unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
增加标签
Tags (allow clear + 0 threshold)
Choose a tag...
Please select a valid tag.
n3m1dotsys/CVE-2023-22809-sudoedit-privesc
A script to automate privilege escalation with CVE-2023-22809 vulnerability
Create: 2023-01-21 23:19:23 +0000 UTC Push: 2023-01-21 23:19:23 +0000 UTC |
0xless/CVE-2022-44900-demo-lab
Demo webapp vulnerable to CVE-2022-44900
Create: 2023-01-21 22:52:59 +0000 UTC Push: 2023-01-21 22:52:59 +0000 UTC |
Marsel-marsel/CVE-2022-45770
LPE exploit via windows driver
Create: 2023-01-21 18:32:02 +0000 UTC Push: 2023-01-21 18:32:03 +0000 UTC |
Live-Hack-CVE/CVE-2023-24038
The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes. CVE project by @Sn0wAlice
Create: 2023-01-21 15:10:05 +0000 UTC Push: 2023-01-21 15:10:08 +0000 UTC |
Live-Hack-CVE/CVE-2020-36655
Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file. CVE project by @Sn0wAlice
Create: 2023-01-21 15:10:01 +0000 UTC Push: 2023-01-21 15:10:04 +0000 UTC |
Live-Hack-CVE/CVE-2023-24042
A race condition in LightFTP through 2.2 allows an attacker to achieve path traversal via a malformed FTP request. A handler thread can use an overwritten context->FileName. CVE project by @Sn0wAlice
Create: 2023-01-21 15:09:58 +0000 UTC Push: 2023-01-21 15:10:00 +0000 UTC |
Live-Hack-CVE/CVE-2023-24040
** UNSUPPORTED WHEN ASSIGNED ** dtprintinfo in Common Desktop Environment 1.6 has a bug in the parser of lpstat (an invoked external command) during listing of the names of available printers. This allows low-privileged local users to inject arbitrary printer names via the $HOME/.printers file. This injection allows th CVE project by @Sn0wAlice
Create: 2023-01-21 15:09:55 +0000 UTC Push: 2023-01-21 15:09:57 +0000 UTC |
Live-Hack-CVE/CVE-2023-24039
** UNSUPPORTED WHEN ASSIGNED ** A stack-based buffer overflow in ParseColors in libXm in Common Desktop Environment 1.6 can be exploited by local low-privileged users via the dtprintinfo setuid binary to escalate their privileges to root on Solaris 10 systems. NOTE: This vulnerability only affects products that are no CVE project by @Sn0wAlice
Create: 2023-01-21 15:09:51 +0000 UTC Push: 2023-01-21 15:09:53 +0000 UTC |
Live-Hack-CVE/CVE-2021-43138
In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution. CVE project by @Sn0wAlice
Create: 2023-01-21 15:09:48 +0000 UTC Push: 2023-01-21 15:09:50 +0000 UTC |
Live-Hack-CVE/CVE-2023-22742
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the `certificate_check` field of libgit2's `git_remote_callbacks` structure - if CVE project by @Sn0wAlice
Create: 2023-01-21 09:37:12 +0000 UTC Push: 2023-01-21 09:37:14 +0000 UTC |
TurtleARM/CVE-2023-0179-PoC
Create: 2023-01-21 09:02:01 +0000 UTC Push: 2023-01-21 09:02:02 +0000 UTC |
Live-Hack-CVE/CVE-2020-16145
Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15. CVE project by @Sn0wAlice
Create: 2023-01-21 07:23:42 +0000 UTC Push: 2023-01-21 07:23:45 +0000 UTC |
Live-Hack-CVE/CVE-2020-15953
LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TLS context, aka "response in CVE project by @Sn0wAlice
Create: 2023-01-21 07:23:38 +0000 UTC Push: 2023-01-21 07:23:40 +0000 UTC |
Live-Hack-CVE/CVE-2023-24025
CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2022) in PQClean d03da30 may allow universal forgeries of digital signatures via a template side-channel attack because of intermediate data leakage of one vector. CVE project by @Sn0wAlice
Create: 2023-01-21 07:23:34 +0000 UTC Push: 2023-01-21 07:23:36 +0000 UTC |
Live-Hack-CVE/CVE-2023-23607
erohtar/Dasherr is a dashboard for self-hosted services. In affected versions unrestricted file upload allows any unauthenticated user to execute arbitrary code on the server. The file /www/include/filesave.php allows for any file to uploaded to anywhere. If an attacker uploads a php file they can execute code on the s CVE project by @Sn0wAlice
Create: 2023-01-21 07:23:30 +0000 UTC Push: 2023-01-21 07:23:32 +0000 UTC |
Live-Hack-CVE/CVE-2021-33642
When a file is processed, an infinite loop occurs in next_inline() of the more_curly() function. CVE project by @Sn0wAlice
Create: 2023-01-21 07:23:27 +0000 UTC Push: 2023-01-21 07:23:29 +0000 UTC |
Live-Hack-CVE/CVE-2021-33641
When processing files, malloc stores the data of the current line. When processing comments, malloc incorrectly accesses the released memory (use after free). CVE project by @Sn0wAlice
Create: 2023-01-21 07:23:23 +0000 UTC Push: 2023-01-21 07:23:25 +0000 UTC |
Live-Hack-CVE/CVE-2020-25502
Cybereason EDR version 19.1.282 and above, 19.2.182 and above, 20.1.343 and above, and 20.2.X and above has a DLL hijacking vulnerability, which could allow a local attacker to execute code with elevated privileges. CVE project by @Sn0wAlice
Create: 2023-01-21 07:23:19 +0000 UTC Push: 2023-01-21 07:23:21 +0000 UTC |
Live-Hack-CVE/CVE-2022-46732
Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status. CVE project by @Sn0wAlice
Create: 2023-01-21 07:23:09 +0000 UTC Push: 2023-01-21 07:23:11 +0000 UTC |
Live-Hack-CVE/CVE-2023-24028
In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function. CVE project by @Sn0wAlice
Create: 2023-01-21 07:23:05 +0000 UTC Push: 2023-01-21 07:23:08 +0000 UTC |
Previous
474
475
476
477
478
479
480
481
Next