Live-Hack-CVE/CVE-2023-0266 A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c CVE project by @Sn0wAlice Create: 2023-01-30 23:20:07 +0000 UTC Push: 2023-01-30 23:20:09 +0000 UTC |

Live-Hack-CVE/CVE-2023-0240 There is a logic error in io_uring's implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation. In the io_prep_async_work function the assumption that the last io_grab_identity call cannot return false is not true, and in this case the function will use the init_cred or CVE project by @Sn0wAlice Create: 2023-01-30 23:20:03 +0000 UTC Push: 2023-01-30 23:20:05 +0000 UTC |

Live-Hack-CVE/CVE-2022-45788 A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure™ Control Expert (All Versions), EcoStruxur CVE project by @Sn0wAlice Create: 2023-01-30 23:19:58 +0000 UTC Push: 2023-01-30 23:20:01 +0000 UTC |

Live-Hack-CVE/CVE-2023-20007 A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code or cause the web-based management process on the device to restart unexpectedly, resulting in a denial of se CVE project by @Sn0wAlice Create: 2023-01-30 23:19:54 +0000 UTC Push: 2023-01-30 23:19:57 +0000 UTC |

Live-Hack-CVE/CVE-2022-42484 An OS command injection vulnerability exists in the httpd logs/view.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. CVE project by @Sn0wAlice Create: 2023-01-30 22:14:50 +0000 UTC Push: 2023-01-30 22:14:53 +0000 UTC |

Live-Hack-CVE/CVE-2022-38451 A directory traversal vulnerability exists in the httpd update.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability. CVE project by @Sn0wAlice Create: 2023-01-30 22:14:46 +0000 UTC Push: 2023-01-30 22:14:49 +0000 UTC |

Live-Hack-CVE/CVE-2022-2988 A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC(V2.1.0 and prior), EcoStruxure Machine Expert – HVAC(V1.4.0 and prior). CVE project by @Sn0wAlice Create: 2023-01-30 22:14:41 +0000 UTC Push: 2023-01-30 22:14:45 +0000 UTC |

ATTACKnDEFEND/CVE-2023-24055-POC PowerShell POC for CVE-2023-24055 Create: 2023-01-30 21:22:22 +0000 UTC Push: 2023-02-05 03:42:34 +0000 UTC |

ATTACKnDEFEND/CVE-2023-24055 PowerShell POC for CVE-2023-24055 Create: 2023-01-30 21:22:22 +0000 UTC Push: 2023-02-02 22:59:55 +0000 UTC |

hacksysteam/CVE-2023-21608 Adobe Acrobat Reader - CVE-2023-21608 - Remote Code Execution Exploit Create: 2023-01-30 20:57:48 +0000 UTC Push: 2023-02-02 20:37:35 +0000 UTC |

Live-Hack-CVE/CVE-2023-22332 Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and CVE project by @Sn0wAlice Create: 2023-01-30 20:04:00 +0000 UTC Push: 2023-01-30 20:04:03 +0000 UTC |

Live-Hack-CVE/CVE-2023-22322 Improper restriction of XML external entity reference (XXE) vulnerability exists in OMRON CX-Motion Pro 1.4.6.013 and earlier. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Motion Pro is installed may be disclosed. CVE project by @Sn0wAlice Create: 2023-01-30 20:03:57 +0000 UTC Push: 2023-01-30 20:03:59 +0000 UTC |

Live-Hack-CVE/CVE-2023-22333 Cross-site scripting vulnerability in EasyMail 2.00.130 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. CVE project by @Sn0wAlice Create: 2023-01-30 20:03:53 +0000 UTC Push: 2023-01-30 20:03:56 +0000 UTC |

Live-Hack-CVE/CVE-2023-22324 SQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5.0 and earlier allows a remote authenticated attacker to execute an arbitrary SQL command. As a result, information stored in the database may be obtained. CVE project by @Sn0wAlice Create: 2023-01-30 20:03:49 +0000 UTC Push: 2023-01-30 20:03:52 +0000 UTC |

Live-Hack-CVE/CVE-2022-46359 Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure. CVE project by @Sn0wAlice Create: 2023-01-30 20:03:45 +0000 UTC Push: 2023-01-30 20:03:48 +0000 UTC |

Live-Hack-CVE/CVE-2022-46358 Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure. CVE project by @Sn0wAlice Create: 2023-01-30 20:03:42 +0000 UTC Push: 2023-01-30 20:03:44 +0000 UTC |

Live-Hack-CVE/CVE-2022-46357 Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure. CVE project by @Sn0wAlice Create: 2023-01-30 20:03:37 +0000 UTC Push: 2023-01-30 20:03:40 +0000 UTC |

Live-Hack-CVE/CVE-2022-46356 Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure. CVE project by @Sn0wAlice Create: 2023-01-30 20:03:34 +0000 UTC Push: 2023-01-30 20:03:36 +0000 UTC |

Live-Hack-CVE/CVE-2023-0474 Use after free in GuestView in Google Chrome prior to 109.0.5414.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a Chrome web app. (Chromium security severity: Medium) CVE project by @Sn0wAlice Create: 2023-01-30 20:03:30 +0000 UTC Push: 2023-01-30 20:03:32 +0000 UTC |

Live-Hack-CVE/CVE-2023-0473 Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) CVE project by @Sn0wAlice Create: 2023-01-30 20:03:26 +0000 UTC Push: 2023-01-30 20:03:28 +0000 UTC |