Live-Hack-CVE/CVE-2017-18539 The weblibrarian plugin before 3.4.8.6 for WordPress has XSS via front-end short codes. CVE project by @Sn0wAlice Create: 2023-02-09 09:58:54 +0000 UTC Push: 2023-02-09 09:58:56 +0000 UTC |

Live-Hack-CVE/CVE-2023-0669 Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2. CVE project by @Sn0wAlice Create: 2023-02-09 09:58:50 +0000 UTC Push: 2023-02-09 09:58:53 +0000 UTC |

Live-Hack-CVE/CVE-2023-0251 Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a buffer overflow through improper restrictions of operations within memory, which could allow an attacker to remotely execute arbitrary code. CVE project by @Sn0wAlice Create: 2023-02-09 09:58:47 +0000 UTC Push: 2023-02-09 09:58:49 +0000 UTC |

Live-Hack-CVE/CVE-2023-0250 Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code. CVE project by @Sn0wAlice Create: 2023-02-09 09:58:43 +0000 UTC Push: 2023-02-09 09:58:46 +0000 UTC |

Live-Hack-CVE/CVE-2023-0249 Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. CVE project by @Sn0wAlice Create: 2023-02-09 09:58:40 +0000 UTC Push: 2023-02-09 09:58:42 +0000 UTC |

Live-Hack-CVE/CVE-2023-25168 Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with `GHSA-p8r3-83r8-jwj5` to overwrite files on the host system. In order to use this exploit, an attacker must have an existing "server" alloca CVE project by @Sn0wAlice Create: 2023-02-09 09:58:29 +0000 UTC Push: 2023-02-09 09:58:32 +0000 UTC |

Live-Hack-CVE/CVE-2022-40692 Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo Cart plugin <= 2.9.13 versions. CVE project by @Sn0wAlice Create: 2023-02-09 07:47:40 +0000 UTC Push: 2023-02-09 07:47:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-44585 Cross-Site Request Forgery (CSRF) vulnerability in Magneticlab Sàrl Homepage Pop-up plugin <= 1.2.5 versions. CVE project by @Sn0wAlice Create: 2023-02-09 07:47:35 +0000 UTC Push: 2023-02-09 07:47:37 +0000 UTC |

Live-Hack-CVE/CVE-2023-25163 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v2.6.0-rc1 have an output sanitization bug which leaks repository access credentials in error messages. These error messages are visible to the user, and they are logged. The error message is visible when a u CVE project by @Sn0wAlice Create: 2023-02-09 07:47:30 +0000 UTC Push: 2023-02-09 07:47:33 +0000 UTC |

Live-Hack-CVE/CVE-2022-47648 Bosch Security Systems B420 firmware 02.02.0001 employs IP based authorization in its authentication mechanism, allowing attackers to access the device as long as they are on the same network as a legitimate user. CVE project by @Sn0wAlice Create: 2023-02-09 07:47:27 +0000 UTC Push: 2023-02-09 07:47:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-45982 thinkphp 6.0.0~6.0.13 and 6.1.0~6.1.1 contains a deserialization vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload. CVE project by @Sn0wAlice Create: 2023-02-09 07:47:24 +0000 UTC Push: 2023-02-09 07:47:26 +0000 UTC |

Live-Hack-CVE/CVE-2022-38778 A flaw (CVE-2022-38900) was discovered in one of Kibana’s third party dependencies, that could allow an authenticated user to perform a request that crashes the Kibana server process. CVE project by @Sn0wAlice Create: 2023-02-09 07:47:20 +0000 UTC Push: 2023-02-09 07:47:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-38777 An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. CVE project by @Sn0wAlice Create: 2023-02-09 07:47:16 +0000 UTC Push: 2023-02-09 07:47:19 +0000 UTC |

Live-Hack-CVE/CVE-2023-24508 Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validate CVE project by @Sn0wAlice Create: 2023-02-09 07:47:12 +0000 UTC Push: 2023-02-09 07:47:14 +0000 UTC |

Live-Hack-CVE/CVE-2022-26872 AMI Megarac Password reset interception via API CVE project by @Sn0wAlice Create: 2023-02-09 07:47:08 +0000 UTC Push: 2023-02-09 07:47:11 +0000 UTC |

Live-Hack-CVE/CVE-2019-15112 The wp-slimstat plugin before 4.8.1 for WordPress has XSS. CVE project by @Sn0wAlice Create: 2023-02-09 07:46:57 +0000 UTC Push: 2023-02-09 07:46:59 +0000 UTC |

Live-Hack-CVE/CVE-2017-18540 The weblibrarian plugin before 3.4.8.7 for WordPress has XSS via front-end short codes. CVE project by @Sn0wAlice Create: 2023-02-09 07:46:54 +0000 UTC Push: 2023-02-09 07:46:56 +0000 UTC |

Live-Hack-CVE/CVE-2017-18538 The weblibrarian plugin before 3.4.8.5 for WordPress has XSS via front-end short codes. CVE project by @Sn0wAlice Create: 2023-02-09 07:46:50 +0000 UTC Push: 2023-02-09 07:46:52 +0000 UTC |

Live-Hack-CVE/CVE-2022-4304 A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulne CVE project by @Sn0wAlice Create: 2023-02-09 05:33:35 +0000 UTC Push: 2023-02-09 05:33:38 +0000 UTC |

Live-Hack-CVE/CVE-2022-34350 IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS loo CVE project by @Sn0wAlice Create: 2023-02-09 05:33:31 +0000 UTC Push: 2023-02-09 05:33:34 +0000 UTC |