Live-Hack-CVE/CVE-2023-0532 A vulnerability classified as critical was found in SourceCodester Online Tours & Travels Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/disapprove_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit CVE project by @Sn0wAlice Create: 2023-01-27 21:56:54 +0000 UTC Push: 2023-01-27 21:56:56 +0000 UTC |

Live-Hack-CVE/CVE-2023-0531 A vulnerability classified as critical has been found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file admin/booking_report.php. The manipulation of the argument to_date leads to sql injection. It is possible to launch the attack remotely. The exploit has been CVE project by @Sn0wAlice Create: 2023-01-27 21:56:50 +0000 UTC Push: 2023-01-27 21:56:52 +0000 UTC |

Live-Hack-CVE/CVE-2023-0530 A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/approve_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been d CVE project by @Sn0wAlice Create: 2023-01-27 21:56:46 +0000 UTC Push: 2023-01-27 21:56:49 +0000 UTC |

Live-Hack-CVE/CVE-2023-0529 A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/add_payment.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been di CVE project by @Sn0wAlice Create: 2023-01-27 21:56:43 +0000 UTC Push: 2023-01-27 21:56:45 +0000 UTC |

Live-Hack-CVE/CVE-2023-0528 A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. This affects an unknown part of the file admin/abc.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed CVE project by @Sn0wAlice Create: 2023-01-27 21:56:39 +0000 UTC Push: 2023-01-27 21:56:41 +0000 UTC |

Live-Hack-CVE/CVE-2023-0527 A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file search-request.php. The manipulation of the argument searchdata with the input "><script>alert(document.domain)</script> leads to cross site sc CVE project by @Sn0wAlice Create: 2023-01-27 21:56:36 +0000 UTC Push: 2023-01-27 21:56:38 +0000 UTC |

Live-Hack-CVE/CVE-2022-48120 SQL Injection vulnerability in kishan0725 Hospital Management System thru commit 4770d740f2512693ef8fd9aa10a8d17f79fad9bd (on March 13, 2021), allows attackers to execute arbitrary commands via the contact and doctor parameters to /search.php. CVE project by @Sn0wAlice Create: 2023-01-27 21:56:32 +0000 UTC Push: 2023-01-27 21:56:34 +0000 UTC |

Live-Hack-CVE/CVE-2022-48152 SQL Injection vulnerability in RemoteClinic 2.0 allows attackers to execute arbitrary commands and gain sensitive information via the id parameter to /medicines/profile.php. CVE project by @Sn0wAlice Create: 2023-01-27 21:56:28 +0000 UTC Push: 2023-01-27 21:56:31 +0000 UTC |

Live-Hack-CVE/CVE-2022-47747 kraken <= 0.1.4 has an arbitrary file read vulnerability via the component testfs. CVE project by @Sn0wAlice Create: 2023-01-27 21:56:25 +0000 UTC Push: 2023-01-27 21:56:27 +0000 UTC |

Live-Hack-CVE/CVE-2021-44226 Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer has been created by any unprivileged user before Synapse is installed. The unprivileged user may have placed Trojan horse DLLs there. CVE project by @Sn0wAlice Create: 2023-01-27 19:46:17 +0000 UTC Push: 2023-01-27 19:46:20 +0000 UTC |

Live-Hack-CVE/CVE-2022-2712 In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code. CVE project by @Sn0wAlice Create: 2023-01-27 19:46:12 +0000 UTC Push: 2023-01-27 19:46:15 +0000 UTC |

0xlilim/CVE-2021-3129 Create: 2023-01-27 18:23:05 +0000 UTC Push: 2023-01-27 18:23:05 +0000 UTC |

Live-Hack-CVE/CVE-2023-22740 Discourse is an open source platform for community discussion. Versions prior to 3.1.0.beta1 (beta) (tests-passed) are vulnerable to Allocation of Resources Without Limits. Users can create chat drafts of an unlimited length, which can cause a denial of service by generating an excessive load on the server. Additionall CVE project by @Sn0wAlice Create: 2023-01-27 14:21:03 +0000 UTC Push: 2023-01-27 14:21:05 +0000 UTC |

Live-Hack-CVE/CVE-2023-24060 Haven 5d15944 allows Server-Side Request Forgery (SSRF) via the feed[url]= Feeds functionality. Authenticated users with the ability to create new RSS Feeds or add RSS Feeds can supply an arbitrary hostname (or even the hostname of the Haven server itself). NOTE: this product has significant usage but does not have num CVE project by @Sn0wAlice Create: 2023-01-27 14:20:59 +0000 UTC Push: 2023-01-27 14:21:02 +0000 UTC |

Live-Hack-CVE/CVE-2020-36659 In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix. CVE project by @Sn0wAlice Create: 2023-01-27 14:20:56 +0000 UTC Push: 2023-01-27 14:20:58 +0000 UTC |

Live-Hack-CVE/CVE-2020-36658 In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix. CVE project by @Sn0wAlice Create: 2023-01-27 14:20:52 +0000 UTC Push: 2023-01-27 14:20:54 +0000 UTC |

Live-Hack-CVE/CVE-2023-0519 Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4. CVE project by @Sn0wAlice Create: 2023-01-27 09:47:04 +0000 UTC Push: 2023-01-27 09:47:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-0493 Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5. CVE project by @Sn0wAlice Create: 2023-01-27 09:47:00 +0000 UTC Push: 2023-01-27 09:47:03 +0000 UTC |

Live-Hack-CVE/CVE-2022-46967 An access control issue in Revenue Collection System v1.0 allows unauthenticated attackers to view the contents of /admin/DBbackup/ directory. CVE project by @Sn0wAlice Create: 2023-01-27 09:46:57 +0000 UTC Push: 2023-01-27 09:46:59 +0000 UTC |

Live-Hack-CVE/CVE-2022-46966 Revenue Collection System v1.0 was discovered to contain a SQL injection vulnerability at step1.php. CVE project by @Sn0wAlice Create: 2023-01-27 09:46:53 +0000 UTC Push: 2023-01-27 09:46:56 +0000 UTC |