Live-Hack-CVE/CVE-2016-1013 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1016, CVE-2016-1017, and CVE-2016-1 CVE project by @Sn0wAlice Create: 2023-01-26 23:54:24 +0000 UTC Push: 2023-01-26 23:54:27 +0000 UTC |

DRAGOWN/Injection-vulnerability-in-Paradox-Security-Systems-IPR512-CVE-2023-24709-PoC In Paradox Security System IPR512 Web console login form page, attacker can input JavaScript string, such as "</script>" that will overwrite configurations in the file "login.xml" and cause the login page to crash. Create: 2023-01-26 12:13:51 +0000 UTC Push: 2025-01-09 12:32:43 +0000 UTC |

DRAGOWN/CVE-2023-24709-PoC In Paradox Security System IPR512 Web console login form page, attacker can input JavaScript string, such as "</script>" that will overwrite configurations in the file "login.xml" and cause the login page to crash. Create: 2023-01-26 12:13:51 +0000 UTC Push: 2025-01-09 12:38:02 +0000 UTC |

SlashXzerozero/Injection-vulnerability-in-Paradox-Security-Systems-IPR512-CVE-2023-24709-PoC In Paradox Security System IPR512 Web console login form page, attacker can input JavaScript string, such as "</script>" that will overwrite configurations in the file "login.xml" and cause the login page to crash. Create: 2023-01-26 12:13:51 +0000 UTC Push: 2023-04-09 12:22:07 +0000 UTC |

Live-Hack-CVE/CVE-2022-47950 An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3ap CVE project by @Sn0wAlice Create: 2023-01-26 07:22:22 +0000 UTC Push: 2023-01-26 07:22:24 +0000 UTC |

Live-Hack-CVE/CVE-2016-4227 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE project by @Sn0wAlice Create: 2023-01-26 07:22:13 +0000 UTC Push: 2023-01-26 07:22:15 +0000 UTC |

Live-Hack-CVE/CVE-2016-4228 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE project by @Sn0wAlice Create: 2023-01-26 07:22:09 +0000 UTC Push: 2023-01-26 07:22:12 +0000 UTC |

Live-Hack-CVE/CVE-2016-4229 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE project by @Sn0wAlice Create: 2023-01-26 07:22:06 +0000 UTC Push: 2023-01-26 07:22:08 +0000 UTC |

Live-Hack-CVE/CVE-2016-4230 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE project by @Sn0wAlice Create: 2023-01-26 07:22:02 +0000 UTC Push: 2023-01-26 07:22:04 +0000 UTC |

Live-Hack-CVE/CVE-2016-4248 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE project by @Sn0wAlice Create: 2023-01-26 07:21:58 +0000 UTC Push: 2023-01-26 07:22:01 +0000 UTC |

Live-Hack-CVE/CVE-2016-4231 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE project by @Sn0wAlice Create: 2023-01-26 07:21:54 +0000 UTC Push: 2023-01-26 07:21:57 +0000 UTC |

Live-Hack-CVE/CVE-2016-4222 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4226, CVE-2016-4227, CVE project by @Sn0wAlice Create: 2023-01-26 07:21:51 +0000 UTC Push: 2023-01-26 07:21:53 +0000 UTC |

Live-Hack-CVE/CVE-2016-7020 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE project by @Sn0wAlice Create: 2023-01-26 07:21:47 +0000 UTC Push: 2023-01-26 07:21:49 +0000 UTC |

Live-Hack-CVE/CVE-2022-45557 Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 for MacOS allows attackers to execute arbitrary code via file names. CVE project by @Sn0wAlice Create: 2023-01-26 06:16:36 +0000 UTC Push: 2023-01-26 06:16:38 +0000 UTC |

Live-Hack-CVE/CVE-2022-45542 EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager component in GET parameter "filename" when editing any file. CVE project by @Sn0wAlice Create: 2023-01-26 06:16:32 +0000 UTC Push: 2023-01-26 06:16:35 +0000 UTC |

Live-Hack-CVE/CVE-2022-45558 Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 for MacOS allows attackers to execute arbitrary code via the meta tag. CVE project by @Sn0wAlice Create: 2023-01-26 06:16:28 +0000 UTC Push: 2023-01-26 06:16:31 +0000 UTC |

Live-Hack-CVE/CVE-2022-43455 Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to improper input validation of user input to the service_start, service_stop, and service_restart modules of the software. This could allow an attacker to start, stop, or restart arbitrary services running on CVE project by @Sn0wAlice Create: 2023-01-26 06:16:21 +0000 UTC Push: 2023-01-26 06:16:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-3782 keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly c CVE project by @Sn0wAlice Create: 2023-01-26 06:16:05 +0000 UTC Push: 2023-01-26 06:16:08 +0000 UTC |

Live-Hack-CVE/CVE-2022-3143 wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an a CVE project by @Sn0wAlice Create: 2023-01-26 06:16:01 +0000 UTC Push: 2023-01-26 06:16:04 +0000 UTC |

Live-Hack-CVE/CVE-2022-4295 The Show All Comments WordPress plugin before 7.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin. CVE project by @Sn0wAlice Create: 2023-01-26 04:05:30 +0000 UTC Push: 2023-01-26 04:05:33 +0000 UTC |