Live-Hack-CVE/CVE-2023-0556 The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to obtain the blog metadata (via the function cstu_get_metadata) that includes the plugin's co CVE project by @Sn0wAlice Create: 2023-01-28 07:52:34 +0000 UTC Push: 2023-01-28 07:52:36 +0000 UTC |

Live-Hack-CVE/CVE-2022-4255 An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload. CVE project by @Sn0wAlice Create: 2023-01-28 07:52:30 +0000 UTC Push: 2023-01-28 07:52:33 +0000 UTC |

Live-Hack-CVE/CVE-2022-4205 In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash. CVE project by @Sn0wAlice Create: 2023-01-28 07:52:27 +0000 UTC Push: 2023-01-28 07:52:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-4201 A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner. CVE project by @Sn0wAlice Create: 2023-01-28 07:52:23 +0000 UTC Push: 2023-01-28 07:52:26 +0000 UTC |

Live-Hack-CVE/CVE-2022-46968 A stored cross-site scripting (XSS) vulnerability in /index.php?page=help of Revenue Collection System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into sent messages. CVE project by @Sn0wAlice Create: 2023-01-28 07:52:20 +0000 UTC Push: 2023-01-28 07:52:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-43980 There is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing functionality. An attacker could modify a network map, including on purpose the name of an XSS payload. Once created, if a user with admin privileges clicks on the edited network maps, the XSS payload will be executed. CVE project by @Sn0wAlice Create: 2023-01-28 07:52:17 +0000 UTC Push: 2023-01-28 07:52:19 +0000 UTC |

Live-Hack-CVE/CVE-2022-43979 There is a Path Traversal that leads to a Local File Inclusion in Pandora FMS v764. A function is called to check that the parameter that the user has inserted does not contain malicious characteres, but this check is insufficient. An attacker could insert an absolute path to overcome the heck, thus being able to inclu CVE project by @Sn0wAlice Create: 2023-01-28 07:52:13 +0000 UTC Push: 2023-01-28 07:52:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-43978 There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid session when he is not trying to do a login. Since the secret is static in generatePublicHash function, an attacker with knowledge of a valid session can abuse this in order to pass the authenticati CVE project by @Sn0wAlice Create: 2023-01-28 07:52:10 +0000 UTC Push: 2023-01-28 07:52:12 +0000 UTC |

Live-Hack-CVE/CVE-2022-39813 Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under NMSCIWebGui/j_security_check via the j_username parameter, or NMSCIWebGui/actloglineview.jsp via the name or actLine parameter. An attacker leveraging this vulnerability could inject arbitrary JavaScript. The payload would then be tr CVE project by @Sn0wAlice Create: 2023-01-28 07:52:06 +0000 UTC Push: 2023-01-28 07:52:08 +0000 UTC |

Live-Hack-CVE/CVE-2022-39812 Italtel NetMatch-S CI 5.2.0-20211008 allows Absolute Path Traversal under NMSCI-WebGui/SaveFileUploader. An unauthenticated user can upload files to an arbitrary path. An attacker can change the uploadDir parameter in a POST request (not possible using the GUI) to an arbitrary directory. Because the application does no CVE project by @Sn0wAlice Create: 2023-01-28 07:52:03 +0000 UTC Push: 2023-01-28 07:52:05 +0000 UTC |

Live-Hack-CVE/CVE-2022-39811 Italtel NetMatch-S CI 5.2.0-20211008 has incorrect Access Control under NMSCI-WebGui/advancedsettings.jsp and NMSCIWebGui/SaveFileUploader. By not verifying permissions for access to resources, it allows an attacker to view pages that are not allowed, and modify the system configuration, bypassing all controls (without CVE project by @Sn0wAlice Create: 2023-01-28 07:51:59 +0000 UTC Push: 2023-01-28 07:52:01 +0000 UTC |

Live-Hack-CVE/CVE-2022-48116 AyaCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/tpl_edit.inc.php. CVE project by @Sn0wAlice Create: 2023-01-28 05:41:14 +0000 UTC Push: 2023-01-28 05:41:16 +0000 UTC |

Live-Hack-CVE/CVE-2022-32952 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CVE project by @Sn0wAlice Create: 2023-01-28 05:41:10 +0000 UTC Push: 2023-01-28 05:41:13 +0000 UTC |

Live-Hack-CVE/CVE-2022-32472 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CVE project by @Sn0wAlice Create: 2023-01-28 05:41:07 +0000 UTC Push: 2023-01-28 05:41:09 +0000 UTC |

Live-Hack-CVE/CVE-2022-42400 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data CVE project by @Sn0wAlice Create: 2023-01-28 05:41:03 +0000 UTC Push: 2023-01-28 05:41:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-42399 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data CVE project by @Sn0wAlice Create: 2023-01-28 05:41:00 +0000 UTC Push: 2023-01-28 05:41:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-42407 This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. Craf CVE project by @Sn0wAlice Create: 2023-01-28 05:40:55 +0000 UTC Push: 2023-01-28 05:40:57 +0000 UTC |

Live-Hack-CVE/CVE-2022-42406 This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. Craf CVE project by @Sn0wAlice Create: 2023-01-28 05:40:50 +0000 UTC Push: 2023-01-28 05:40:53 +0000 UTC |

Live-Hack-CVE/CVE-2022-42405 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. The issue re CVE project by @Sn0wAlice Create: 2023-01-28 05:40:47 +0000 UTC Push: 2023-01-28 05:40:49 +0000 UTC |

Live-Hack-CVE/CVE-2022-42403 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue re CVE project by @Sn0wAlice Create: 2023-01-28 05:40:43 +0000 UTC Push: 2023-01-28 05:40:46 +0000 UTC |