unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
增加标签
Tags (allow clear + 0 threshold)
Choose a tag...
Please select a valid tag.
Live-Hack-CVE/CVE-2023-23948
The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Version 2.21.1 of the ownCloud Android app is vulnerable to SQL injection in `FileContentProvider.kt`. This issue can lead to information disclosure. Two databases, `filelist` and `owncloud_database`, are affected. In version 3 CVE project by @Sn0wAlice
Create: 2023-02-14 03:17:16 +0000 UTC Push: 2023-02-14 03:17:18 +0000 UTC |
Live-Hack-CVE/CVE-2023-0810
Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.11. CVE project by @Sn0wAlice
Create: 2023-02-14 03:17:12 +0000 UTC Push: 2023-02-14 03:17:14 +0000 UTC |
Live-Hack-CVE/CVE-2022-48077
Genymotion Desktop v3.3.2 was discovered to contain a DLL hijacking vulnerability that allows attackers to escalate privileges and execute arbitrary code via a crafted DLL. CVE project by @Sn0wAlice
Create: 2023-02-14 03:17:08 +0000 UTC Push: 2023-02-14 03:17:10 +0000 UTC |
Live-Hack-CVE/CVE-2022-41134
Cross-Site Request Forgery (CSRF) in OptinlyHQ Optinly – Exit Intent, Newsletter Popups, Gamification & Opt-in Forms plugin <= 1.0.15 versions. CVE project by @Sn0wAlice
Create: 2023-02-14 03:17:04 +0000 UTC Push: 2023-02-14 03:17:07 +0000 UTC |
Live-Hack-CVE/CVE-2022-3089
Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file transfer protocol (FTP) serv CVE project by @Sn0wAlice
Create: 2023-02-14 03:17:00 +0000 UTC Push: 2023-02-14 03:17:03 +0000 UTC |
Live-Hack-CVE/CVE-2021-37375
** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek VidiU / VidiU Mini firmware version 3.0.8 and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be recei CVE project by @Sn0wAlice
Create: 2023-02-14 03:16:53 +0000 UTC Push: 2023-02-14 03:16:56 +0000 UTC |
Live-Hack-CVE/CVE-2021-37379
** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Sphere all firmware versions allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates CVE project by @Sn0wAlice
Create: 2023-02-14 03:16:48 +0000 UTC Push: 2023-02-14 03:16:50 +0000 UTC |
Live-Hack-CVE/CVE-2023-23553
Control By Web X-400 devices are vulnerable to a cross-site scripting attack, which could result in private and session information being transferred to the attacker. CVE project by @Sn0wAlice
Create: 2023-02-14 03:16:43 +0000 UTC Push: 2023-02-14 03:16:46 +0000 UTC |
Live-Hack-CVE/CVE-2023-23551
Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arbitrary code. CVE project by @Sn0wAlice
Create: 2023-02-14 03:16:40 +0000 UTC Push: 2023-02-14 03:16:42 +0000 UTC |
Live-Hack-CVE/CVE-2023-22854
The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information. CVE project by @Sn0wAlice
Create: 2023-02-14 03:16:36 +0000 UTC Push: 2023-02-14 03:16:38 +0000 UTC |
Live-Hack-CVE/CVE-2021-37376
** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Bond, Bond 2 and Bond Pro firmware version 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not b CVE project by @Sn0wAlice
Create: 2023-02-14 03:16:32 +0000 UTC Push: 2023-02-14 03:16:34 +0000 UTC |
Live-Hack-CVE/CVE-2021-37377
** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Brik firmware version 7.2.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmw CVE project by @Sn0wAlice
Create: 2023-02-14 03:16:28 +0000 UTC Push: 2023-02-14 03:16:30 +0000 UTC |
Live-Hack-CVE/CVE-2021-37378
** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Cube and Cube Pro firmware version 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiv CVE project by @Sn0wAlice
Create: 2023-02-14 03:16:24 +0000 UTC Push: 2023-02-14 03:16:26 +0000 UTC |
Live-Hack-CVE/CVE-2015-6048
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6049. CVE project by @Sn0wAlice
Create: 2023-02-14 03:16:20 +0000 UTC Push: 2023-02-14 03:16:23 +0000 UTC |
Live-Hack-CVE/CVE-2015-6051
Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Internet Explorer Elevation of Privilege Vulnerability." CVE project by @Sn0wAlice
Create: 2023-02-14 03:16:16 +0000 UTC Push: 2023-02-14 03:16:19 +0000 UTC |
Turzum/CVE-2021-4034
Resources required for Pluralsight lab CVE-2021-4034
Create: 2023-02-14 02:27:30 +0000 UTC Push: 2023-02-14 02:27:31 +0000 UTC |
Turzum/ps-lab-cve-2021-4034
Resources required for Pluralsight lab CVE-2021-4034
Create: 2023-02-14 02:22:07 +0000 UTC Push: 2023-02-14 02:22:08 +0000 UTC |
Live-Hack-CVE/CVE-2023-0034
The JetWidgets For Elementor WordPress plugin through 1.0.13 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks CVE project by @Sn0wAlice
Create: 2023-02-14 02:07:59 +0000 UTC Push: 2023-02-14 02:08:02 +0000 UTC |
Live-Hack-CVE/CVE-2022-4830
The Paid Memberships Pro WordPress plugin before 2.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as CVE project by @Sn0wAlice
Create: 2023-02-14 02:07:55 +0000 UTC Push: 2023-02-14 02:07:58 +0000 UTC |
Live-Hack-CVE/CVE-2022-4783
The Youtube Channel Gallery WordPress plugin through 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks CVE project by @Sn0wAlice
Create: 2023-02-14 02:07:52 +0000 UTC Push: 2023-02-14 02:07:54 +0000 UTC |
Previous
377
378
379
380
381
382
383
384
Next