Live-Hack-CVE/CVE-2022-42403 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue re CVE project by @Sn0wAlice Create: 2023-01-28 05:40:43 +0000 UTC Push: 2023-01-28 05:40:46 +0000 UTC |

Live-Hack-CVE/CVE-2020-14073 XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScript code. This can be exploited against any user with View Maps or Edit Maps access. CVE project by @Sn0wAlice Create: 2023-01-28 05:40:38 +0000 UTC Push: 2023-01-28 05:40:41 +0000 UTC |

Live-Hack-CVE/CVE-2019-13033 In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload the data of additional sc CVE project by @Sn0wAlice Create: 2023-01-28 05:40:35 +0000 UTC Push: 2023-01-28 05:40:37 +0000 UTC |

Live-Hack-CVE/CVE-2019-17637 In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06), XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences. CVE project by @Sn0wAlice Create: 2023-01-28 05:40:31 +0000 UTC Push: 2023-01-28 05:40:33 +0000 UTC |

Live-Hack-CVE/CVE-2020-8559 The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise. CVE project by @Sn0wAlice Create: 2023-01-28 05:40:28 +0000 UTC Push: 2023-01-28 05:40:30 +0000 UTC |

Live-Hack-CVE/CVE-2020-8557 The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If CVE project by @Sn0wAlice Create: 2023-01-28 05:40:24 +0000 UTC Push: 2023-01-28 05:40:26 +0000 UTC |

Live-Hack-CVE/CVE-2020-16207 Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by opening specially crafted project files that may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. CVE project by @Sn0wAlice Create: 2023-01-28 05:40:20 +0000 UTC Push: 2023-01-28 05:40:22 +0000 UTC |

Live-Hack-CVE/CVE-2020-17446 asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder. CVE project by @Sn0wAlice Create: 2023-01-28 05:40:16 +0000 UTC Push: 2023-01-28 05:40:18 +0000 UTC |

Live-Hack-CVE/CVE-2020-15689 Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service. CVE project by @Sn0wAlice Create: 2023-01-28 05:40:12 +0000 UTC Push: 2023-01-28 05:40:15 +0000 UTC |

Live-Hack-CVE/CVE-2020-7019 In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional p CVE project by @Sn0wAlice Create: 2023-01-28 05:40:09 +0000 UTC Push: 2023-01-28 05:40:11 +0000 UTC |

Live-Hack-CVE/CVE-2020-14968 An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Its RSASSA-PSS (RSA-PSS) implementation does not detect signature manipulation/modification by prepending '\0' bytes to a signature (it accepts these modified signatures as valid). An attacker can abuse this behavior in an application by creati CVE project by @Sn0wAlice Create: 2023-01-28 05:40:05 +0000 UTC Push: 2023-01-28 05:40:07 +0000 UTC |

Live-Hack-CVE/CVE-2017-2788 A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in potential remote code execution. This client is always listening, has root privileges, and requ CVE project by @Sn0wAlice Create: 2023-01-28 05:40:01 +0000 UTC Push: 2023-01-28 05:40:03 +0000 UTC |

Live-Hack-CVE/CVE-2017-2820 An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerabil CVE project by @Sn0wAlice Create: 2023-01-28 05:39:58 +0000 UTC Push: 2023-01-28 05:40:00 +0000 UTC |

Live-Hack-CVE/CVE-2017-14448 An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. CVE project by @Sn0wAlice Create: 2023-01-28 05:39:54 +0000 UTC Push: 2023-01-28 05:39:56 +0000 UTC |

waspthebughunter/CVE-2022-47873 Proof Of Concept for CVE-2022-47873 KEOS Software Create: 2023-01-28 05:03:37 +0000 UTC Push: 2023-01-28 05:22:01 +0000 UTC |

Live-Hack-CVE/CVE-2020-1751 An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnera CVE project by @Sn0wAlice Create: 2023-01-28 03:29:30 +0000 UTC Push: 2023-01-28 03:29:32 +0000 UTC |

Live-Hack-CVE/CVE-2018-6692 Stack-based Buffer Overflow vulnerability in libUPnPHndlr.so in Belkin Wemo Insight Smart Plug allows remote attackers to bypass local security protection via a crafted HTTP post packet. CVE project by @Sn0wAlice Create: 2023-01-28 03:29:26 +0000 UTC Push: 2023-01-28 03:29:28 +0000 UTC |

Live-Hack-CVE/CVE-2018-6677 Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors. CVE project by @Sn0wAlice Create: 2023-01-28 03:29:22 +0000 UTC Push: 2023-01-28 03:29:25 +0000 UTC |

Live-Hack-CVE/CVE-2018-6590 CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability. CVE project by @Sn0wAlice Create: 2023-01-28 03:29:19 +0000 UTC Push: 2023-01-28 03:29:21 +0000 UTC |

Live-Hack-CVE/CVE-2018-6686 Authentication Bypass vulnerability in TPM autoboot in McAfee Drive Encryption (MDE) 7.1.0 and above allows physically proximate attackers to bypass local security protection via specific set of circumstances. CVE project by @Sn0wAlice Create: 2023-01-28 03:29:15 +0000 UTC Push: 2023-01-28 03:29:17 +0000 UTC |