Live-Hack-CVE/CVE-2013-10017 A vulnerability was found in fanzila WebFinance 0.5. It has been classified as critical. Affected is an unknown function of the file htdocs/admin/save_roles.php. The manipulation of the argument id leads to sql injection. The name of the patch is 6cfeb2f6b35c1b3a7320add07cd0493e4f752af3. It is recommended to apply a pa CVE project by @Sn0wAlice Create: 2023-02-04 09:28:16 +0000 UTC Push: 2023-02-04 09:28:18 +0000 UTC |

Live-Hack-CVE/CVE-2022-28711 A memory corruption vulnerability exists in the cgi.c unescape functionality of ArduPilot APWeb master branch 50b6b7ac - master branch 46177cb9. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. CVE project by @Sn0wAlice Create: 2023-02-04 09:28:12 +0000 UTC Push: 2023-02-04 09:28:15 +0000 UTC |

Live-Hack-CVE/CVE-2019-15015 In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system. CVE project by @Sn0wAlice Create: 2023-02-04 09:28:09 +0000 UTC Push: 2023-02-04 09:28:11 +0000 UTC |

Live-Hack-CVE/CVE-2019-15016 An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database. CVE project by @Sn0wAlice Create: 2023-02-04 09:28:05 +0000 UTC Push: 2023-02-04 09:28:07 +0000 UTC |

Live-Hack-CVE/CVE-2019-15017 The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials. CVE project by @Sn0wAlice Create: 2023-02-04 09:28:02 +0000 UTC Push: 2023-02-04 09:28:04 +0000 UTC |

Live-Hack-CVE/CVE-2019-16972 In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. CVE project by @Sn0wAlice Create: 2023-02-04 08:21:33 +0000 UTC Push: 2023-02-04 08:21:35 +0000 UTC |

Live-Hack-CVE/CVE-2019-16968 An issue was discovered in FusionPBX up to 4.5.7. In the file app\conference_controls\conference_control_details.php, an unsanitized id variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. CVE project by @Sn0wAlice Create: 2023-02-04 08:21:29 +0000 UTC Push: 2023-02-04 08:21:31 +0000 UTC |

Live-Hack-CVE/CVE-2019-16965 resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data. CVE project by @Sn0wAlice Create: 2023-02-04 08:21:26 +0000 UTC Push: 2023-02-04 08:21:28 +0000 UTC |

Live-Hack-CVE/CVE-2019-17671 In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled. CVE project by @Sn0wAlice Create: 2023-02-04 08:21:22 +0000 UTC Push: 2023-02-04 08:21:25 +0000 UTC |

Live-Hack-CVE/CVE-2019-17672 WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements. CVE project by @Sn0wAlice Create: 2023-02-04 08:21:18 +0000 UTC Push: 2023-02-04 08:21:20 +0000 UTC |

Live-Hack-CVE/CVE-2019-17675 WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF. CVE project by @Sn0wAlice Create: 2023-02-04 08:21:14 +0000 UTC Push: 2023-02-04 08:21:17 +0000 UTC |

Live-Hack-CVE/CVE-2019-17674 WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer. CVE project by @Sn0wAlice Create: 2023-02-04 08:21:11 +0000 UTC Push: 2023-02-04 08:21:13 +0000 UTC |

Live-Hack-CVE/CVE-2019-2924 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Suc CVE project by @Sn0wAlice Create: 2023-02-04 08:21:05 +0000 UTC Push: 2023-02-04 08:21:07 +0000 UTC |

Live-Hack-CVE/CVE-2019-2920 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). Supported versions that are affected are 5.3.13 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successfu CVE project by @Sn0wAlice Create: 2023-02-04 08:21:01 +0000 UTC Push: 2023-02-04 08:21:03 +0000 UTC |

Live-Hack-CVE/CVE-2019-2922 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Suc CVE project by @Sn0wAlice Create: 2023-02-04 08:20:57 +0000 UTC Push: 2023-02-04 08:21:00 +0000 UTC |

Live-Hack-CVE/CVE-2019-2923 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Suc CVE project by @Sn0wAlice Create: 2023-02-04 08:20:54 +0000 UTC Push: 2023-02-04 08:20:56 +0000 UTC |

Live-Hack-CVE/CVE-2019-16095 Symonics libmysofa 0.7 has an invalid read in getDimension in hrtf/reader.c. CVE project by @Sn0wAlice Create: 2023-02-04 08:20:51 +0000 UTC Push: 2023-02-04 08:20:53 +0000 UTC |

Live-Hack-CVE/CVE-2019-16094 Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. CVE project by @Sn0wAlice Create: 2023-02-04 08:20:47 +0000 UTC Push: 2023-02-04 08:20:50 +0000 UTC |

Live-Hack-CVE/CVE-2019-16093 Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. CVE project by @Sn0wAlice Create: 2023-02-04 08:20:44 +0000 UTC Push: 2023-02-04 08:20:46 +0000 UTC |

Live-Hack-CVE/CVE-2019-16092 Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hrtf/reader.c. CVE project by @Sn0wAlice Create: 2023-02-04 08:20:41 +0000 UTC Push: 2023-02-04 08:20:43 +0000 UTC |