Live-Hack-CVE/CVE-2023-0840 A vulnerability classified as problematic was found in PHPCrazy 1.1.1. This vulnerability affects unknown code of the file admin/admin.php?action=users&mode=info&user=2. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the p CVE project by @Sn0wAlice Create: 2023-02-15 23:39:59 +0000 UTC Push: 2023-02-15 23:40:02 +0000 UTC |

Live-Hack-CVE/CVE-2023-23925 Switcher Client is a JavaScript SDK to work with Switcher API which is cloud-based Feature Flag. Unsanitized input flows into Strategy match operation (EXIST), where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack (reDOS). This issue has been patched in version CVE project by @Sn0wAlice Create: 2023-02-15 23:39:54 +0000 UTC Push: 2023-02-15 23:39:57 +0000 UTC |

hotpotcookie/CVE-2022-44877-white-box Red Team utilities for setting up CWP CentOS 7 payload & reverse shell (Red Team 9 - CW2023) Create: 2023-02-15 23:22:48 +0000 UTC Push: 2023-03-09 21:26:36 +0000 UTC |

Live-Hack-CVE/CVE-2022-45154 A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise CVE project by @Sn0wAlice Create: 2023-02-15 19:12:34 +0000 UTC Push: 2023-02-15 19:12:37 +0000 UTC |

Live-Hack-CVE/CVE-2022-45153 An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: S CVE project by @Sn0wAlice Create: 2023-02-15 19:12:30 +0000 UTC Push: 2023-02-15 19:12:33 +0000 UTC |

Live-Hack-CVE/CVE-2022-42735 Improper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu. ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own. This issue affects Apache ShenYu: 2.5.0. Upgrade to Apache ShenYu 2.5.1 or apply patch https://github.com/apache/shenyu/ CVE project by @Sn0wAlice Create: 2023-02-15 19:12:27 +0000 UTC Push: 2023-02-15 19:12:29 +0000 UTC |

j00sean/CVE-2022-44666 Write-up for another forgotten Windows vulnerability (0day): Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control href attribute escape, which was not fully fixed as CVE-2022-44666 in the patches released on December, 2022. Create: 2023-02-15 18:12:04 +0000 UTC Push: 2023-06-18 18:43:08 +0000 UTC |

Live-Hack-CVE/CVE-2021-24487 The St-Daily-Tip WordPress plugin through 4.7 does not have any CSRF check in place when saving its 'Default Text to Display if no tips' setting, and was also lacking sanitisation as well as escaping before outputting it the page. This could allow attacker to make logged in administrators set a malicious payload in it, CVE project by @Sn0wAlice Create: 2023-02-15 14:48:28 +0000 UTC Push: 2023-02-15 14:48:30 +0000 UTC |

Live-Hack-CVE/CVE-2021-24388 In the VikRentCar Car Rental Management System WordPress plugin before 1.1.7, there is a custom filed option by which we can manage all the fields that the users will have to fill in before saving the order. However, the field name is not sanitised or escaped before being output back in the page, leading to a stored Cr CVE project by @Sn0wAlice Create: 2023-02-15 14:48:24 +0000 UTC Push: 2023-02-15 14:48:26 +0000 UTC |

Live-Hack-CVE/CVE-2019-19774 An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetails from hostdetails" at the /event/runquery.do endpoint, it is possible to bypass the security restrictions that prevent even administrative users from viewing credential data stored in the database, CVE project by @Sn0wAlice Create: 2023-02-15 14:48:20 +0000 UTC Push: 2023-02-15 14:48:22 +0000 UTC |

Live-Hack-CVE/CVE-2019-11281 Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authentic CVE project by @Sn0wAlice Create: 2023-02-15 14:48:16 +0000 UTC Push: 2023-02-15 14:48:19 +0000 UTC |

Live-Hack-CVE/CVE-2019-15018 A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant. CVE project by @Sn0wAlice Create: 2023-02-15 14:48:13 +0000 UTC Push: 2023-02-15 14:48:15 +0000 UTC |

Live-Hack-CVE/CVE-2019-15020 A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection. CVE project by @Sn0wAlice Create: 2023-02-15 14:48:08 +0000 UTC Push: 2023-02-15 14:48:10 +0000 UTC |

Live-Hack-CVE/CVE-2019-15019 A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector. CVE project by @Sn0wAlice Create: 2023-02-15 14:48:04 +0000 UTC Push: 2023-02-15 14:48:07 +0000 UTC |

Live-Hack-CVE/CVE-2019-15023 A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration. CVE project by @Sn0wAlice Create: 2023-02-15 14:48:01 +0000 UTC Push: 2023-02-15 14:48:03 +0000 UTC |

Live-Hack-CVE/CVE-2019-15022 A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing. CVE project by @Sn0wAlice Create: 2023-02-15 14:47:57 +0000 UTC Push: 2023-02-15 14:47:59 +0000 UTC |

Live-Hack-CVE/CVE-2019-1584 A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an attacker's cloud endpoint. CVE project by @Sn0wAlice Create: 2023-02-15 14:47:53 +0000 UTC Push: 2023-02-15 14:47:56 +0000 UTC |

Live-Hack-CVE/CVE-2023-20949 In s2mpg11_pmic_probe of s2mpg11-regulator.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-259323 CVE project by @Sn0wAlice Create: 2023-02-15 14:47:48 +0000 UTC Push: 2023-02-15 14:47:50 +0000 UTC |

Live-Hack-CVE/CVE-2023-20927 In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-24 CVE project by @Sn0wAlice Create: 2023-02-15 14:47:44 +0000 UTC Push: 2023-02-15 14:47:47 +0000 UTC |

Live-Hack-CVE/CVE-2022-32953 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the SdHostDriver buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated by using IOMMU protection for the ACPI r CVE project by @Sn0wAlice Create: 2023-02-15 14:47:41 +0000 UTC Push: 2023-02-15 14:47:43 +0000 UTC |