unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
增加标签
Tags (allow clear + 0 threshold)
Choose a tag...
Please select a valid tag.
Live-Hack-CVE/CVE-2023-20020
A vulnerability in the Device Management Servlet application of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input va CVE project by @Sn0wAlice
Create: 2023-02-07 01:30:29 +0000 UTC Push: 2023-02-07 01:30:32 +0000 UTC |
Live-Hack-CVE/CVE-2023-20019
A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform, Cisco BroadWorks Application Server, and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of a CVE project by @Sn0wAlice
Create: 2023-02-07 01:30:26 +0000 UTC Push: 2023-02-07 01:30:28 +0000 UTC |
Live-Hack-CVE/CVE-2023-0321
Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network. From factory defaults, the mentioned datalogges have HTTP and PakBus enabled. The devices, with the default configuration, allow CVE project by @Sn0wAlice
Create: 2023-02-07 01:30:22 +0000 UTC Push: 2023-02-07 01:30:24 +0000 UTC |
Live-Hack-CVE/CVE-2023-0284
Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Checkmk <= 2.1.0p19, Checkmk <= 2.0.0p32, and all versions of Checkmk 1.6.0 (EOL) are affected. CVE project by @Sn0wAlice
Create: 2023-02-07 01:30:18 +0000 UTC Push: 2023-02-07 01:30:21 +0000 UTC |
Live-Hack-CVE/CVE-2023-0229
A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is "run CVE project by @Sn0wAlice
Create: 2023-02-07 01:30:14 +0000 UTC Push: 2023-02-07 01:30:16 +0000 UTC |
Live-Hack-CVE/CVE-2022-4510
A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can CVE project by @Sn0wAlice
Create: 2023-02-07 01:30:10 +0000 UTC Push: 2023-02-07 01:30:12 +0000 UTC |
Live-Hack-CVE/CVE-2022-27852
Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabilities in KB Support (WordPress plugin) <= 1.5.5 versions. CVE project by @Sn0wAlice
Create: 2023-02-06 23:16:47 +0000 UTC Push: 2023-02-06 23:16:49 +0000 UTC |
Live-Hack-CVE/CVE-2023-0679
A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file removeUser.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to th CVE project by @Sn0wAlice
Create: 2023-02-06 23:16:43 +0000 UTC Push: 2023-02-06 23:16:45 +0000 UTC |
Live-Hack-CVE/CVE-2022-45722
ezEIP v5.3.0(0649) was discovered to contain a cross-site scripting (XSS) vulnerability. CVE project by @Sn0wAlice
Create: 2023-02-06 23:16:39 +0000 UTC Push: 2023-02-06 23:16:42 +0000 UTC |
Live-Hack-CVE/CVE-2022-29416
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Afterpay Gateway for WooCommerce <= 3.5.0 versions. CVE project by @Sn0wAlice
Create: 2023-02-06 23:16:35 +0000 UTC Push: 2023-02-06 23:16:38 +0000 UTC |
Live-Hack-CVE/CVE-2022-27628
Cross-Site Request Forgery (CSRF) vulnerability in AA-Team WZone – Lite Version plugin 3.1 Lite versions. CVE project by @Sn0wAlice
Create: 2023-02-06 23:16:31 +0000 UTC Push: 2023-02-06 23:16:34 +0000 UTC |
Live-Hack-CVE/CVE-2022-48164
An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. CVE project by @Sn0wAlice
Create: 2023-02-06 23:16:28 +0000 UTC Push: 2023-02-06 23:16:30 +0000 UTC |
Live-Hack-CVE/CVE-2022-48085
Softr v2.0 was discovered to contain a HTML injection vulnerability via the Work Space Name parameter. CVE project by @Sn0wAlice
Create: 2023-02-06 23:16:24 +0000 UTC Push: 2023-02-06 23:16:26 +0000 UTC |
Live-Hack-CVE/CVE-2022-44343
CRMEB 4.4.4 is vulnerable to Any File download. CVE project by @Sn0wAlice
Create: 2023-02-06 23:16:20 +0000 UTC Push: 2023-02-06 23:16:23 +0000 UTC |
Live-Hack-CVE/CVE-2021-36226
Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files. CVE project by @Sn0wAlice
Create: 2023-02-06 23:16:16 +0000 UTC Push: 2023-02-06 23:16:19 +0000 UTC |
Live-Hack-CVE/CVE-2021-36225
Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation. CVE project by @Sn0wAlice
Create: 2023-02-06 23:16:13 +0000 UTC Push: 2023-02-06 23:16:15 +0000 UTC |
Live-Hack-CVE/CVE-2021-36224
Western Digital My Cloud devices before OS5 have a nobody account with a blank password. CVE project by @Sn0wAlice
Create: 2023-02-06 23:16:09 +0000 UTC Push: 2023-02-06 23:16:11 +0000 UTC |
Live-Hack-CVE/CVE-2023-24057
HL7 (Health Level 7) FHIR Core Libraries before 5.6.92 allow attackers to extract files into arbitrary directories via directory traversal from a crafted ZIP or TGZ archive (for a prepackaged terminology cache, NPM package, or comparison archive). CVE project by @Sn0wAlice
Create: 2023-02-06 23:16:03 +0000 UTC Push: 2023-02-06 23:16:06 +0000 UTC |
Live-Hack-CVE/CVE-2021-3322
Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Zephyr versions >= >=2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3 CVE project by @Sn0wAlice
Create: 2023-02-06 23:15:59 +0000 UTC Push: 2023-02-06 23:16:02 +0000 UTC |
Live-Hack-CVE/CVE-2022-47065
** UNSUPPORTED WHEN ASSIGNED ** TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only af CVE project by @Sn0wAlice
Create: 2023-02-06 23:15:53 +0000 UTC Push: 2023-02-06 23:15:56 +0000 UTC |
Previous
408
409
410
411
412
413
414
415
Next