Live-Hack-CVE/CVE-2018-17581 CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service. CVE project by @Sn0wAlice Create: 2023-01-14 01:15:07 +0000 UTC Push: 2023-01-14 01:15:11 +0000 UTC |

Live-Hack-CVE/CVE-2018-8976 In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file. CVE project by @Sn0wAlice Create: 2023-01-14 01:15:03 +0000 UTC Push: 2023-01-14 01:15:06 +0000 UTC |

Live-Hack-CVE/CVE-2018-19535 In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file. CVE project by @Sn0wAlice Create: 2023-01-14 01:14:59 +0000 UTC Push: 2023-01-14 01:15:02 +0000 UTC |

Live-Hack-CVE/CVE-2018-19108 In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file. CVE project by @Sn0wAlice Create: 2023-01-14 01:14:54 +0000 UTC Push: 2023-01-14 01:14:57 +0000 UTC |

Live-Hack-CVE/CVE-2017-14864 An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. CVE project by @Sn0wAlice Create: 2023-01-14 01:14:49 +0000 UTC Push: 2023-01-14 01:14:52 +0000 UTC |

Live-Hack-CVE/CVE-2017-18005 Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file. CVE project by @Sn0wAlice Create: 2023-01-14 01:14:44 +0000 UTC Push: 2023-01-14 01:14:47 +0000 UTC |

Live-Hack-CVE/CVE-2017-17669 There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack. CVE project by @Sn0wAlice Create: 2023-01-14 01:14:41 +0000 UTC Push: 2023-01-14 01:14:43 +0000 UTC |

Live-Hack-CVE/CVE-2017-11591 There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. CVE project by @Sn0wAlice Create: 2023-01-14 01:14:36 +0000 UTC Push: 2023-01-14 01:14:39 +0000 UTC |

Live-Hack-CVE/CVE-2017-14862 An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. CVE project by @Sn0wAlice Create: 2023-01-14 01:14:32 +0000 UTC Push: 2023-01-14 01:14:35 +0000 UTC |

Live-Hack-CVE/CVE-2018-20097 There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. CVE project by @Sn0wAlice Create: 2023-01-14 01:14:28 +0000 UTC Push: 2023-01-14 01:14:31 +0000 UTC |

Live-Hack-CVE/CVE-2022-47860 Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeProduct.php. CVE project by @Sn0wAlice Create: 2023-01-14 00:08:13 +0000 UTC Push: 2023-01-14 00:08:16 +0000 UTC |

Live-Hack-CVE/CVE-2022-47859 Lead Management System v1.0 is vulnerable to SQL Injection via the user_id parameter in changePassword.php. CVE project by @Sn0wAlice Create: 2023-01-14 00:08:08 +0000 UTC Push: 2023-01-14 00:08:11 +0000 UTC |

Live-Hack-CVE/CVE-2022-47864 Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeCategories.php. CVE project by @Sn0wAlice Create: 2023-01-14 00:08:03 +0000 UTC Push: 2023-01-14 00:08:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-47862 Lead Management System v1.0 is vulnerable to SQL Injection via the customer_id parameter in ajax_represent.php. CVE project by @Sn0wAlice Create: 2023-01-14 00:07:57 +0000 UTC Push: 2023-01-14 00:08:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-47861 Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeLead.php. CVE project by @Sn0wAlice Create: 2023-01-14 00:07:52 +0000 UTC Push: 2023-01-14 00:07:56 +0000 UTC |

Live-Hack-CVE/CVE-2020-36626 A vulnerability classified as critical has been found in Modern Tribe Panel Builder Plugin. Affected is the function add_post_content_filtered_to_search_sql of the file ModularContent/SearchFilter.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed CVE project by @Sn0wAlice Create: 2023-01-14 00:07:44 +0000 UTC Push: 2023-01-14 00:07:48 +0000 UTC |

Live-Hack-CVE/CVE-2022-47083 Spitfire CMS 1.0.475 is vulnerable to PHP Object Injection. CVE project by @Sn0wAlice Create: 2023-01-14 00:07:40 +0000 UTC Push: 2023-01-14 00:07:43 +0000 UTC |

WellingtonEspindula/SSI-CVE-2022-21661 Information System's Security 2nd Assignment Create: 2023-01-13 21:31:34 +0000 UTC Push: 2023-01-20 22:05:21 +0000 UTC |

offalltn/CVE-2022-45299 CVE 2022-45299 Create: 2023-01-13 19:47:02 +0000 UTC Push: 2023-01-13 19:58:59 +0000 UTC |

Live-Hack-CVE/CVE-2022-4710 The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.59, due to due to insufficient input sanitization and output escaping of the 'wpr_ajax_search_link_target' parameter in the 'data_fetch' function. This makes it possible for unauthentica CVE project by @Sn0wAlice Create: 2023-01-13 19:41:46 +0000 UTC Push: 2023-01-13 19:41:48 +0000 UTC |