unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Search
Rss
黑夜模式
增加标签
Tags (allow clear + 0 threshold)
Choose a tag...
Please select a valid tag.
Live-Hack-CVE/CVE-2022-46093
Hospital Management System v1.0 is vulnerable to SQL Injection. Attackers can gain administrator privileges without the need for a password. CVE project by @Sn0wAlice
Create: 2023-01-14 07:48:01 +0000 UTC Push: 2023-01-14 07:48:05 +0000 UTC |
Live-Hack-CVE/CVE-2023-21589
Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. CVE project by @Sn0wAlice
Create: 2023-01-14 05:38:03 +0000 UTC Push: 2023-01-14 05:38:05 +0000 UTC |
Live-Hack-CVE/CVE-2023-21588
Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. CVE project by @Sn0wAlice
Create: 2023-01-14 05:37:59 +0000 UTC Push: 2023-01-14 05:38:02 +0000 UTC |
Live-Hack-CVE/CVE-2023-21587
Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. CVE project by @Sn0wAlice
Create: 2023-01-14 05:37:55 +0000 UTC Push: 2023-01-14 05:37:57 +0000 UTC |
Live-Hack-CVE/CVE-2023-0295
The Launchpad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its settings parameters in versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, CVE project by @Sn0wAlice
Create: 2023-01-14 05:37:51 +0000 UTC Push: 2023-01-14 05:37:53 +0000 UTC |
Live-Hack-CVE/CVE-2023-0294
The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on its AJAX actions function. This makes it possible for unauthenticated attackers to change image categories used by the CVE project by @Sn0wAlice
Create: 2023-01-14 05:37:47 +0000 UTC Push: 2023-01-14 05:37:48 +0000 UTC |
Live-Hack-CVE/CVE-2023-0293
The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change image categories, wh CVE project by @Sn0wAlice
Create: 2023-01-14 05:37:42 +0000 UTC Push: 2023-01-14 05:37:45 +0000 UTC |
Live-Hack-CVE/CVE-2022-46956
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/manage_user.php. CVE project by @Sn0wAlice
Create: 2023-01-14 05:37:38 +0000 UTC Push: 2023-01-14 05:37:41 +0000 UTC |
Live-Hack-CVE/CVE-2022-46955
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=save_queue. CVE project by @Sn0wAlice
Create: 2023-01-14 05:37:34 +0000 UTC Push: 2023-01-14 05:37:37 +0000 UTC |
Live-Hack-CVE/CVE-2022-46954
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_transaction. CVE project by @Sn0wAlice
Create: 2023-01-14 05:37:30 +0000 UTC Push: 2023-01-14 05:37:33 +0000 UTC |
Live-Hack-CVE/CVE-2022-46953
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=save_window. CVE project by @Sn0wAlice
Create: 2023-01-14 05:37:26 +0000 UTC Push: 2023-01-14 05:37:28 +0000 UTC |
Live-Hack-CVE/CVE-2022-46952
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_user. CVE project by @Sn0wAlice
Create: 2023-01-14 05:37:22 +0000 UTC Push: 2023-01-14 05:37:24 +0000 UTC |
Live-Hack-CVE/CVE-2022-46951
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_uploads. CVE project by @Sn0wAlice
Create: 2023-01-14 05:37:19 +0000 UTC Push: 2023-01-14 05:37:21 +0000 UTC |
Live-Hack-CVE/CVE-2022-46950
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_window. CVE project by @Sn0wAlice
Create: 2023-01-14 05:37:14 +0000 UTC Push: 2023-01-14 05:37:17 +0000 UTC |
Live-Hack-CVE/CVE-2022-46949
Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_helmet. CVE project by @Sn0wAlice
Create: 2023-01-14 05:37:10 +0000 UTC Push: 2023-01-14 05:37:13 +0000 UTC |
Live-Hack-CVE/CVE-2022-46947
Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category. CVE project by @Sn0wAlice
Create: 2023-01-14 05:37:05 +0000 UTC Push: 2023-01-14 05:37:08 +0000 UTC |
Live-Hack-CVE/CVE-2022-46946
Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_brand. CVE project by @Sn0wAlice
Create: 2023-01-14 05:37:01 +0000 UTC Push: 2023-01-14 05:37:04 +0000 UTC |
Live-Hack-CVE/CVE-2015-10041
** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in Dovgalyuk AIBattle. Affected is the function sendComments of the file site/procedures.php. The manipulation of the argument text leads to sql injection. The name of the patch is e3aa4d0900167641d41cb CVE project by @Sn0wAlice
Create: 2023-01-14 05:36:57 +0000 UTC Push: 2023-01-14 05:36:59 +0000 UTC |
Live-Hack-CVE/CVE-2015-10040
A vulnerability was found in gitlearn. It has been declared as problematic. This vulnerability affects the function getGrade/getOutOf of the file scripts/config.sh of the component Escape Sequence Handler. The manipulation leads to injection. The attack can be initiated remotely. The name of the patch is 3faa5deaa50901 CVE project by @Sn0wAlice
Create: 2023-01-14 05:36:53 +0000 UTC Push: 2023-01-14 05:36:55 +0000 UTC |
Live-Hack-CVE/CVE-2022-38491
An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Part of the application does not implement protection against brute-force attacks. CVE project by @Sn0wAlice
Create: 2023-01-14 05:36:48 +0000 UTC Push: 2023-01-14 05:36:51 +0000 UTC |
Previous
1054
1055
1056
1057
1058
1059
1060
1061
Next