unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
增加标签
Tags (allow clear + 0 threshold)
Choose a tag...
Please select a valid tag.
Live-Hack-CVE/CVE-2023-25152
Wings is Pterodactyl's server control plane. Affected versions are subject to a vulnerability which can be used to create new files and directory structures on the host system that previously did not exist, potentially allowing attackers to change their resource allocations, promote their containers to privileged mode, CVE project by @Sn0wAlice
Create: 2023-02-09 23:15:32 +0000 UTC Push: 2023-02-09 23:15:34 +0000 UTC |
Live-Hack-CVE/CVE-2023-23475
IBM Infosphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245423. CVE project by @Sn0wAlice
Create: 2023-02-09 23:15:28 +0000 UTC Push: 2023-02-09 23:15:31 +0000 UTC |
Live-Hack-CVE/CVE-2023-0690
HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key Management Service (KMS) defined in the configuration file, new credentials created after an automatic rotation may not have been encrypted via the intended KMS. This would result in the credentials being store CVE project by @Sn0wAlice
Create: 2023-02-09 23:15:25 +0000 UTC Push: 2023-02-09 23:15:27 +0000 UTC |
Live-Hack-CVE/CVE-2022-45755
Cross-site scripting (XSS) vulnerability in EyouCMS v1.6.0 allows attackers to execute arbitrary code via the home page description on the basic information page. CVE project by @Sn0wAlice
Create: 2023-02-09 23:15:20 +0000 UTC Push: 2023-02-09 23:15:23 +0000 UTC |
Live-Hack-CVE/CVE-2022-45527
File upload vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows unauthorized attackers to directly upload malicious files to the courseimg directory. CVE project by @Sn0wAlice
Create: 2023-02-09 23:15:16 +0000 UTC Push: 2023-02-09 23:15:19 +0000 UTC |
Live-Hack-CVE/CVE-2022-34362
IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 230523. CVE project by @Sn0wAlice
Create: 2023-02-09 23:15:13 +0000 UTC Push: 2023-02-09 23:15:15 +0000 UTC |
Live-Hack-CVE/CVE-2022-45526
SQL Injection vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows attackers to execute arbitrary commands via the ad parameter to /admin_area/login_transfer.php. CVE project by @Sn0wAlice
Create: 2023-02-09 23:15:09 +0000 UTC Push: 2023-02-09 23:15:11 +0000 UTC |
Live-Hack-CVE/CVE-2022-42438
IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. IBM X-Force ID: 238210. CVE project by @Sn0wAlice
Create: 2023-02-09 23:15:05 +0000 UTC Push: 2023-02-09 23:15:08 +0000 UTC |
Live-Hack-CVE/CVE-2022-35720
IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373. CVE project by @Sn0wAlice
Create: 2023-02-09 23:15:01 +0000 UTC Push: 2023-02-09 23:15:04 +0000 UTC |
Live-Hack-CVE/CVE-2023-0760
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV. CVE project by @Sn0wAlice
Create: 2023-02-09 23:14:46 +0000 UTC Push: 2023-02-09 23:14:48 +0000 UTC |
Live-Hack-CVE/CVE-2023-0759
Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8. CVE project by @Sn0wAlice
Create: 2023-02-09 23:14:42 +0000 UTC Push: 2023-02-09 23:14:45 +0000 UTC |
Live-Hack-CVE/CVE-2023-0758
A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclo CVE project by @Sn0wAlice
Create: 2023-02-09 22:09:29 +0000 UTC Push: 2023-02-09 22:09:32 +0000 UTC |
Live-Hack-CVE/CVE-2022-43440
Uncontrolled Search Path Element in Checkmk Agent in Tribe29 Checkmk before 2.1.0p1, before 2.0.0p25 and before 1.6.0p29 on a Checkmk server allows the site user to escalate privileges via a manipulated unixcat executable CVE project by @Sn0wAlice
Create: 2023-02-09 19:55:40 +0000 UTC Push: 2023-02-09 19:55:42 +0000 UTC |
Bhathiya404/Exploiting-Stagefright-Vulnerability-CVE-2015-3864
Create: 2023-02-09 19:08:10 +0000 UTC Push: 2023-02-09 19:08:11 +0000 UTC |
ohnonoyesyes/CVE-2023-25194
Create: 2023-02-09 18:49:46 +0000 UTC Push: 2023-02-09 18:49:48 +0000 UTC |
Live-Hack-CVE/CVE-2022-22965
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to th CVE project by @Sn0wAlice
Create: 2023-02-09 14:32:58 +0000 UTC Push: 2023-02-09 14:33:01 +0000 UTC |
Live-Hack-CVE/CVE-2018-3982
An exploitable arbitrary write vulnerability exists in the Word document parser of the Atlantis Word Processor 3.0.2.3 and 3.0.2.5. A specially crafted document can prevent Atlas from adding elements to an array that is indexed by a loop. When reading from this array, the application will use an out-of-bounds index whi CVE project by @Sn0wAlice
Create: 2023-02-09 14:32:54 +0000 UTC Push: 2023-02-09 14:32:57 +0000 UTC |
Live-Hack-CVE/CVE-2022-27904
Automox Agent for macOS before version 39 was vulnerable to a time-of-check/time-of-use (TOCTOU) race-condition attack during the agent install process. CVE project by @Sn0wAlice
Create: 2023-02-09 14:32:51 +0000 UTC Push: 2023-02-09 14:32:53 +0000 UTC |
Live-Hack-CVE/CVE-2020-27068
Product: AndroidVersions: Android kernelAndroid ID: A-127973231References: Upstream kernel CVE project by @Sn0wAlice
Create: 2023-02-09 14:32:47 +0000 UTC Push: 2023-02-09 14:32:50 +0000 UTC |
Live-Hack-CVE/CVE-2019-13626
SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c. CVE project by @Sn0wAlice
Create: 2023-02-09 14:32:44 +0000 UTC Push: 2023-02-09 14:32:46 +0000 UTC |
Previous
393
394
395
396
397
398
399
400
Next