Live-Hack-CVE/CVE-2022-46360 Out-of-bounds read vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:37 +0000 UTC Push: 2023-01-03 14:38:40 +0000 UTC |

Live-Hack-CVE/CVE-2022-46309 Vitals ESP upload function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to access arbitrary system files. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:33 +0000 UTC Push: 2023-01-03 14:38:36 +0000 UTC |

Live-Hack-CVE/CVE-2022-46306 ChangingTec ServiSign component has a path traversal vulnerability due to insufficient filtering for special characters in the DLL file path. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers the component to load malicious DLL files under arbitrary file pa CVE project by @Sn0wAlice Create: 2023-01-03 14:38:28 +0000 UTC Push: 2023-01-03 14:38:32 +0000 UTC |

Live-Hack-CVE/CVE-2022-46305 ChangingTec ServiSign component has a path traversal vulnerability. An unauthenticated LAN attacker can exploit this vulnerability to bypass authentication and access arbitrary system files. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:24 +0000 UTC Push: 2023-01-03 14:38:27 +0000 UTC |

Live-Hack-CVE/CVE-2022-46304 ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary system command to perfor CVE project by @Sn0wAlice Create: 2023-01-03 14:38:20 +0000 UTC Push: 2023-01-03 14:38:23 +0000 UTC |

Live-Hack-CVE/CVE-2022-43448 Out-of-bounds write vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:16 +0000 UTC Push: 2023-01-03 14:38:18 +0000 UTC |

Live-Hack-CVE/CVE-2022-43438 The Administrator function of EasyTest has an Incorrect Authorization vulnerability. A remote attacker authenticated as a general user can exploit this vulnerability to bypass the intended access restrictions, to make API functions calls, manipulate system and terminate service. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:12 +0000 UTC Push: 2023-01-03 14:38:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-43437 The Download function’s parameter of EasyTest has insufficient validation for user input. A remote attacker authenticated as a general user can inject arbitrary SQL command to access, modify or delete database. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:08 +0000 UTC Push: 2023-01-03 14:38:11 +0000 UTC |

Live-Hack-CVE/CVE-2022-43436 The File Upload function of EasyTest has insufficient filtering for special characters and file type. A remote attacker authenticated as a general user can upload and execute arbitrary files, to manipulate system or disrupt service. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:04 +0000 UTC Push: 2023-01-03 14:38:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-41645 Out-of-bounds read vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:00 +0000 UTC Push: 2023-01-03 14:38:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-40740 Realtek GPON router has insufficient filtering for special characters. A remote attacker authenticated as an administrator can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service. CVE project by @Sn0wAlice Create: 2023-01-03 14:37:56 +0000 UTC Push: 2023-01-03 14:37:58 +0000 UTC |

Live-Hack-CVE/CVE-2022-39042 aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary system command or disrupt service. CVE project by @Sn0wAlice Create: 2023-01-03 14:37:51 +0000 UTC Push: 2023-01-03 14:37:54 +0000 UTC |

Live-Hack-CVE/CVE-2022-39041 aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database. CVE project by @Sn0wAlice Create: 2023-01-03 14:37:47 +0000 UTC Push: 2023-01-03 14:37:50 +0000 UTC |

Live-Hack-CVE/CVE-2022-39040 aEnrich a+HRD log read function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files. CVE project by @Sn0wAlice Create: 2023-01-03 14:37:43 +0000 UTC Push: 2023-01-03 14:37:46 +0000 UTC |

Live-Hack-CVE/CVE-2022-39039 aEnrich’s a+HRD has inadequate filtering for specific URL parameter. An unauthenticated remote attacker can exploit this vulnerability to send arbitrary HTTP(s) request to launch Server-Side Request Forgery (SSRF) attack, to perform arbitrary system command or disrupt service. CVE project by @Sn0wAlice Create: 2023-01-03 14:37:39 +0000 UTC Push: 2023-01-03 14:37:42 +0000 UTC |

Live-Hack-CVE/CVE-2022-43931 Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors. CVE project by @Sn0wAlice Create: 2023-01-03 14:37:34 +0000 UTC Push: 2023-01-03 14:37:37 +0000 UTC |

Trinadh465/frameworks_minikin_AOSP10_r33-CVE-2022-20473 Create: 2023-01-03 12:51:12 +0000 UTC Push: 2023-01-03 12:51:12 +0000 UTC |

wh-gov/CVE-2022-46366 CVE-2022-46366 Create: 2023-01-03 12:04:29 +0000 UTC Push: 2023-01-03 12:04:30 +0000 UTC |

Trinadh465/frameworks_base_AOSP10_r33_CVE-2022-20470 Create: 2023-01-03 11:43:46 +0000 UTC Push: 2023-01-03 11:43:46 +0000 UTC |

LalieA/CVE-2021-46398 A Proof of Concept for the CVE-2021-46398 flaw exploitation Create: 2023-01-03 09:49:22 +0000 UTC Push: 2023-09-10 23:04:29 +0000 UTC |