Cardtibe/Jpg-Png-Exploit-Downloader-Fud-Cryter-Malware-Builder-Cve-2022 Create: 2023-01-24 20:52:54 +0000 UTC Push: 2023-01-24 20:52:55 +0000 UTC |

Cardtibe/Discord-Image-Token-Password-Grabber-Exploit-Cve-2022 Create: 2023-01-24 20:52:24 +0000 UTC Push: 2023-01-24 20:52:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-4554 B2B Customer Ordering System developed by ID Software Project and Consultancy Services before version 1.0.0.347 has an authenticated Reflected XSS vulnerability. This has been fixed in the version 1.0.0.347. CVE project by @Sn0wAlice Create: 2023-01-24 20:08:40 +0000 UTC Push: 2023-01-24 20:08:43 +0000 UTC |

mutur4/CVE-2022-0847 This is a repo to showcase the dirty pipe Linux Kernel Vulnerability. Create: 2023-01-24 16:44:32 +0000 UTC Push: 2023-01-24 16:44:33 +0000 UTC |

t3l3machus/CVE-2023-22960 This vulnerability allows an attacker to bypass the credentials brute-force prevention mechanism of the Embedded Web Server (interface) of more than 60 Lexmark printer models. This issue affects both username-password and PIN authentication. Create: 2023-01-24 16:33:19 +0000 UTC Push: 2023-01-24 20:23:31 +0000 UTC |

mutur4/CVE-2021-4034 Create: 2023-01-24 16:29:44 +0000 UTC Push: 2023-01-24 16:29:45 +0000 UTC |

Live-Hack-CVE/CVE-2020-5313 libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow. CVE project by @Sn0wAlice Create: 2023-01-24 14:41:05 +0000 UTC Push: 2023-01-24 14:41:07 +0000 UTC |

Live-Hack-CVE/CVE-2020-10056 A vulnerability has been identified in License Management Utility (LMU) (All versions < V2.4). The lmgrd service of the affected application is executed with local SYSTEM privileges on the server while its configuration can be modified by local users. The vulnerability could allow a local authenticated attacker to exec CVE project by @Sn0wAlice Create: 2023-01-24 14:41:01 +0000 UTC Push: 2023-01-24 14:41:04 +0000 UTC |

Live-Hack-CVE/CVE-2013-0898 Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a URL. CVE project by @Sn0wAlice Create: 2023-01-24 14:40:56 +0000 UTC Push: 2023-01-24 14:41:00 +0000 UTC |

Live-Hack-CVE/CVE-2013-0880 Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to databases. CVE project by @Sn0wAlice Create: 2023-01-24 14:40:53 +0000 UTC Push: 2023-01-24 14:40:55 +0000 UTC |

Live-Hack-CVE/CVE-2020-5395 FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c. CVE project by @Sn0wAlice Create: 2023-01-24 14:40:49 +0000 UTC Push: 2023-01-24 14:40:51 +0000 UTC |

Live-Hack-CVE/CVE-2020-5496 FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c. CVE project by @Sn0wAlice Create: 2023-01-24 14:40:46 +0000 UTC Push: 2023-01-24 14:40:48 +0000 UTC |

Live-Hack-CVE/CVE-2020-5497 The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized. This is related to header.tag. The issue can be exploited to execute arbitrary JavaScript. CVE project by @Sn0wAlice Create: 2023-01-24 14:40:42 +0000 UTC Push: 2023-01-24 14:40:44 +0000 UTC |

Live-Hack-CVE/CVE-2019-25044 The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue. CVE project by @Sn0wAlice Create: 2023-01-24 14:40:38 +0000 UTC Push: 2023-01-24 14:40:41 +0000 UTC |

Live-Hack-CVE/CVE-2013-7490 An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption. CVE project by @Sn0wAlice Create: 2023-01-24 14:40:35 +0000 UTC Push: 2023-01-24 14:40:37 +0000 UTC |

Live-Hack-CVE/CVE-2020-15094 In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surrogate CVE project by @Sn0wAlice Create: 2023-01-24 14:40:31 +0000 UTC Push: 2023-01-24 14:40:33 +0000 UTC |

Live-Hack-CVE/CVE-2020-25269 An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server. CVE project by @Sn0wAlice Create: 2023-01-24 14:40:28 +0000 UTC Push: 2023-01-24 14:40:30 +0000 UTC |

Live-Hack-CVE/CVE-2019-20382 QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd. CVE project by @Sn0wAlice Create: 2023-01-24 14:40:24 +0000 UTC Push: 2023-01-24 14:40:26 +0000 UTC |

Live-Hack-CVE/CVE-2019-18860 Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi. CVE project by @Sn0wAlice Create: 2023-01-24 14:40:20 +0000 UTC Push: 2023-01-24 14:40:23 +0000 UTC |

Live-Hack-CVE/CVE-2021-29024 In InvoicePlane 1.5.11 a misconfigured web server allows unauthenticated directory listing and file download. Allowing an attacker to directory traversal and download files suppose to be private without authentication. CVE project by @Sn0wAlice Create: 2023-01-24 14:40:17 +0000 UTC Push: 2023-01-24 14:40:19 +0000 UTC |