unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
增加标签
Tags (allow clear + 0 threshold)
Choose a tag...
Please select a valid tag.
Live-Hack-CVE/CVE-2023-0149
The WordPrezi WordPress plugin through 0.8.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks CVE project by @Sn0wAlice
Create: 2023-02-07 05:51:49 +0000 UTC Push: 2023-02-07 05:51:51 +0000 UTC |
Live-Hack-CVE/CVE-2023-0148
The Gallery Factory Lite WordPress plugin through 2.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. CVE project by @Sn0wAlice
Create: 2023-02-07 05:51:46 +0000 UTC Push: 2023-02-07 05:51:48 +0000 UTC |
Live-Hack-CVE/CVE-2023-0072
The WC Vendors Marketplace WordPress plugin before 2.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. CVE project by @Sn0wAlice
Create: 2023-02-07 05:51:42 +0000 UTC Push: 2023-02-07 05:51:44 +0000 UTC |
Live-Hack-CVE/CVE-2022-4657
The Restaurant Menu WordPress plugin before 2.3.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks CVE project by @Sn0wAlice
Create: 2023-02-07 05:51:38 +0000 UTC Push: 2023-02-07 05:51:41 +0000 UTC |
Live-Hack-CVE/CVE-2022-4626
The PPWP WordPress plugin before 1.8.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. CVE project by @Sn0wAlice
Create: 2023-02-07 05:51:35 +0000 UTC Push: 2023-02-07 05:51:37 +0000 UTC |
Live-Hack-CVE/CVE-2022-32663
In Wi-Fi driver, there is a possible system crash due to null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220720014; Issue ID: GN20220720014. CVE project by @Sn0wAlice
Create: 2023-02-07 05:51:31 +0000 UTC Push: 2023-02-07 05:51:33 +0000 UTC |
Live-Hack-CVE/CVE-2023-0581
The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to the plugin checking if an IP had been blocklist via client-side scripts rather than server-side. This makes it possible for unauthenticate CVE project by @Sn0wAlice
Create: 2023-02-07 05:51:26 +0000 UTC Push: 2023-02-07 05:51:28 +0000 UTC |
electr0sm0g/CVE-2022-4510
Binwalk Remote Command Execution
Create: 2023-02-07 04:53:49 +0000 UTC Push: 2023-02-07 04:53:50 +0000 UTC |
Live-Hack-CVE/CVE-2022-42492
Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's D CVE project by @Sn0wAlice
Create: 2023-02-07 03:42:57 +0000 UTC Push: 2023-02-07 03:42:59 +0000 UTC |
Live-Hack-CVE/CVE-2022-42490
Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's D CVE project by @Sn0wAlice
Create: 2023-02-07 03:42:54 +0000 UTC Push: 2023-02-07 03:42:56 +0000 UTC |
Live-Hack-CVE/CVE-2022-41991
A heap-based buffer overflow vulnerability exists in the m2m DELETE_FILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger this vulnerability. CVE project by @Sn0wAlice
Create: 2023-02-07 03:42:50 +0000 UTC Push: 2023-02-07 03:42:52 +0000 UTC |
Live-Hack-CVE/CVE-2023-23614
Pi-hole®'s Web interface (based off of AdminLTE) provides a central location to manage your Pi-hole. Versions 4.0 and above, prior to 5.18.3 are vulnerable to Insufficient Session Expiration. Improper use of admin WEBPASSWORD hash as "Remember me for 7 days" cookie value makes it possible for an attacker to "pass the h CVE project by @Sn0wAlice
Create: 2023-02-07 03:42:46 +0000 UTC Push: 2023-02-07 03:42:49 +0000 UTC |
Live-Hack-CVE/CVE-2022-41019
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer ove CVE project by @Sn0wAlice
Create: 2023-02-07 03:42:42 +0000 UTC Push: 2023-02-07 03:42:45 +0000 UTC |
Live-Hack-CVE/CVE-2022-42491
Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's M CVE project by @Sn0wAlice
Create: 2023-02-07 03:42:39 +0000 UTC Push: 2023-02-07 03:42:41 +0000 UTC |
Live-Hack-CVE/CVE-2022-41154
A directory traversal vulnerability exists in the m2m DELETE_FILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary file deletion. An attacker can send a network request to trigger this vulnerability. CVE project by @Sn0wAlice
Create: 2023-02-07 03:42:35 +0000 UTC Push: 2023-02-07 03:42:37 +0000 UTC |
Live-Hack-CVE/CVE-2022-41030
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer ove CVE project by @Sn0wAlice
Create: 2023-02-07 03:42:32 +0000 UTC Push: 2023-02-07 03:42:34 +0000 UTC |
Live-Hack-CVE/CVE-2022-4335
A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect to a local host. CVE project by @Sn0wAlice
Create: 2023-02-07 03:42:21 +0000 UTC Push: 2023-02-07 03:42:24 +0000 UTC |
Live-Hack-CVE/CVE-2023-0356
SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encryption for credentials on HTTP connections, which could result in threat actors obtaining sensitive information. CVE project by @Sn0wAlice
Create: 2023-02-07 03:42:18 +0000 UTC Push: 2023-02-07 03:42:20 +0000 UTC |
Live-Hack-CVE/CVE-2023-22240
Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim CVE project by @Sn0wAlice
Create: 2023-02-07 03:42:14 +0000 UTC Push: 2023-02-07 03:42:16 +0000 UTC |
Live-Hack-CVE/CVE-2023-22241
Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim CVE project by @Sn0wAlice
Create: 2023-02-07 03:42:10 +0000 UTC Push: 2023-02-07 03:42:12 +0000 UTC |
Previous
406
407
408
409
410
411
412
413
Next