Live-Hack-CVE/CVE-2018-25066 A vulnerability was found in PeterMu nodebatis up to 2.1.x. It has been classified as critical. Affected is an unknown function. The manipulation leads to sql injection. Upgrading to version 2.2.0 is able to address this issue. The name of the patch is 6629ff5b7e3d62ad8319007a54589ec1f62c7c35. It is recommended to upgr CVE project by @Sn0wAlice Create: 2023-01-06 21:51:48 +0000 UTC Push: 2023-01-06 21:51:51 +0000 UTC |

Live-Hack-CVE/CVE-2015-10017 A vulnerability has been found in HPI-Information-Systems ProLOD and classified as critical. This vulnerability affects unknown code. The manipulation of the argument this leads to sql injection. The name of the patch is 3f710905458d49c77530bd3cbcd8960457566b73. It is recommended to apply a patch to fix this issue. The CVE project by @Sn0wAlice Create: 2023-01-06 21:51:44 +0000 UTC Push: 2023-01-06 21:51:47 +0000 UTC |

Live-Hack-CVE/CVE-2014-125047 A vulnerability classified as critical has been found in tbezman school-store. This affects an unknown part. The manipulation leads to sql injection. The name of the patch is 2957fc97054216d3a393f1775efd01ae2b072001. It is recommended to apply a patch to fix this issue. The identifier VDB-217557 was assigned to this vu CVE project by @Sn0wAlice Create: 2023-01-06 21:51:40 +0000 UTC Push: 2023-01-06 21:51:43 +0000 UTC |

kriso4os/CVE-2018-25031 Create: 2023-01-06 19:58:15 +0000 UTC Push: 2023-01-06 19:58:16 +0000 UTC |

Live-Hack-CVE/CVE-2019-25090 A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and classified as problematic. Affected by this issue is some unknown functionality of the component Views Handler. The manipulation of the argument dataurl leads to cross site scripting. The attack may be launched remotely. Upgrading to version 13.0.5.4 is CVE project by @Sn0wAlice Create: 2023-01-06 19:41:11 +0000 UTC Push: 2023-01-06 19:41:13 +0000 UTC |

Live-Hack-CVE/CVE-2020-36634 A vulnerability classified as problematic has been found in Indeed Engineering util up to 1.0.33. Affected is the function visit/appendTo of the file varexport/src/main/java/com/indeed/util/varexport/servlet/ViewExportedVariablesServlet.java. The manipulation leads to cross site scripting. It is possible to launch the CVE project by @Sn0wAlice Create: 2023-01-06 19:41:07 +0000 UTC Push: 2023-01-06 19:41:09 +0000 UTC |

Live-Hack-CVE/CVE-2020-36633 A vulnerability was found in moodle-block_sitenews 1.0. It has been classified as problematic. This affects the function get_content of the file block_sitenews.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.1 is able to address this issu CVE project by @Sn0wAlice Create: 2023-01-06 19:41:03 +0000 UTC Push: 2023-01-06 19:41:05 +0000 UTC |

Live-Hack-CVE/CVE-2021-4289 A vulnerability classified as problematic was found in OpenMRS openmrs-module-referenceapplication up to 2.11.x. Affected by this vulnerability is the function post of the file omod/src/main/java/org/openmrs/module/referenceapplication/page/controller/UserAppPageController.java of the component User App Page. The manip CVE project by @Sn0wAlice Create: 2023-01-06 19:40:59 +0000 UTC Push: 2023-01-06 19:41:02 +0000 UTC |

Live-Hack-CVE/CVE-2021-4288 A vulnerability was found in OpenMRS openmrs-module-referenceapplication up to 2.11.x. It has been rated as problematic. This issue affects some unknown processing of the file omod/src/main/webapp/pages/userApp.gsp. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to versi CVE project by @Sn0wAlice Create: 2023-01-06 19:40:55 +0000 UTC Push: 2023-01-06 19:40:57 +0000 UTC |

