Live-Hack-CVE/CVE-2023-0013 The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an attacker can cause lim CVE project by @Sn0wAlice Create: 2023-01-10 14:37:18 +0000 UTC Push: 2023-01-10 14:37:21 +0000 UTC |

Live-Hack-CVE/CVE-2022-32657 In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705042; Issue ID: GN20220705042. CVE project by @Sn0wAlice Create: 2023-01-10 14:37:10 +0000 UTC Push: 2023-01-10 14:37:12 +0000 UTC |

Live-Hack-CVE/CVE-2022-32658 In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705059; Issue ID: GN20220705059. CVE project by @Sn0wAlice Create: 2023-01-10 14:37:05 +0000 UTC Push: 2023-01-10 14:37:09 +0000 UTC |

Live-Hack-CVE/CVE-2022-32659 In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705066; Issue ID: GN20220705066. CVE project by @Sn0wAlice Create: 2023-01-10 14:37:01 +0000 UTC Push: 2023-01-10 14:37:04 +0000 UTC |

Live-Hack-CVE/CVE-2023-0016 SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries. The exploitation of this issue could lead to SQL injection vulnerability and could allow an attacker to access, modify, and/or delete data from the backend database. CVE project by @Sn0wAlice Create: 2023-01-10 14:36:57 +0000 UTC Push: 2023-01-10 14:36:59 +0000 UTC |

Live-Hack-CVE/CVE-2023-0014 SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could CVE project by @Sn0wAlice Create: 2023-01-10 14:36:52 +0000 UTC Push: 2023-01-10 14:36:55 +0000 UTC |

Live-Hack-CVE/CVE-2023-22320 OpenAM Web Policy Agent (OpenAM Consortium Edition) provided by OpenAM Consortium parses URLs improperly, leading to a path traversal vulnerability(CWE-22). Furthermore, a crafted URL may be evaluated incorrectly. CVE project by @Sn0wAlice Create: 2023-01-10 14:36:48 +0000 UTC Push: 2023-01-10 14:36:51 +0000 UTC |

Live-Hack-CVE/CVE-2023-0023 In SAP Bank Account Management (Manage Banks) application, when a user clicks a smart link to navigate to another app, personal data is shown directly in the URL. They might get captured in log files, bookmarks, and so on disclosing sensitive data of the application. CVE project by @Sn0wAlice Create: 2023-01-10 14:36:43 +0000 UTC Push: 2023-01-10 14:36:46 +0000 UTC |

Live-Hack-CVE/CVE-2023-0022 SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network. On successful exploitation, an attacker can perform operations that may completely compromise the application causing a high impact on t CVE project by @Sn0wAlice Create: 2023-01-10 14:36:39 +0000 UTC Push: 2023-01-10 14:36:42 +0000 UTC |

Live-Hack-CVE/CVE-2023-0018 Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application - versions 420, and 430, an attacker with basic user-level privileges can modify/upload crystal reports containing a malicious payload. Once these reports are viewable, anyone who opens thos CVE project by @Sn0wAlice Create: 2023-01-10 14:36:34 +0000 UTC Push: 2023-01-10 14:36:38 +0000 UTC |

Live-Hack-CVE/CVE-2023-0017 An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data on the current system. This could all CVE project by @Sn0wAlice Create: 2023-01-10 14:36:30 +0000 UTC Push: 2023-01-10 14:36:33 +0000 UTC |

Live-Hack-CVE/CVE-2023-0015 In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 420, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On successful exp CVE project by @Sn0wAlice Create: 2023-01-10 14:36:26 +0000 UTC Push: 2023-01-10 14:36:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-4391 The Vision Interactive For WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. CVE project by @Sn0wAlice Create: 2023-01-10 10:09:46 +0000 UTC Push: 2023-01-10 10:09:48 +0000 UTC |

Live-Hack-CVE/CVE-2022-4301 The Sunshine Photo Cart WordPress plugin before 2.9.15 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. CVE project by @Sn0wAlice Create: 2023-01-10 10:09:42 +0000 UTC Push: 2023-01-10 10:09:45 +0000 UTC |

Live-Hack-CVE/CVE-2022-4103 The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. This could allow any authenticated users, such as subscriber to create a post (as well as any post type) with an arbitrary title CVE project by @Sn0wAlice Create: 2023-01-10 10:09:39 +0000 UTC Push: 2023-01-10 10:09:41 +0000 UTC |

Live-Hack-CVE/CVE-2022-4196 The Multi Step Form WordPress plugin before 1.7.8 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). CVE project by @Sn0wAlice Create: 2023-01-10 10:09:35 +0000 UTC Push: 2023-01-10 10:09:37 +0000 UTC |

Live-Hack-CVE/CVE-2022-4102 The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts assuming they know the related slug. CVE project by @Sn0wAlice Create: 2023-01-10 10:09:30 +0000 UTC Push: 2023-01-10 10:09:33 +0000 UTC |

Live-Hack-CVE/CVE-2022-3417 The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import (intentionally or not) a malicious settings file and a suitable gadget chain is present on the blog. CVE project by @Sn0wAlice Create: 2023-01-10 10:09:26 +0000 UTC Push: 2023-01-10 10:09:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-3343 The WPQA Builder WordPress plugin before 5.9.3 (which is a companion plugin used with Discy and Himer WordPress themes) incorrectly tries to validate that a user already follows another in the wpqa_following_you_ajax action, allowing a user to inflate their score on the site by having another user send repeated follow CVE project by @Sn0wAlice Create: 2023-01-10 10:09:21 +0000 UTC Push: 2023-01-10 10:09:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-3923 The ActiveCampaign for WooCommerce WordPress plugin through 1.9.6 does not have authorisation check when cleaning up its error logs via an AJAX action, which could allow any authenticated users, such as subscriber to call it and remove error logs. CVE project by @Sn0wAlice Create: 2023-01-10 10:09:17 +0000 UTC Push: 2023-01-10 10:09:20 +0000 UTC |