Live-Hack-CVE/CVE-2023-24153 A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. CVE project by @Sn0wAlice Create: 2023-02-11 00:30:22 +0000 UTC Push: 2023-02-11 00:30:24 +0000 UTC |

Live-Hack-CVE/CVE-2023-24139 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagHost parameter in the setNetworkDiag function. CVE project by @Sn0wAlice Create: 2023-02-11 00:30:17 +0000 UTC Push: 2023-02-11 00:30:19 +0000 UTC |

Live-Hack-CVE/CVE-2023-24140 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingNum parameter in the setNetworkDiag function. CVE project by @Sn0wAlice Create: 2023-02-11 00:30:13 +0000 UTC Push: 2023-02-11 00:30:16 +0000 UTC |

Live-Hack-CVE/CVE-2023-24141 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingTimeOut parameter in the setNetworkDiag function. CVE project by @Sn0wAlice Create: 2023-02-11 00:30:08 +0000 UTC Push: 2023-02-11 00:30:11 +0000 UTC |

Live-Hack-CVE/CVE-2023-24142 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingSize parameter in the setNetworkDiag function. CVE project by @Sn0wAlice Create: 2023-02-11 00:30:04 +0000 UTC Push: 2023-02-11 00:30:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-24144 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hour parameter in the setRebootScheCfg function. CVE project by @Sn0wAlice Create: 2023-02-11 00:30:00 +0000 UTC Push: 2023-02-11 00:30:02 +0000 UTC |

Live-Hack-CVE/CVE-2023-24143 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagTracertHop parameter in the setNetworkDiag function. CVE project by @Sn0wAlice Create: 2023-02-11 00:29:56 +0000 UTC Push: 2023-02-11 00:29:58 +0000 UTC |

dhina016/CVE-2022-47986 Create: 2023-02-10 21:16:42 +0000 UTC Push: 2023-02-10 21:17:09 +0000 UTC |

0xf4n9x/CVE-2023-0669 CVE-2023-0669 GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. Create: 2023-02-10 21:02:55 +0000 UTC Push: 2023-02-11 15:18:39 +0000 UTC |

PyterSmithDarkGhost/CVE-2023-24055-PoC-KeePass-2.5x- Create: 2023-02-10 20:04:29 +0000 UTC Push: 2023-02-10 20:04:29 +0000 UTC |

DickDock/CVE-2022-46166 CVE-2022-46166 靶场环境 Create: 2023-02-10 16:29:24 +0000 UTC Push: 2023-02-10 16:29:30 +0000 UTC |

houquanen/POC_CVE-2018-19518 Create: 2023-02-10 15:47:54 +0000 UTC Push: 2023-02-10 15:47:55 +0000 UTC |

UNICORDev/exploit-CVE-2022-25765 Exploit for CVE-2022–25765 (pdfkit) - Command Injection Create: 2023-02-10 08:50:35 +0000 UTC Push: 2023-02-24 10:29:15 +0000 UTC |

Live-Hack-CVE/CVE-2023-24689 An issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files inside the root path of the webserver via manipulation of the "s" parameter in /DesignTools/ManageSkin.aspx CVE project by @Sn0wAlice Create: 2023-02-10 05:53:40 +0000 UTC Push: 2023-02-10 05:53:43 +0000 UTC |

Live-Hack-CVE/CVE-2023-24688 An issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to register a new user even if the Allow User Registrations feature is disabled. CVE project by @Sn0wAlice Create: 2023-02-10 05:53:36 +0000 UTC Push: 2023-02-10 05:53:39 +0000 UTC |

Live-Hack-CVE/CVE-2023-24687 Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Company Info Settings component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtCompanyName parameter. CVE project by @Sn0wAlice Create: 2023-02-10 05:53:32 +0000 UTC Push: 2023-02-10 05:53:35 +0000 UTC |

Live-Hack-CVE/CVE-2023-24323 Mojoportal v2.7 was discovered to contain an authenticated XML external entity (XXE) injection vulnerability. CVE project by @Sn0wAlice Create: 2023-02-10 05:53:28 +0000 UTC Push: 2023-02-10 05:53:31 +0000 UTC |

Live-Hack-CVE/CVE-2023-24322 A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters. CVE project by @Sn0wAlice Create: 2023-02-10 05:53:25 +0000 UTC Push: 2023-02-10 05:53:27 +0000 UTC |

Live-Hack-CVE/CVE-2023-23912 A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote CVE project by @Sn0wAlice Create: 2023-02-10 05:53:22 +0000 UTC Push: 2023-02-10 05:53:24 +0000 UTC |

Live-Hack-CVE/CVE-2023-22799 A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately. CVE project by @Sn0wAlice Create: 2023-02-10 05:53:18 +0000 UTC Push: 2023-02-10 05:53:20 +0000 UTC |