Live-Hack-CVE/CVE-2023-22724 GLPI is a Free Asset and IT Management Software package. Versions prior to 10.0.6 are subject to Cross-site Scripting via malicious RSS feeds. An Administrator can import a malicious RSS feed that contains Cross Site Scripting (XSS) payloads inside RSS links. Victims who wish to visit an RSS content and click on the li CVE project by @Sn0wAlice Create: 2023-02-02 05:27:42 +0000 UTC Push: 2023-02-02 05:27:44 +0000 UTC |

Live-Hack-CVE/CVE-2023-22722 GLPI is a Free Asset and IT Management Software package. Versions 9.4.0 and above, prior to 10.0.6 are subject to Cross-site Scripting. An attacker can persuade a victim into opening a URL containing a payload exploiting this vulnerability. After exploited, the attacker can make actions as the victim or exfiltrate sess CVE project by @Sn0wAlice Create: 2023-02-02 05:27:39 +0000 UTC Push: 2023-02-02 05:27:41 +0000 UTC |

Live-Hack-CVE/CVE-2023-22664 On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have CVE project by @Sn0wAlice Create: 2023-02-02 04:19:18 +0000 UTC Push: 2023-02-02 04:19:20 +0000 UTC |

Live-Hack-CVE/CVE-2023-22657 On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant file names may allow for command injection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. CVE project by @Sn0wAlice Create: 2023-02-02 04:19:14 +0000 UTC Push: 2023-02-02 04:19:17 +0000 UTC |

Live-Hack-CVE/CVE-2023-22422 On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, when a HTTP profile with the non-default Enforcement options of Enforce HTTP Compliance and Unknown Methods: Reject are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Softwa CVE project by @Sn0wAlice Create: 2023-02-02 04:19:11 +0000 UTC Push: 2023-02-02 04:19:13 +0000 UTC |

Live-Hack-CVE/CVE-2023-22418 On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.7, 14.1.x before 14.1.5.3, and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious attacker to build an open redirec CVE project by @Sn0wAlice Create: 2023-02-02 04:19:07 +0000 UTC Push: 2023-02-02 04:19:09 +0000 UTC |

Live-Hack-CVE/CVE-2023-22374 In BIG-IP starting in versions 17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6, and 13.1.5 on their respective branches, a format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful CVE project by @Sn0wAlice Create: 2023-02-02 04:19:03 +0000 UTC Push: 2023-02-02 04:19:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-22358 In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. CVE project by @Sn0wAlice Create: 2023-02-02 04:19:00 +0000 UTC Push: 2023-02-02 04:19:02 +0000 UTC |

Live-Hack-CVE/CVE-2023-22341 On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel (TMM) to terminate: * An OAuth Server that references an OAuth Provider * An OAuth profile with the Authorization End CVE project by @Sn0wAlice Create: 2023-02-02 04:18:56 +0000 UTC Push: 2023-02-02 04:18:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-22340 On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are n CVE project by @Sn0wAlice Create: 2023-02-02 04:18:52 +0000 UTC Push: 2023-02-02 04:18:54 +0000 UTC |

Live-Hack-CVE/CVE-2023-22323 In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have re CVE project by @Sn0wAlice Create: 2023-02-02 04:18:49 +0000 UTC Push: 2023-02-02 04:18:51 +0000 UTC |

Live-Hack-CVE/CVE-2023-22326 In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authent CVE project by @Sn0wAlice Create: 2023-02-02 04:18:46 +0000 UTC Push: 2023-02-02 04:18:48 +0000 UTC |

Live-Hack-CVE/CVE-2023-22302 In BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x beginning in 16.1.2.2 to before 16.1.3.3, when an HTTP profile is configured on a virtual server and conditions beyond the attacker’s control exist on the target pool member, undisclosed requests sent to the BIG-IP system can cause the Traffic Management Microkernel CVE project by @Sn0wAlice Create: 2023-02-02 04:18:42 +0000 UTC Push: 2023-02-02 04:18:44 +0000 UTC |

Live-Hack-CVE/CVE-2023-22283 On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacker requires administrati CVE project by @Sn0wAlice Create: 2023-02-02 04:18:38 +0000 UTC Push: 2023-02-02 04:18:40 +0000 UTC |

Live-Hack-CVE/CVE-2023-22281 On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP AFM NAT policy with a destination NAT rule is configured on a FastL4 virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. No CVE project by @Sn0wAlice Create: 2023-02-02 04:18:33 +0000 UTC Push: 2023-02-02 04:18:35 +0000 UTC |

Live-Hack-CVE/CVE-2022-47983 IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 243161. CVE project by @Sn0wAlice Create: 2023-02-02 04:18:29 +0000 UTC Push: 2023-02-02 04:18:32 +0000 UTC |

Live-Hack-CVE/CVE-2022-43922 IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM X-Force ID: 241583. CVE project by @Sn0wAlice Create: 2023-02-02 04:18:26 +0000 UTC Push: 2023-02-02 04:18:28 +0000 UTC |

Live-Hack-CVE/CVE-2023-20922 In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Andro CVE project by @Sn0wAlice Create: 2023-02-02 04:18:21 +0000 UTC Push: 2023-02-02 04:18:23 +0000 UTC |

Live-Hack-CVE/CVE-2023-20920 In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android- CVE project by @Sn0wAlice Create: 2023-02-02 04:18:17 +0000 UTC Push: 2023-02-02 04:18:20 +0000 UTC |

Live-Hack-CVE/CVE-2023-20921 In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVer CVE project by @Sn0wAlice Create: 2023-02-02 04:18:13 +0000 UTC Push: 2023-02-02 04:18:16 +0000 UTC |