Live-Hack-CVE/CVE-2020-15429 This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_crons.php. When parsing the user parameter, the process does not properly validate a us CVE project by @Sn0wAlice Create: 2023-01-25 03:50:28 +0000 UTC Push: 2023-01-25 03:50:30 +0000 UTC |

Live-Hack-CVE/CVE-2020-15612 This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_ftp_manager.php. When parsing the userLogin parameter, the process does not properly va CVE project by @Sn0wAlice Create: 2023-01-25 03:50:24 +0000 UTC Push: 2023-01-25 03:50:27 +0000 UTC |

Live-Hack-CVE/CVE-2019-15235 CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an attacker to get a victim's session file name from /home/[USERNAME]/tmp/session/sess_xxxxxx, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to gain access to the victim's password (for the OS and phpMyAdmin) via an att CVE project by @Sn0wAlice Create: 2023-01-25 03:50:21 +0000 UTC Push: 2023-01-25 03:50:23 +0000 UTC |

Live-Hack-CVE/CVE-2018-18322 CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Command Injection via shell metacharacters in the admin/index.php service_start, service_restart, service_fullstatus, or service_stop parameter. CVE project by @Sn0wAlice Create: 2023-01-25 03:50:17 +0000 UTC Push: 2023-01-25 03:50:20 +0000 UTC |

Live-Hack-CVE/CVE-2018-5961 CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file. CVE project by @Sn0wAlice Create: 2023-01-25 03:50:13 +0000 UTC Push: 2023-01-25 03:50:15 +0000 UTC |

Live-Hack-CVE/CVE-2018-18772 CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command. CVE project by @Sn0wAlice Create: 2023-01-25 03:50:09 +0000 UTC Push: 2023-01-25 03:50:12 +0000 UTC |

Live-Hack-CVE/CVE-2019-7646 CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter. CVE project by @Sn0wAlice Create: 2023-01-25 03:50:05 +0000 UTC Push: 2023-01-25 03:50:08 +0000 UTC |

Live-Hack-CVE/CVE-2018-5962 index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the id parameter to the phpini_editor module or the email_address parameter to the mail_add-new module. CVE project by @Sn0wAlice Create: 2023-01-25 03:50:02 +0000 UTC Push: 2023-01-25 03:50:04 +0000 UTC |

Live-Hack-CVE/CVE-2021-31324 The unprivileged user portal part of CentOS Web Panel is affected by a Command Injection vulnerability leading to root Remote Code Execution. CVE project by @Sn0wAlice Create: 2023-01-25 03:49:58 +0000 UTC Push: 2023-01-25 03:50:00 +0000 UTC |

Live-Hack-CVE/CVE-2021-31316 The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the 'idsession' HTTP POST parameter. CVE project by @Sn0wAlice Create: 2023-01-25 03:49:55 +0000 UTC Push: 2023-01-25 03:49:57 +0000 UTC |

Live-Hack-CVE/CVE-2023-22398 An Access of Uninitialized Pointer vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). When an MPLS ping is performed on BGP LSPs, the RPD might crash. Repeated execution of t CVE project by @Sn0wAlice Create: 2023-01-25 03:49:48 +0000 UTC Push: 2023-01-25 03:49:50 +0000 UTC |

deetl/CVE-2023-24055 POC and Scanner for CVE-2023-24055 Create: 2023-01-25 03:19:23 +0000 UTC Push: 2023-01-25 03:19:23 +0000 UTC |

r3nt0n/CVE-2023-23488-PoC Unauthenticated SQL Injection - Paid Memberships Pro < 2.9.8 (WordPress Plugin) Create: 2023-01-25 02:26:10 +0000 UTC Push: 2023-01-25 02:26:10 +0000 UTC |

Live-Hack-CVE/CVE-2022-0808 Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in a series of user interaction to potentially exploit heap corruption via user interactions. CVE project by @Sn0wAlice Create: 2023-01-25 01:40:35 +0000 UTC Push: 2023-01-25 01:40:38 +0000 UTC |

Live-Hack-CVE/CVE-2021-39027 IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved. IBM X-Force ID: 213865. CVE project by @Sn0wAlice Create: 2023-01-25 01:40:29 +0000 UTC Push: 2023-01-25 01:40:32 +0000 UTC |

Live-Hack-CVE/CVE-2009-3732 Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors. CVE project by @Sn0wAlice Create: 2023-01-25 01:40:25 +0000 UTC Push: 2023-01-25 01:40:27 +0000 UTC |

Live-Hack-CVE/CVE-2014-3394 The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to bypass certificate validation via an arbitrary VeriSign certificate, aka Bug ID CSCun10916. CVE project by @Sn0wAlice Create: 2023-01-25 01:40:21 +0000 UTC Push: 2023-01-25 01:40:23 +0000 UTC |

Live-Hack-CVE/CVE-2016-6664 mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logg CVE project by @Sn0wAlice Create: 2023-01-25 01:40:16 +0000 UTC Push: 2023-01-25 01:40:19 +0000 UTC |

Live-Hack-CVE/CVE-2018-0315 A vulnerability in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability CVE project by @Sn0wAlice Create: 2023-01-25 01:40:11 +0000 UTC Push: 2023-01-25 01:40:14 +0000 UTC |

Live-Hack-CVE/CVE-2019-16775 Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a sym CVE project by @Sn0wAlice Create: 2023-01-25 01:40:08 +0000 UTC Push: 2023-01-25 01:40:10 +0000 UTC |