Live-Hack-CVE/CVE-2022-4766 A vulnerability was found in dolibarr_project_timesheet up to 4.5.5. It has been declared as problematic. This vulnerability affects unknown code of the component Form Handler. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. Upgrading to version 4.5.6.a is able to address thi CVE project by @Sn0wAlice Create: 2023-01-06 19:40:51 +0000 UTC Push: 2023-01-06 19:40:53 +0000 UTC |

Live-Hack-CVE/CVE-2023-22671 Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided input into eval, leading to command injection when calling analyzeHeadless with untrusted input. CVE project by @Sn0wAlice Create: 2023-01-06 19:40:46 +0000 UTC Push: 2023-01-06 19:40:49 +0000 UTC |

Live-Hack-CVE/CVE-2022-4878 A vulnerability classified as critical has been found in JATOS. Affected is the function ZipUtil of the file modules/common/app/utils/common/ZipUtil.java of the component ZIP Handler. The manipulation leads to path traversal. Upgrading to version 3.7.5-alpha is able to address this issue. The name of the patch is 2b425 CVE project by @Sn0wAlice Create: 2023-01-06 19:40:41 +0000 UTC Push: 2023-01-06 19:40:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-45935 Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions. CVE project by @Sn0wAlice Create: 2023-01-06 19:40:36 +0000 UTC Push: 2023-01-06 19:40:39 +0000 UTC |

Live-Hack-CVE/CVE-2022-45787 Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or later. CVE project by @Sn0wAlice Create: 2023-01-06 19:40:33 +0000 UTC Push: 2023-01-06 19:40:35 +0000 UTC |

Live-Hack-CVE/CVE-2016-15011 A vulnerability classified as problematic was found in e-Contract dssp up to 1.3.1. Affected by this vulnerability is the function checkSignResponse of the file dssp-client/src/main/java/be/e_contract/dssp/client/SignResponseVerifier.java. The manipulation leads to xml external entity reference. Upgrading to version 1. CVE project by @Sn0wAlice Create: 2023-01-06 19:40:28 +0000 UTC Push: 2023-01-06 19:40:31 +0000 UTC |

Live-Hack-CVE/CVE-2015-10016 A vulnerability, which was classified as critical, has been found in jeff-kelley opensim-utils. Affected by this issue is the function DatabaseForRegion of the file regionscrits.php. The manipulation of the argument region leads to sql injection. The name of the patch is c29e5c729a833a29dbf5b1e505a0553fe154575e. It is CVE project by @Sn0wAlice Create: 2023-01-06 19:40:24 +0000 UTC Push: 2023-01-06 19:40:27 +0000 UTC |

Live-Hack-CVE/CVE-2014-125046 A vulnerability, which was classified as critical, was found in Seiji42 cub-scout-tracker. This affects an unknown part of the file databaseAccessFunctions.js. The manipulation leads to sql injection. The name of the patch is b4bc1a328b1f59437db159f9d136d9ed15707e31. It is recommended to apply a patch to fix this issue CVE project by @Sn0wAlice Create: 2023-01-06 19:40:19 +0000 UTC Push: 2023-01-06 19:40:23 +0000 UTC |

Live-Hack-CVE/CVE-2020-36564 Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid. CVE project by @Sn0wAlice Create: 2023-01-06 14:14:26 +0000 UTC Push: 2023-01-06 14:14:29 +0000 UTC |

Live-Hack-CVE/CVE-2020-36561 Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory. CVE project by @Sn0wAlice Create: 2023-01-06 14:14:22 +0000 UTC Push: 2023-01-06 14:14:24 +0000 UTC |

Live-Hack-CVE/CVE-2021-4235 Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector. CVE project by @Sn0wAlice Create: 2023-01-06 14:14:17 +0000 UTC Push: 2023-01-06 14:14:21 +0000 UTC |