Live-Hack-CVE/CVE-2023-0673 A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file oews/products/view_product.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The associated identifier of CVE project by @Sn0wAlice Create: 2023-02-04 19:26:26 +0000 UTC Push: 2023-02-04 19:26:28 +0000 UTC |

Live-Hack-CVE/CVE-2019-25101 A vulnerability classified as critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting. It is possible to initiate the attack remotely. Upgrading to version 1.0.11.1 CVE project by @Sn0wAlice Create: 2023-02-04 19:26:23 +0000 UTC Push: 2023-02-04 19:26:25 +0000 UTC |

Live-Hack-CVE/CVE-2018-25080 A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/session_example.php of the component Example. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated CVE project by @Sn0wAlice Create: 2023-02-04 19:26:19 +0000 UTC Push: 2023-02-04 19:26:21 +0000 UTC |

Baikuya/CVE-2022-44268-PoC CVE-2022-44268 PoC Create: 2023-02-04 18:50:20 +0000 UTC Push: 2023-02-04 18:50:21 +0000 UTC |

Live-Hack-CVE/CVE-2021-39217 OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Custom Layout enabled admin users to execute arbitrary commands via block methods. Versions 19.4.22 and 20.0.19 contain patches for this issue. CVE project by @Sn0wAlice Create: 2023-02-04 15:06:10 +0000 UTC Push: 2023-02-04 15:06:12 +0000 UTC |

Live-Hack-CVE/CVE-2022-48007 A stored cross-site scripting (XSS) vulnerability in identification.php of Piwigo v13.4.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User-Agent. CVE project by @Sn0wAlice Create: 2023-02-04 15:06:04 +0000 UTC Push: 2023-02-04 15:06:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-48008 An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file. CVE project by @Sn0wAlice Create: 2023-02-04 15:05:58 +0000 UTC Push: 2023-02-04 15:06:01 +0000 UTC |

Live-Hack-CVE/CVE-2023-24430 Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. CVE project by @Sn0wAlice Create: 2023-02-04 15:05:54 +0000 UTC Push: 2023-02-04 15:05:56 +0000 UTC |

Live-Hack-CVE/CVE-2022-48010 LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or We CVE project by @Sn0wAlice Create: 2023-02-04 15:05:51 +0000 UTC Push: 2023-02-04 15:05:53 +0000 UTC |

Live-Hack-CVE/CVE-2023-24438 A missing permission check in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. CVE project by @Sn0wAlice Create: 2023-02-04 15:05:46 +0000 UTC Push: 2023-02-04 15:05:48 +0000 UTC |

Live-Hack-CVE/CVE-2023-24429 Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extracti CVE project by @Sn0wAlice Create: 2023-02-04 15:05:43 +0000 UTC Push: 2023-02-04 15:05:45 +0000 UTC |

Live-Hack-CVE/CVE-2023-24428 A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account. CVE project by @Sn0wAlice Create: 2023-02-04 15:05:40 +0000 UTC Push: 2023-02-04 15:05:42 +0000 UTC |

Live-Hack-CVE/CVE-2023-24439 Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier stores the private keys unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. CVE project by @Sn0wAlice Create: 2023-02-04 15:05:37 +0000 UTC Push: 2023-02-04 15:05:39 +0000 UTC |

Live-Hack-CVE/CVE-2023-24440 Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier transmits the private key in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. CVE project by @Sn0wAlice Create: 2023-02-04 15:05:33 +0000 UTC Push: 2023-02-04 15:05:35 +0000 UTC |

Live-Hack-CVE/CVE-2023-24427 Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login. CVE project by @Sn0wAlice Create: 2023-02-04 15:05:28 +0000 UTC Push: 2023-02-04 15:05:30 +0000 UTC |

Live-Hack-CVE/CVE-2023-24422 A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM CVE project by @Sn0wAlice Create: 2023-02-04 15:05:25 +0000 UTC Push: 2023-02-04 15:05:27 +0000 UTC |

Live-Hack-CVE/CVE-2023-24022 Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.) CVE project by @Sn0wAlice Create: 2023-02-04 15:05:21 +0000 UTC Push: 2023-02-04 15:05:23 +0000 UTC |

Live-Hack-CVE/CVE-2023-0671 Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10. CVE project by @Sn0wAlice Create: 2023-02-04 15:05:18 +0000 UTC Push: 2023-02-04 15:05:20 +0000 UTC |

Live-Hack-CVE/CVE-2018-25079 A vulnerability was found in Segmentio is-url up to 1.2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. Upgrading to version 1.2.3 is able to address CVE project by @Sn0wAlice Create: 2023-02-04 15:05:15 +0000 UTC Push: 2023-02-04 15:05:17 +0000 UTC |

Live-Hack-CVE/CVE-2015-10072 A vulnerability classified as problematic was found in NREL api-umbrella-web 0.7.1. This vulnerability affects unknown code of the component Flash Message Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.0 is able to address this issue. The name of CVE project by @Sn0wAlice Create: 2023-02-04 15:05:11 +0000 UTC Push: 2023-02-04 15:05:13 +0000 UTC |