Live-Hack-CVE/CVE-2022-4542 The Compact WP Audio Player WordPress plugin before 1.9.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such CVE project by @Sn0wAlice Create: 2023-01-31 05:54:41 +0000 UTC Push: 2023-01-31 05:54:44 +0000 UTC |

Live-Hack-CVE/CVE-2017-2786 A denial of service vulnerability exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to an out of bounds read causing a crash and a denial of service. CVE project by @Sn0wAlice Create: 2023-01-31 05:54:38 +0000 UTC Push: 2023-01-31 05:54:40 +0000 UTC |

Live-Hack-CVE/CVE-2022-4625 The Login Logout Menu WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as adm CVE project by @Sn0wAlice Create: 2023-01-31 05:54:34 +0000 UTC Push: 2023-01-31 05:54:36 +0000 UTC |

Live-Hack-CVE/CVE-2016-8339 A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to CVE project by @Sn0wAlice Create: 2023-01-31 05:54:30 +0000 UTC Push: 2023-01-31 05:54:33 +0000 UTC |

Live-Hack-CVE/CVE-2020-7588 A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All CVE project by @Sn0wAlice Create: 2023-01-31 05:54:27 +0000 UTC Push: 2023-01-31 05:54:29 +0000 UTC |

Live-Hack-CVE/CVE-2020-7587 A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All CVE project by @Sn0wAlice Create: 2023-01-31 05:54:23 +0000 UTC Push: 2023-01-31 05:54:26 +0000 UTC |

Live-Hack-CVE/CVE-2022-4650 The HashBar WordPress plugin before 1.3.6 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. CVE project by @Sn0wAlice Create: 2023-01-31 05:54:20 +0000 UTC Push: 2023-01-31 05:54:22 +0000 UTC |

Live-Hack-CVE/CVE-2020-7581 A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC Notifier Se CVE project by @Sn0wAlice Create: 2023-01-31 05:54:16 +0000 UTC Push: 2023-01-31 05:54:18 +0000 UTC |

Live-Hack-CVE/CVE-2019-14861 All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS part CVE project by @Sn0wAlice Create: 2023-01-31 05:54:12 +0000 UTC Push: 2023-01-31 05:54:15 +0000 UTC |

Live-Hack-CVE/CVE-2019-1458 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. CVE project by @Sn0wAlice Create: 2023-01-31 05:54:08 +0000 UTC Push: 2023-01-31 05:54:11 +0000 UTC |

Live-Hack-CVE/CVE-2022-4668 The Easy Appointments WordPress plugin before 3.11.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as ad CVE project by @Sn0wAlice Create: 2023-01-31 05:54:05 +0000 UTC Push: 2023-01-31 05:54:07 +0000 UTC |

Live-Hack-CVE/CVE-2017-16349 An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in information disclosure and potential denial of service. An attacker can issue authenticated HTTP requests to trigger this vul CVE project by @Sn0wAlice Create: 2023-01-31 05:54:01 +0000 UTC Push: 2023-01-31 05:54:03 +0000 UTC |

Live-Hack-CVE/CVE-2020-14946 downloadFile.ashx in the Administrator section of the Surveillance module in Global RADAR BSA Radar 1.6.7234.24750 and earlier allows users to download transaction files. When downloading the files, a user is able to view local files on the web server by manipulating the FileName and FilePath parameters in the URL, or CVE project by @Sn0wAlice Create: 2023-01-31 05:53:57 +0000 UTC Push: 2023-01-31 05:54:00 +0000 UTC |

Live-Hack-CVE/CVE-2019-19726 OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but f CVE project by @Sn0wAlice Create: 2023-01-31 05:53:54 +0000 UTC Push: 2023-01-31 05:53:56 +0000 UTC |

Live-Hack-CVE/CVE-2019-19650 Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function. CVE project by @Sn0wAlice Create: 2023-01-31 05:53:50 +0000 UTC Push: 2023-01-31 05:53:53 +0000 UTC |

Live-Hack-CVE/CVE-2022-4673 The Rate my Post WordPress plugin before 3.3.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. CVE project by @Sn0wAlice Create: 2023-01-31 05:53:46 +0000 UTC Push: 2023-01-31 05:53:49 +0000 UTC |

Live-Hack-CVE/CVE-2022-4627 The ShiftNav WordPress plugin before 1.7.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. CVE project by @Sn0wAlice Create: 2023-01-31 05:53:42 +0000 UTC Push: 2023-01-31 05:53:45 +0000 UTC |

Live-Hack-CVE/CVE-2021-24837 The Passster WordPress plugin before 3.5.5.8 does not escape the area parameter of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks. CVE project by @Sn0wAlice Create: 2023-01-31 05:53:39 +0000 UTC Push: 2023-01-31 05:53:41 +0000 UTC |

Live-Hack-CVE/CVE-2022-4675 The Mongoose Page Plugin WordPress plugin before 1.9.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. CVE project by @Sn0wAlice Create: 2023-01-31 05:53:35 +0000 UTC Push: 2023-01-31 05:53:37 +0000 UTC |

abbisQQ/CVE-2023-24610 This is a proof of concept for CVE-2023-24610 Create: 2023-01-31 05:33:46 +0000 UTC Push: 2023-01-31 05:34:34 +0000 UTC |