Live-Hack-CVE/CVE-2023-24646 An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitrary code via a crafted PHP file. CVE project by @Sn0wAlice Create: 2023-02-14 07:41:33 +0000 UTC Push: 2023-02-14 07:41:35 +0000 UTC |

Live-Hack-CVE/CVE-2023-24086 SLIMS v9.5.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /customs/loan_by_class.php?reportView. CVE project by @Sn0wAlice Create: 2023-02-14 07:41:29 +0000 UTC Push: 2023-02-14 07:41:32 +0000 UTC |

Live-Hack-CVE/CVE-2022-4905 A vulnerability was found in UDX Stateless Media Plugin 3.1.1. It has been declared as problematic. This vulnerability affects the function setup_wizard_interface of the file lib/classes/class-settings.php. The manipulation of the argument settings leads to cross site scripting. The attack can be initiated remotely. Up CVE project by @Sn0wAlice Create: 2023-02-14 07:41:26 +0000 UTC Push: 2023-02-14 07:41:28 +0000 UTC |

Live-Hack-CVE/CVE-2023-24084 ChiKoi v1.0 was discovered to contain a SQL injection vulnerability via the load_file function. CVE project by @Sn0wAlice Create: 2023-02-14 07:41:22 +0000 UTC Push: 2023-02-14 07:41:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-45962 Open Solutions for Education, Inc openSIS Community Edition v8.0 and earlier is vulnerable to SQL Injection via CalendarModal.php. CVE project by @Sn0wAlice Create: 2023-02-14 07:41:19 +0000 UTC Push: 2023-02-14 07:41:21 +0000 UTC |

Live-Hack-CVE/CVE-2022-0355 Exposure of Sensitive Information to an Unauthorized Actor in NPM simple-get prior to 4.0.1. CVE project by @Sn0wAlice Create: 2023-02-14 07:41:15 +0000 UTC Push: 2023-02-14 07:41:17 +0000 UTC |

Live-Hack-CVE/CVE-2023-0819 Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2.3.0-DEV. CVE project by @Sn0wAlice Create: 2023-02-14 07:41:10 +0000 UTC Push: 2023-02-14 07:41:13 +0000 UTC |

Live-Hack-CVE/CVE-2023-0818 Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV. CVE project by @Sn0wAlice Create: 2023-02-14 07:41:06 +0000 UTC Push: 2023-02-14 07:41:09 +0000 UTC |

Live-Hack-CVE/CVE-2023-0817 Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV. CVE project by @Sn0wAlice Create: 2023-02-14 07:41:03 +0000 UTC Push: 2023-02-14 07:41:05 +0000 UTC |

Live-Hack-CVE/CVE-2022-47034 A type juggling vulnerability in the component /auth/fn.php of PlaySMS v1.4.5 and earlier allows attackers to bypass authentication. CVE project by @Sn0wAlice Create: 2023-02-14 07:40:59 +0000 UTC Push: 2023-02-14 07:41:02 +0000 UTC |

Live-Hack-CVE/CVE-2015-10079 A vulnerability was found in juju2143 WalrusIRC 0.0.2. It has been rated as problematic. This issue affects the function parseLinks of the file public/parser.js. The manipulation of the argument text leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 0.0.3 is able to address this CVE project by @Sn0wAlice Create: 2023-02-14 07:40:56 +0000 UTC Push: 2023-02-14 07:40:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-25719 ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to execute malicious queri CVE project by @Sn0wAlice Create: 2023-02-14 05:27:31 +0000 UTC Push: 2023-02-14 05:27:34 +0000 UTC |

Live-Hack-CVE/CVE-2023-25718 The cryptographic code signing process and controls on ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect) are cryptographically flawed. An attacker can remotely generate or locally alter file contents and bypass code-signing controls. This can be used to execute code as a trusted application provi CVE project by @Sn0wAlice Create: 2023-02-14 05:27:28 +0000 UTC Push: 2023-02-14 05:27:30 +0000 UTC |

Live-Hack-CVE/CVE-2023-25717 Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring. CVE project by @Sn0wAlice Create: 2023-02-14 05:27:24 +0000 UTC Push: 2023-02-14 05:27:27 +0000 UTC |

Live-Hack-CVE/CVE-2023-24188 ureport v2.2.9 was discovered to contain an arbitrary file deletion vulnerability. CVE project by @Sn0wAlice Create: 2023-02-14 05:27:20 +0000 UTC Push: 2023-02-14 05:27:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-48110 CKSource CKEditor5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Full Featured CKEditor5 widget. CVE project by @Sn0wAlice Create: 2023-02-14 05:27:16 +0000 UTC Push: 2023-02-14 05:27:19 +0000 UTC |

Live-Hack-CVE/CVE-2022-45285 Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9.1 is vulnerable to Cross Site Scripting (XSS). CVE project by @Sn0wAlice Create: 2023-02-14 05:27:12 +0000 UTC Push: 2023-02-14 05:27:15 +0000 UTC |

Live-Hack-CVE/CVE-2023-24619 Redpanda before 22.3.12 discloses cleartext AWS credentials. The import functionality in the rpk binary logs an AWS Access Key ID and Secret in cleartext to standard output, allowing a local user to view the key in the console, or in Kubernetes logs if stdout output is collected. The fixed versions are 22.3.12, 22.2.10 CVE project by @Sn0wAlice Create: 2023-02-14 05:27:09 +0000 UTC Push: 2023-02-14 05:27:11 +0000 UTC |

Live-Hack-CVE/CVE-2023-25159 Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a document collaboration app for the same platform. Nextcloud Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, Nextcloud Enterprise Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, CVE project by @Sn0wAlice Create: 2023-02-14 03:17:24 +0000 UTC Push: 2023-02-14 03:17:26 +0000 UTC |

Live-Hack-CVE/CVE-2023-24804 The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Prior to version 3.0, the app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. The bypasses may lead to information disclosure when uploading the app’s internal files, and to arbitrary f CVE project by @Sn0wAlice Create: 2023-02-14 03:17:19 +0000 UTC Push: 2023-02-14 03:17:22 +0000 UTC |