Live-Hack-CVE/CVE-2023-0281 A vulnerability was found in SourceCodester Online Flight Booking Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file judge_panel.php. The manipulation of the argument subevent_id leads to sql injection. The attack may be launched remotely. The exploit has CVE project by @Sn0wAlice Create: 2023-01-13 19:40:55 +0000 UTC Push: 2023-01-13 19:40:58 +0000 UTC |

hfh86/CVE-2022-3317 Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 106.0.5249.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) Create: 2023-01-13 16:06:54 +0000 UTC Push: 2023-01-13 16:06:54 +0000 UTC |

Live-Hack-CVE/CVE-2022-46502 Online Student Enrollment System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /student_enrollment/admin/login.php. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:59 +0000 UTC Push: 2023-01-13 14:15:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-42285 DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization (PEI)phase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privileges, or data tampering. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:55 +0000 UTC Push: 2023-01-13 14:14:58 +0000 UTC |

Live-Hack-CVE/CVE-2022-42284 NVIDIA BMC stores user passwords in an obfuscated form in a database accessible by the host. This may lead to a credentials exposure. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:51 +0000 UTC Push: 2023-01-13 14:14:54 +0000 UTC |

Live-Hack-CVE/CVE-2022-42283 NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:48 +0000 UTC Push: 2023-01-13 14:14:50 +0000 UTC |

Live-Hack-CVE/CVE-2022-42282 NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can access arbitrary files, which may lead to information disclosure. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:44 +0000 UTC Push: 2023-01-13 14:14:47 +0000 UTC |

Live-Hack-CVE/CVE-2022-42281 NVIDIA DGX A100 contains a vulnerability in SBIOS in the FsRecovery, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:40 +0000 UTC Push: 2023-01-13 14:14:42 +0000 UTC |

Live-Hack-CVE/CVE-2022-42280 NVIDIA BMC contains a vulnerability in SPX REST auth handler, where an un-authorized attacker can exploit a path traversal, which may lead to authentication bypass. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:36 +0000 UTC Push: 2023-01-13 14:14:39 +0000 UTC |

Live-Hack-CVE/CVE-2022-42279 NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:32 +0000 UTC Push: 2023-01-13 14:14:35 +0000 UTC |

Live-Hack-CVE/CVE-2022-42278 NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure and data tampering. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:28 +0000 UTC Push: 2023-01-13 14:14:31 +0000 UTC |

Live-Hack-CVE/CVE-2022-42277 NVIDIA DGX Station contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:24 +0000 UTC Push: 2023-01-13 14:14:27 +0000 UTC |

Live-Hack-CVE/CVE-2022-42276 NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:20 +0000 UTC Push: 2023-01-13 14:14:23 +0000 UTC |

Live-Hack-CVE/CVE-2023-23559 In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:16 +0000 UTC Push: 2023-01-13 14:14:19 +0000 UTC |

Live-Hack-CVE/CVE-2022-48258 In Eternal Terminal 6.2.1, etserver and etclient have world-readable logfiles. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:12 +0000 UTC Push: 2023-01-13 14:14:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-48257 In Eternal Terminal 6.2.1, etserver and etclient have predictable logfile names in /tmp. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:08 +0000 UTC Push: 2023-01-13 14:14:11 +0000 UTC |

Live-Hack-CVE/CVE-2022-48256 Technitium DNS Server before 10.0 allows a self-CNAME denial-of-service attack in which a CNAME loop causes an answer to contain hundreds of records. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:04 +0000 UTC Push: 2023-01-13 14:14:07 +0000 UTC |

Live-Hack-CVE/CVE-2022-46478 The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized data. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:00 +0000 UTC Push: 2023-01-13 14:14:03 +0000 UTC |

Live-Hack-CVE/CVE-2022-46471 Online Health Care System v1.0 was discovered to contain a SQL injection vulnerability via the consulting_id parameter at /healthcare/Admin/consulting_detail.php. CVE project by @Sn0wAlice Create: 2023-01-13 14:13:57 +0000 UTC Push: 2023-01-13 14:13:59 +0000 UTC |

Live-Hack-CVE/CVE-2022-42275 NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing secureboot protections. This may lead to a loss of integrity and denial of service. CVE project by @Sn0wAlice Create: 2023-01-13 14:13:53 +0000 UTC Push: 2023-01-13 14:13:56 +0000 UTC |