Live-Hack-CVE/CVE-2023-24377 Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.3 versions. CVE project by @Sn0wAlice Create: 2023-02-14 22:09:50 +0000 UTC Push: 2023-02-14 22:09:53 +0000 UTC |

Live-Hack-CVE/CVE-2022-46862 Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin <= 8.0.7 versions. CVE project by @Sn0wAlice Create: 2023-02-14 22:09:46 +0000 UTC Push: 2023-02-14 22:09:49 +0000 UTC |

Live-Hack-CVE/CVE-2023-25066 Cross-Site Request Forgery (CSRF) vulnerability in FolioVision FV Flowplayer Video Player plugin <= 7.5.30.7212 versions. CVE project by @Sn0wAlice Create: 2023-02-14 19:56:15 +0000 UTC Push: 2023-02-14 19:56:18 +0000 UTC |

Live-Hack-CVE/CVE-2022-43469 Cross-Site Request Forgery (CSRF) vulnerability in Orchestrated Corona Virus (COVID-19) Banner & Live Data plugin <= 1.7.0.6 versions. CVE project by @Sn0wAlice Create: 2023-02-14 19:56:11 +0000 UTC Push: 2023-02-14 19:56:13 +0000 UTC |

Live-Hack-CVE/CVE-2012-3287 Poul-Henning Kamp md5crypt has insufficient algorithmic complexity and a consequently short runtime, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack, as demonstrated by an attack using GPU hardware. CVE project by @Sn0wAlice Create: 2023-02-14 19:56:07 +0000 UTC Push: 2023-02-14 19:56:10 +0000 UTC |

Live-Hack-CVE/CVE-2023-25758 Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.10.0 allow man-in-the-middle attackers to obtain the seed phase. The man-in-the-middle access can only be obtained after disassembling a device (i.e., here, "man-in-the-middle" does not refer to the attacker's position on an IP network). NOTE: the ven CVE project by @Sn0wAlice Create: 2023-02-14 19:56:03 +0000 UTC Push: 2023-02-14 19:56:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-22375 ** UNSUPPORTED WHEN ASSIGNED ** Cross-site request forgery (CSRF) vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to hijack the authentication and conduct arbitrary operations by having a logged-in user to view a malicious page. NOTE: This vuln CVE project by @Sn0wAlice Create: 2023-02-14 14:27:50 +0000 UTC Push: 2023-02-14 14:27:53 +0000 UTC |

Live-Hack-CVE/CVE-2023-22370 ** UNSUPPORTED WHEN ASSIGNED ** Stored cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a network-adjacent authenticated attacker to inject an arbitrary script. NOTE: This vulnerability only affects products that are no longer supported by the developer. CVE project by @Sn0wAlice Create: 2023-02-14 14:27:47 +0000 UTC Push: 2023-02-14 14:27:49 +0000 UTC |

Live-Hack-CVE/CVE-2023-0655 SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that includes sensitive information about users email addresses. CVE project by @Sn0wAlice Create: 2023-02-14 14:27:43 +0000 UTC Push: 2023-02-14 14:27:46 +0000 UTC |

Live-Hack-CVE/CVE-2023-25614 SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allow an unauthenticated attacker to inject the code that can be executed by the application over the network. On successful exploitation it can gain access to the sensitive information which le CVE project by @Sn0wAlice Create: 2023-02-14 14:27:40 +0000 UTC Push: 2023-02-14 14:27:42 +0000 UTC |

Live-Hack-CVE/CVE-2023-24530 SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed by the application over the network. On successful exploitation, attacker can perform operations that may completely compromise the application causing high impa CVE project by @Sn0wAlice Create: 2023-02-14 14:27:37 +0000 UTC Push: 2023-02-14 14:27:39 +0000 UTC |

Live-Hack-CVE/CVE-2023-24529 Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting (XSS) attack. As a result, an attacker CVE project by @Sn0wAlice Create: 2023-02-14 14:27:33 +0000 UTC Push: 2023-02-14 14:27:35 +0000 UTC |

Live-Hack-CVE/CVE-2023-24528 SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) - version 600, allows an authenticated attacker to exploit a certain misconfigured application endpoint to view sensitive data. This endpoint is normally exposed over the network and successful exploitation can lead to exposure of data like travel doc CVE project by @Sn0wAlice Create: 2023-02-14 14:27:30 +0000 UTC Push: 2023-02-14 14:27:32 +0000 UTC |

Live-Hack-CVE/CVE-2023-24525 SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application. CVE project by @Sn0wAlice Create: 2023-02-14 14:27:26 +0000 UTC Push: 2023-02-14 14:27:28 +0000 UTC |

Live-Hack-CVE/CVE-2023-24524 SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to delete the data with a high impact to availability. CVE project by @Sn0wAlice Create: 2023-02-14 14:27:22 +0000 UTC Push: 2023-02-14 14:27:25 +0000 UTC |

Live-Hack-CVE/CVE-2023-24523 An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent (Start Service) - versions 7.21, 7.22, can submit a crafted ConfigureOutsideDiscovery request with an operating system command which will be executed with administrator privileges. The OS command can read or CVE project by @Sn0wAlice Create: 2023-02-14 14:27:19 +0000 UTC Push: 2023-02-14 14:27:21 +0000 UTC |

Live-Hack-CVE/CVE-2023-24522 Due to insufficient input sanitization, SAP NetWeaver AS ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data. This may lead to a limited impact on CVE project by @Sn0wAlice Create: 2023-02-14 14:27:15 +0000 UTC Push: 2023-02-14 14:27:18 +0000 UTC |

Live-Hack-CVE/CVE-2023-24521 Due to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Framework) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data. This CVE project by @Sn0wAlice Create: 2023-02-14 14:27:12 +0000 UTC Push: 2023-02-14 14:27:14 +0000 UTC |

Live-Hack-CVE/CVE-2023-23860 SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a link, which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose CVE project by @Sn0wAlice Create: 2023-02-14 14:27:08 +0000 UTC Push: 2023-02-14 14:27:10 +0000 UTC |

Live-Hack-CVE/CVE-2023-23859 SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information. CVE project by @Sn0wAlice Create: 2023-02-14 14:27:04 +0000 UTC Push: 2023-02-14 14:27:07 +0000 UTC |