE project by @Sn0wAlice Create: 2023-01-03 22:14:07 +0000 UTC Push: 2023-01-03 22:14:10 +0000 UTC |

Live-Hack-CVE/CVE-2015-10012 ** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in sumocoders FrameworkUserBundle up to 1.3.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Resources/views/Security/login.html.twig. The manipulation leads to information expo CVE project by @Sn0wAlice Create: 2023-01-03 20:03:58 +0000 UTC Push: 2023-01-03 20:04:01 +0000 UTC |

Live-Hack-CVE/CVE-2012-10002 A vulnerability was found in ahmyi RivetTracker. It has been declared as problematic. Affected by this vulnerability is the function changeColor of the file css.php. The manipulation of the argument set_css leads to cross site scripting. The attack can be launched remotely. The name of the patch is 45a0f33876d58cb7e4a0 CVE project by @Sn0wAlice Create: 2023-01-03 20:03:53 +0000 UTC Push: 2023-01-03 20:03:56 +0000 UTC |

Live-Hack-CVE/CVE-2022-3614 In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:55 +0000 UTC Push: 2023-01-03 14:38:57 +0000 UTC |

Live-Hack-CVE/CVE-2022-47908 Stack-based buffer overflow vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:49 +0000 UTC Push: 2023-01-03 14:38:52 +0000 UTC |

Live-Hack-CVE/CVE-2022-47618 Merit LILIN AH55B04 & AH55B08 DVR firm has hard-coded administrator credentials. An unauthenticated remote attacker can use these credentials to log in administrator page, to manipulate system or disrupt service. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:45 +0000 UTC Push: 2023-01-03 14:38:48 +0000 UTC |

Live-Hack-CVE/CVE-2022-47317 Out-of-bounds write vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:41 +0000 UTC Push: 2023-01-03 14:38:44 +0000 UTC |

Live-Hack-CVE/CVE-2022-46360 Out-of-bounds read vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:37 +0000 UTC Push: 2023-01-03 14:38:40 +0000 UTC |

Live-Hack-CVE/CVE-2022-46309 Vitals ESP upload function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to access arbitrary system files. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:33 +0000 UTC Push: 2023-01-03 14:38:36 +0000 UTC |

Live-Hack-CVE/CVE-2022-46306 ChangingTec ServiSign component has a path traversal vulnerability due to insufficient filtering for special characters in the DLL file path. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers the component to load malicious DLL files under arbitrary file pa CVE project by @Sn0wAlice Create: 2023-01-03 14:38:28 +0000 UTC Push: 2023-01-03 14:38:32 +0000 UTC |