Live-Hack-CVE/CVE-2023-21687 HTTP.sys Information Disclosure Vulnerability CVE project by @Sn0wAlice Create: 2023-02-15 05:54:46 +0000 UTC Push: 2023-02-15 05:54:48 +0000 UTC |

Live-Hack-CVE/CVE-2023-21686 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability CVE project by @Sn0wAlice Create: 2023-02-15 05:54:43 +0000 UTC Push: 2023-02-15 05:54:45 +0000 UTC |

Live-Hack-CVE/CVE-2023-21685 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability CVE project by @Sn0wAlice Create: 2023-02-15 05:54:39 +0000 UTC Push: 2023-02-15 05:54:41 +0000 UTC |

Live-Hack-CVE/CVE-2023-21684 Microsoft PostScript Printer Driver Remote Code Execution Vulnerability CVE project by @Sn0wAlice Create: 2023-02-15 05:54:36 +0000 UTC Push: 2023-02-15 05:54:38 +0000 UTC |

Live-Hack-CVE/CVE-2023-21573 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability CVE project by @Sn0wAlice Create: 2023-02-15 05:54:33 +0000 UTC Push: 2023-02-15 05:54:35 +0000 UTC |

Live-Hack-CVE/CVE-2023-21572 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability CVE project by @Sn0wAlice Create: 2023-02-15 05:54:29 +0000 UTC Push: 2023-02-15 05:54:31 +0000 UTC |

Live-Hack-CVE/CVE-2023-21571 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability CVE project by @Sn0wAlice Create: 2023-02-15 05:54:25 +0000 UTC Push: 2023-02-15 05:54:28 +0000 UTC |

Live-Hack-CVE/CVE-2023-21570 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability CVE project by @Sn0wAlice Create: 2023-02-15 05:54:22 +0000 UTC Push: 2023-02-15 05:54:24 +0000 UTC |

Live-Hack-CVE/CVE-2023-21568 Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability CVE project by @Sn0wAlice Create: 2023-02-15 05:54:18 +0000 UTC Push: 2023-02-15 05:54:21 +0000 UTC |

Live-Hack-CVE/CVE-2023-21564 Azure DevOps Server Cross-Site Scripting Vulnerability CVE project by @Sn0wAlice Create: 2023-02-15 05:54:15 +0000 UTC Push: 2023-02-15 05:54:17 +0000 UTC |

Live-Hack-CVE/CVE-2023-21529 Microsoft Exchange Server Remote Code Execution Vulnerability CVE project by @Sn0wAlice Create: 2023-02-15 05:54:11 +0000 UTC Push: 2023-02-15 05:54:13 +0000 UTC |

Live-Hack-CVE/CVE-2023-21528 Microsoft SQL Server Remote Code Execution Vulnerability CVE project by @Sn0wAlice Create: 2023-02-15 05:54:08 +0000 UTC Push: 2023-02-15 05:54:10 +0000 UTC |

Live-Hack-CVE/CVE-2023-25725 HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after CVE project by @Sn0wAlice Create: 2023-02-15 05:54:04 +0000 UTC Push: 2023-02-15 05:54:06 +0000 UTC |

ticofookfook/CVE-2023-25136 Create: 2023-02-15 04:13:16 +0000 UTC Push: 2023-02-15 04:13:17 +0000 UTC |

Live-Hack-CVE/CVE-2023-22942 In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway (SSG) app in the ‘kvstore_client’ REST endpoint lets a potential attacker update SSG [App Key Value Store (KV store)](https://docs.splunk.com/Documentation/Splunk/latest/Admin/AboutKVstore) collectio CVE project by @Sn0wAlice Create: 2023-02-15 03:40:15 +0000 UTC Push: 2023-02-15 03:40:18 +0000 UTC |

Live-Hack-CVE/CVE-2023-22941 In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) crashes the Splunk daemon (splunkd). CVE project by @Sn0wAlice Create: 2023-02-15 03:40:12 +0000 UTC Push: 2023-02-15 03:40:14 +0000 UTC |

Live-Hack-CVE/CVE-2023-22940 In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for the exposing of data to CVE project by @Sn0wAlice Create: 2023-02-15 03:40:08 +0000 UTC Push: 2023-02-15 03:40:10 +0000 UTC |

Live-Hack-CVE/CVE-2023-22939 In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search [bypass SPL safeguards for risky commands](https://docs.splunk.com/Documentation/Splunk/latest/Security/SPLsafeguards). The vulnerability requires a higher privileged user to initiate a reques CVE project by @Sn0wAlice Create: 2023-02-15 03:40:04 +0000 UTC Push: 2023-02-15 03:40:07 +0000 UTC |

Live-Hack-CVE/CVE-2023-22938 In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance. CVE project by @Sn0wAlice Create: 2023-02-15 03:40:00 +0000 UTC Push: 2023-02-15 03:40:03 +0000 UTC |

Live-Hack-CVE/CVE-2023-22937 In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. Lookup table file extensions may now be one of the following only: .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl. For more information on lookup table fil CVE project by @Sn0wAlice Create: 2023-02-15 03:39:57 +0000 UTC Push: 2023-02-15 03:39:59 +0000 UTC |