unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
增加标签
Tags (allow clear + 0 threshold)
Choose a tag...
Please select a valid tag.
Live-Hack-CVE/CVE-2023-24495
A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly. CVE project by @Sn0wAlice
Create: 2023-02-07 03:42:03 +0000 UTC Push: 2023-02-07 03:42:05 +0000 UTC |
Live-Hack-CVE/CVE-2021-41143
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the server. Versions 19.4.22 and 20.0.19 contain a patch for this issue. CVE project by @Sn0wAlice
Create: 2023-02-07 03:41:59 +0000 UTC Push: 2023-02-07 03:42:02 +0000 UTC |
Live-Hack-CVE/CVE-2021-41144
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue. CVE project by @Sn0wAlice
Create: 2023-02-07 03:41:55 +0000 UTC Push: 2023-02-07 03:41:57 +0000 UTC |
Live-Hack-CVE/CVE-2021-41231
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile. Versions 19.4.22 and 20.0.19 contain a patch for this issue. CVE project by @Sn0wAlice
Create: 2023-02-07 03:41:50 +0000 UTC Push: 2023-02-07 03:41:52 +0000 UTC |
Live-Hack-CVE/CVE-2023-24276
TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the country parameter at setting/delStaticDhcpRules. CVE project by @Sn0wAlice
Create: 2023-02-07 01:31:37 +0000 UTC Push: 2023-02-07 01:31:39 +0000 UTC |
Live-Hack-CVE/CVE-2023-24202
Raffle Draw System v1.0 was discovered to contain a local file inclusion vulnerability via the page parameter in index.php. CVE project by @Sn0wAlice
Create: 2023-02-07 01:31:33 +0000 UTC Push: 2023-02-07 01:31:36 +0000 UTC |
Live-Hack-CVE/CVE-2023-24201
Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at get_ticket.php. CVE project by @Sn0wAlice
Create: 2023-02-07 01:31:29 +0000 UTC Push: 2023-02-07 01:31:32 +0000 UTC |
Live-Hack-CVE/CVE-2023-24200
Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at save_ticket.php. CVE project by @Sn0wAlice
Create: 2023-02-07 01:31:26 +0000 UTC Push: 2023-02-07 01:31:28 +0000 UTC |
Live-Hack-CVE/CVE-2023-24199
Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at delete_ticket.php. CVE project by @Sn0wAlice
Create: 2023-02-07 01:31:22 +0000 UTC Push: 2023-02-07 01:31:24 +0000 UTC |
Live-Hack-CVE/CVE-2023-24198
Raffle Draw System v1.0 was discovered to contain multiple SQL injection vulnerabilities at save_winner.php via the ticket_id and draw parameters. CVE project by @Sn0wAlice
Create: 2023-02-07 01:31:18 +0000 UTC Push: 2023-02-07 01:31:21 +0000 UTC |
Live-Hack-CVE/CVE-2023-24197
Online Food Ordering System v2 was discovered to contain a SQL injection vulnerability via the id parameter at view_order.php. CVE project by @Sn0wAlice
Create: 2023-02-07 01:31:15 +0000 UTC Push: 2023-02-07 01:31:17 +0000 UTC |
Live-Hack-CVE/CVE-2023-24195
Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in index.php. CVE project by @Sn0wAlice
Create: 2023-02-07 01:31:11 +0000 UTC Push: 2023-02-07 01:31:13 +0000 UTC |
Live-Hack-CVE/CVE-2023-24194
Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in navbar.php. CVE project by @Sn0wAlice
Create: 2023-02-07 01:31:08 +0000 UTC Push: 2023-02-07 01:31:10 +0000 UTC |
Live-Hack-CVE/CVE-2023-24192
Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in login.php. CVE project by @Sn0wAlice
Create: 2023-02-07 01:31:04 +0000 UTC Push: 2023-02-07 01:31:06 +0000 UTC |
Live-Hack-CVE/CVE-2023-24191
Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in signup.php. CVE project by @Sn0wAlice
Create: 2023-02-07 01:31:00 +0000 UTC Push: 2023-02-07 01:31:03 +0000 UTC |
Live-Hack-CVE/CVE-2022-48019
The components wfshbr64.sys and wfshbr32.sys in Another Eden before v3.0.20 and before v2.14.200 allows attackers to perform privilege escalation via a crafted payload. CVE project by @Sn0wAlice
Create: 2023-02-07 01:30:57 +0000 UTC Push: 2023-02-07 01:30:59 +0000 UTC |
Live-Hack-CVE/CVE-2023-0451
All versions of Econolite EOS traffic control software are vulnerable to CWE-284: Improper Access Control, and lack a password requirement for gaining “READONLY” access to log files, as well as certain database and configuration files. One such file contains tables with message-digest algorithm 5 (MD5) hashes and usern CVE project by @Sn0wAlice
Create: 2023-02-07 01:30:53 +0000 UTC Push: 2023-02-07 01:30:55 +0000 UTC |
Live-Hack-CVE/CVE-2022-48078
pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was discovered to contain a stack overflow via the component ASTree.cpp:BuildFromCode. CVE project by @Sn0wAlice
Create: 2023-02-07 01:30:48 +0000 UTC Push: 2023-02-07 01:30:51 +0000 UTC |
Live-Hack-CVE/CVE-2022-47040
An issue in ASKEY router RTF3505VW-N1 BR_SV_g000_R3505VMN1001_s32_7 allows attackers to escalate privileges via running the tcpdump command after placing a crafted file in the /tmp directory and sending crafted packets through port 80. CVE project by @Sn0wAlice
Create: 2023-02-07 01:30:45 +0000 UTC Push: 2023-02-07 01:30:47 +0000 UTC |
Live-Hack-CVE/CVE-2022-43997
Incorrect access control in Aternity agent in Riverbed Aternity before 12.1.4.27 allows for local privilege escalation. There is an insufficiently protected handle to the A180AG.exe SYSTEM process with PROCESS_ALL_ACCESS rights. CVE project by @Sn0wAlice
Create: 2023-02-07 01:30:41 +0000 UTC Push: 2023-02-07 01:30:43 +0000 UTC |
Previous
407
408
409
410
411
412
413
414
Next