Live-Hack-CVE/CVE-2018-2011 IBM API Connect 2018.1 through 2018.4.1.5 could allow an attacker to obtain sensitive information from a specially crafted HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 155150. CVE project by @Sn0wAlice Create: 2023-01-31 03:41:56 +0000 UTC Push: 2023-01-31 03:41:59 +0000 UTC |

choda225/CvecaraAplikacija2021271025 Create: 2023-01-31 01:38:18 +0000 UTC Push: 2023-01-31 01:38:18 +0000 UTC |

Live-Hack-CVE/CVE-2022-38490 An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Some parameters allow SQL injection. Version 2022.1.110.1.02 corrects this issue. CVE project by @Sn0wAlice Create: 2023-01-31 01:31:22 +0000 UTC Push: 2023-01-31 01:31:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-3145 An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an attacker to redirect a user to an arbitrary URL. CVE project by @Sn0wAlice Create: 2023-01-31 01:31:17 +0000 UTC Push: 2023-01-31 01:31:20 +0000 UTC |

Live-Hack-CVE/CVE-2018-3734 stattic node module suffers from a Path Traversal vulnerability due to lack of validation of path, which allows a malicious user to read content of any file with known path. CVE project by @Sn0wAlice Create: 2023-01-31 01:31:10 +0000 UTC Push: 2023-01-31 01:31:12 +0000 UTC |

Live-Hack-CVE/CVE-2018-3715 glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path. CVE project by @Sn0wAlice Create: 2023-01-31 01:31:06 +0000 UTC Push: 2023-01-31 01:31:08 +0000 UTC |

Live-Hack-CVE/CVE-2018-3746 The pdfinfojs NPM module versions <= 0.3.6 has a command injection vulnerability that allows an attacker to execute arbitrary commands on the victim's machine. CVE project by @Sn0wAlice Create: 2023-01-31 01:31:01 +0000 UTC Push: 2023-01-31 01:31:04 +0000 UTC |

Live-Hack-CVE/CVE-2018-3743 Open redirect in hekto <=0.2.3 when target domain name is used as html filename on server. CVE project by @Sn0wAlice Create: 2023-01-31 01:30:58 +0000 UTC Push: 2023-01-31 01:31:00 +0000 UTC |

Live-Hack-CVE/CVE-2018-3730 mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path. CVE project by @Sn0wAlice Create: 2023-01-31 01:30:54 +0000 UTC Push: 2023-01-31 01:30:56 +0000 UTC |

Live-Hack-CVE/CVE-2018-3744 The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL. CVE project by @Sn0wAlice Create: 2023-01-31 01:30:50 +0000 UTC Push: 2023-01-31 01:30:53 +0000 UTC |

Live-Hack-CVE/CVE-2019-12181 A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux. CVE project by @Sn0wAlice Create: 2023-01-31 01:30:45 +0000 UTC Push: 2023-01-31 01:30:48 +0000 UTC |

Live-Hack-CVE/CVE-2017-1107 IBM Marketing Platform 9.1.0, 9.1.2, 10.0, and 10.1 exposes sensitive information in the headers that could be used by an authenticated attacker in further attacks against the system. IBM X-Force ID: 120906. CVE project by @Sn0wAlice Create: 2023-01-31 01:30:41 +0000 UTC Push: 2023-01-31 01:30:44 +0000 UTC |

Live-Hack-CVE/CVE-2019-4364 IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680. CVE project by @Sn0wAlice Create: 2023-01-31 01:30:38 +0000 UTC Push: 2023-01-31 01:30:40 +0000 UTC |

Live-Hack-CVE/CVE-2019-4385 IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attacker gaining access to sensitive information as well as vSnap. IBM X-Force ID: 162173. CVE project by @Sn0wAlice Create: 2023-01-31 01:30:33 +0000 UTC Push: 2023-01-31 01:30:36 +0000 UTC |

Live-Hack-CVE/CVE-2019-4384 IBM Campaign 9.1.2 and 10.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162172. CVE project by @Sn0wAlice Create: 2023-01-31 01:30:30 +0000 UTC Push: 2023-01-31 01:30:32 +0000 UTC |

Live-Hack-CVE/CVE-2018-3731 public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path. CVE project by @Sn0wAlice Create: 2023-01-31 01:30:26 +0000 UTC Push: 2023-01-31 01:30:28 +0000 UTC |

Live-Hack-CVE/CVE-2018-3725 hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. CVE project by @Sn0wAlice Create: 2023-01-31 01:30:22 +0000 UTC Push: 2023-01-31 01:30:25 +0000 UTC |

Live-Hack-CVE/CVE-2018-20469 An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports module is vulnerable to h2 SQL injection. This can be exploited to inject SQL queries and run standard h2 system functions. CVE project by @Sn0wAlice Create: 2023-01-31 01:30:18 +0000 UTC Push: 2023-01-31 01:30:21 +0000 UTC |

Live-Hack-CVE/CVE-2018-1845 IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150905. CVE project by @Sn0wAlice Create: 2023-01-31 01:30:14 +0000 UTC Push: 2023-01-31 01:30:17 +0000 UTC |

Live-Hack-CVE/CVE-2018-20470 An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerability exists in the web reports module. This allows an outside attacker to view contents of sensitive files. CVE project by @Sn0wAlice Create: 2023-01-31 01:30:11 +0000 UTC Push: 2023-01-31 01:30:13 +0000 UTC |