Live-Hack-CVE/CVE-2022-32525 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170) CVE project by @Sn0wAlice Create: 2023-01-31 10:16:44 +0000 UTC Push: 2023-01-31 10:16:47 +0000 UTC |

Live-Hack-CVE/CVE-2022-32524 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted time reduced data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0 CVE project by @Sn0wAlice Create: 2023-01-31 10:16:41 +0000 UTC Push: 2023-01-31 10:16:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-32522 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted mathematically reduced data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Version CVE project by @Sn0wAlice Create: 2023-01-31 10:16:37 +0000 UTC Push: 2023-01-31 10:16:40 +0000 UTC |

Live-Hack-CVE/CVE-2022-32521 A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server. Affected Products: Data Center Expert (Versions prior to V7.9.0) CVE project by @Sn0wAlice Create: 2023-01-31 10:16:34 +0000 UTC Push: 2023-01-31 10:16:36 +0000 UTC |

Live-Hack-CVE/CVE-2022-32520 A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32518. Affected Products: Data Center Expert (Versions prior to V7.9.0) CVE project by @Sn0wAlice Create: 2023-01-31 10:16:31 +0000 UTC Push: 2023-01-31 10:16:31 +0000 UTC |

Live-Hack-CVE/CVE-2022-32519 A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. Affected Products: Data Center Expert (Versions prior to V7.9.0) CVE project by @Sn0wAlice Create: 2023-01-31 10:16:27 +0000 UTC Push: 2023-01-31 10:16:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-32516 A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). Affected Products: Conext™ ComBox (All Versions) CVE project by @Sn0wAlice Create: 2023-01-31 10:16:23 +0000 UTC Push: 2023-01-31 10:16:26 +0000 UTC |

Live-Hack-CVE/CVE-2022-32515 A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext™ ComBox (All Versions) CVE project by @Sn0wAlice Create: 2023-01-31 10:16:19 +0000 UTC Push: 2023-01-31 10:16:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-32513 A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Version CVE project by @Sn0wAlice Create: 2023-01-31 10:16:16 +0000 UTC Push: 2023-01-31 10:16:18 +0000 UTC |

Live-Hack-CVE/CVE-2022-26117 An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI. CVE project by @Sn0wAlice Create: 2023-01-31 10:16:12 +0000 UTC Push: 2023-01-31 10:16:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-48176 Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7960P before v1.4.4.94, and R8000P before v1.4.4.94 were discovered to contain a pre-authentication stack overflow. CVE project by @Sn0wAlice Create: 2023-01-31 10:16:09 +0000 UTC Push: 2023-01-31 10:16:11 +0000 UTC |

Live-Hack-CVE/CVE-2022-45897 On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attacker can view the SMB server settings and can obtain the stored cleartext credentials associated with those settings. CVE project by @Sn0wAlice Create: 2023-01-31 10:16:05 +0000 UTC Push: 2023-01-31 10:16:07 +0000 UTC |

Live-Hack-CVE/CVE-2022-4395 The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE. CVE project by @Sn0wAlice Create: 2023-01-31 08:06:20 +0000 UTC Push: 2023-01-31 08:06:23 +0000 UTC |

Live-Hack-CVE/CVE-2023-0097 The Post Grid, Post Carousel, & List Category Posts WordPress plugin before 2.4.19 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. CVE project by @Sn0wAlice Create: 2023-01-31 08:06:17 +0000 UTC Push: 2023-01-31 08:06:19 +0000 UTC |

Live-Hack-CVE/CVE-2022-4306 The Panda Pods Repeater Field WordPress plugin before 1.5.4 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a user having at least Contributor permission. CVE project by @Sn0wAlice Create: 2023-01-31 08:06:13 +0000 UTC Push: 2023-01-31 08:06:16 +0000 UTC |

Live-Hack-CVE/CVE-2022-4680 The Revive Old Posts WordPress plugin before 9.0.11 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. CVE project by @Sn0wAlice Create: 2023-01-31 08:06:09 +0000 UTC Push: 2023-01-31 08:06:12 +0000 UTC |

Live-Hack-CVE/CVE-2022-4671 The PixCodes WordPress plugin before 2.3.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. CVE project by @Sn0wAlice Create: 2023-01-31 08:06:06 +0000 UTC Push: 2023-01-31 08:06:08 +0000 UTC |

Live-Hack-CVE/CVE-2022-4831 The Custom User Profile Fields for User Registration WordPress plugin before 1.8.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against h CVE project by @Sn0wAlice Create: 2023-01-31 08:06:01 +0000 UTC Push: 2023-01-31 08:06:05 +0000 UTC |

Live-Hack-CVE/CVE-2022-4667 The RSS Aggregator by Feedzy WordPress plugin before 4.1.1 does not validate and escape some of its block options before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as adm CVE project by @Sn0wAlice Create: 2023-01-31 08:05:58 +0000 UTC Push: 2023-01-31 08:06:00 +0000 UTC |

Live-Hack-CVE/CVE-2022-4793 The Blog Designer WordPress plugin before 2.4.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. CVE project by @Sn0wAlice Create: 2023-01-31 08:05:54 +0000 UTC Push: 2023-01-31 08:05:56 +0000 UTC |