Live-Hack-CVE/CVE-2019-10349 A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins. CVE project by @Sn0wAlice Create: 2023-01-31 03:43:14 +0000 UTC Push: 2023-01-31 03:43:16 +0000 UTC |

Live-Hack-CVE/CVE-2019-10346 A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and earlier allowed attackers inject arbitrary HTML and JavaScript into the response of this plugin. CVE project by @Sn0wAlice Create: 2023-01-31 03:43:10 +0000 UTC Push: 2023-01-31 03:43:12 +0000 UTC |

Live-Hack-CVE/CVE-2019-10340 A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenk CVE project by @Sn0wAlice Create: 2023-01-31 03:43:06 +0000 UTC Push: 2023-01-31 03:43:09 +0000 UTC |

Live-Hack-CVE/CVE-2019-11821 SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter. CVE project by @Sn0wAlice Create: 2023-01-31 03:43:03 +0000 UTC Push: 2023-01-31 03:43:05 +0000 UTC |

Live-Hack-CVE/CVE-2019-13564 XSS exists in Ping Identity Agentless Integration Kit before 1.5. CVE project by @Sn0wAlice Create: 2023-01-31 03:42:59 +0000 UTC Push: 2023-01-31 03:43:01 +0000 UTC |

Live-Hack-CVE/CVE-2022-43975 An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. A vulnerability in the web server allows arbitrary files and configurations to be read via directory traversal over TCP port 8888. CVE project by @Sn0wAlice Create: 2023-01-31 03:42:55 +0000 UTC Push: 2023-01-31 03:42:58 +0000 UTC |

Live-Hack-CVE/CVE-2019-11822 Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto parameter. CVE project by @Sn0wAlice Create: 2023-01-31 03:42:51 +0000 UTC Push: 2023-01-31 03:42:53 +0000 UTC |

Live-Hack-CVE/CVE-2018-1893 IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152 CVE project by @Sn0wAlice Create: 2023-01-31 03:42:47 +0000 UTC Push: 2023-01-31 03:42:49 +0000 UTC |

Live-Hack-CVE/CVE-2018-1828 IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150 CVE project by @Sn0wAlice Create: 2023-01-31 03:42:43 +0000 UTC Push: 2023-01-31 03:42:46 +0000 UTC |

Live-Hack-CVE/CVE-2018-1892 IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152 CVE project by @Sn0wAlice Create: 2023-01-31 03:42:39 +0000 UTC Push: 2023-01-31 03:42:42 +0000 UTC |

Live-Hack-CVE/CVE-2018-1827 IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150 CVE project by @Sn0wAlice Create: 2023-01-31 03:42:35 +0000 UTC Push: 2023-01-31 03:42:37 +0000 UTC |

Live-Hack-CVE/CVE-2018-1826 IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150 CVE project by @Sn0wAlice Create: 2023-01-31 03:42:31 +0000 UTC Push: 2023-01-31 03:42:33 +0000 UTC |

Live-Hack-CVE/CVE-2018-1760 IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148 CVE project by @Sn0wAlice Create: 2023-01-31 03:42:27 +0000 UTC Push: 2023-01-31 03:42:30 +0000 UTC |

Live-Hack-CVE/CVE-2018-1734 IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 discloses sensitive information in error messages that may be used by a malicious user to orchestrate further attacks. IBM X-Force ID: 147838. CVE project by @Sn0wAlice Create: 2023-01-31 03:42:24 +0000 UTC Push: 2023-01-31 03:42:26 +0000 UTC |

Live-Hack-CVE/CVE-2018-1758 IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148 CVE project by @Sn0wAlice Create: 2023-01-31 03:42:20 +0000 UTC Push: 2023-01-31 03:42:22 +0000 UTC |

Live-Hack-CVE/CVE-2019-4377 IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 reveals sensitive information from a stack trace that could be used in further attacks against the system. IBM X-Force ID: 162803. CVE project by @Sn0wAlice Create: 2023-01-31 03:42:16 +0000 UTC Push: 2023-01-31 03:42:18 +0000 UTC |

Live-Hack-CVE/CVE-2019-4382 IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. IBM X-Force ID: 162162. CVE project by @Sn0wAlice Create: 2023-01-31 03:42:12 +0000 UTC Push: 2023-01-31 03:42:15 +0000 UTC |

Live-Hack-CVE/CVE-2019-13072 Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page. CVE project by @Sn0wAlice Create: 2023-01-31 03:42:08 +0000 UTC Push: 2023-01-31 03:42:11 +0000 UTC |

Live-Hack-CVE/CVE-2018-2013 IBM API Connect 2018.1 through 2018.4.1.5 could disclose sensitive information to an unauthorized user that could aid in further attacks against the system. IBM X-Force ID: 155193. CVE project by @Sn0wAlice Create: 2023-01-31 03:42:05 +0000 UTC Push: 2023-01-31 03:42:07 +0000 UTC |

Live-Hack-CVE/CVE-2019-11206 The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow a malicious user to undermine the integrity of comments and bookmarks. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Ana CVE project by @Sn0wAlice Create: 2023-01-31 03:42:00 +0000 UTC Push: 2023-01-31 03:42:03 +0000 UTC |