Live-Hack-CVE/CVE-2022-42136 Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands. CVE project by @Sn0wAlice Create: 2023-01-14 07:48:24 +0000 UTC Push: 2023-01-14 07:48:29 +0000 UTC |

Live-Hack-CVE/CVE-2021-36204 Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.3 allows API calls to expose credentials in plain text. CVE project by @Sn0wAlice Create: 2023-01-14 07:48:20 +0000 UTC Push: 2023-01-14 07:48:23 +0000 UTC |

Live-Hack-CVE/CVE-2017-20169 A vulnerability, which was classified as critical, has been found in GGGGGGGG ToN-MasterServer. Affected by this issue is some unknown functionality of the file public_html/irc_updater/svr_request_pub.php. The manipulation leads to sql injection. The name of the patch is 3a4c7e6d51bf95760820e3245e06c6e321a7168a. It is CVE project by @Sn0wAlice Create: 2023-01-14 07:48:15 +0000 UTC Push: 2023-01-14 07:48:18 +0000 UTC |

Live-Hack-CVE/CVE-2015-10042 ** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in Dovgalyuk AIBattle. Affected by this vulnerability is the function registerUser of the file site/procedures.php. The manipulation of the argument postLogin leads to sql injection. The name of the patch is CVE project by @Sn0wAlice Create: 2023-01-14 07:48:11 +0000 UTC Push: 2023-01-14 07:48:14 +0000 UTC |

Live-Hack-CVE/CVE-2022-32294 ** DISPUTED ** Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). It is visible in cleartext on port UDP 514 (aka the syslog port). NOTE: a third party reports that this cannot be reproduced. CVE project by @Sn0wAlice Create: 2023-01-14 07:48:07 +0000 UTC Push: 2023-01-14 07:48:10 +0000 UTC |

Live-Hack-CVE/CVE-2022-46093 Hospital Management System v1.0 is vulnerable to SQL Injection. Attackers can gain administrator privileges without the need for a password. CVE project by @Sn0wAlice Create: 2023-01-14 07:48:01 +0000 UTC Push: 2023-01-14 07:48:05 +0000 UTC |

Live-Hack-CVE/CVE-2023-21589 Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. CVE project by @Sn0wAlice Create: 2023-01-14 05:38:03 +0000 UTC Push: 2023-01-14 05:38:05 +0000 UTC |

Live-Hack-CVE/CVE-2023-21588 Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. CVE project by @Sn0wAlice Create: 2023-01-14 05:37:59 +0000 UTC Push: 2023-01-14 05:38:02 +0000 UTC |

Live-Hack-CVE/CVE-2023-21587 Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. CVE project by @Sn0wAlice Create: 2023-01-14 05:37:55 +0000 UTC Push: 2023-01-14 05:37:57 +0000 UTC |

Live-Hack-CVE/CVE-2023-0295 The Launchpad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its settings parameters in versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, CVE project by @Sn0wAlice Create: 2023-01-14 05:37:51 +0000 UTC Push: 2023-01-14 05:37:53 +0000 UTC |

Live-Hack-CVE/CVE-2023-0294 The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on its AJAX actions function. This makes it possible for unauthenticated attackers to change image categories used by the CVE project by @Sn0wAlice Create: 2023-01-14 05:37:47 +0000 UTC Push: 2023-01-14 05:37:48 +0000 UTC |

Live-Hack-CVE/CVE-2023-0293 The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change image categories, wh CVE project by @Sn0wAlice Create: 2023-01-14 05:37:42 +0000 UTC Push: 2023-01-14 05:37:45 +0000 UTC |

Live-Hack-CVE/CVE-2022-46956 Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/manage_user.php. CVE project by @Sn0wAlice Create: 2023-01-14 05:37:38 +0000 UTC Push: 2023-01-14 05:37:41 +0000 UTC |

Live-Hack-CVE/CVE-2022-46955 Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=save_queue. CVE project by @Sn0wAlice Create: 2023-01-14 05:37:34 +0000 UTC Push: 2023-01-14 05:37:37 +0000 UTC |

Live-Hack-CVE/CVE-2022-46954 Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_transaction. CVE project by @Sn0wAlice Create: 2023-01-14 05:37:30 +0000 UTC Push: 2023-01-14 05:37:33 +0000 UTC |

Live-Hack-CVE/CVE-2022-46953 Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=save_window. CVE project by @Sn0wAlice Create: 2023-01-14 05:37:26 +0000 UTC Push: 2023-01-14 05:37:28 +0000 UTC |

Live-Hack-CVE/CVE-2022-46952 Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_user. CVE project by @Sn0wAlice Create: 2023-01-14 05:37:22 +0000 UTC Push: 2023-01-14 05:37:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-46951 Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_uploads. CVE project by @Sn0wAlice Create: 2023-01-14 05:37:19 +0000 UTC Push: 2023-01-14 05:37:21 +0000 UTC |

Live-Hack-CVE/CVE-2022-46950 Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_window. CVE project by @Sn0wAlice Create: 2023-01-14 05:37:14 +0000 UTC Push: 2023-01-14 05:37:17 +0000 UTC |

Live-Hack-CVE/CVE-2022-46949 Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_helmet. CVE project by @Sn0wAlice Create: 2023-01-14 05:37:10 +0000 UTC Push: 2023-01-14 05:37:13 +0000 UTC |