unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
增加标签
Tags (allow clear + 0 threshold)
Choose a tag...
Please select a valid tag.
Live-Hack-CVE/CVE-2020-15920
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required. CVE project by @Sn0wAlice
Create: 2023-01-21 06:17:43 +0000 UTC Push: 2023-01-21 06:17:46 +0000 UTC |
Live-Hack-CVE/CVE-2020-15860
Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic Error causing remote code execution. It allows an authenticated user to execute any application in the backend operating system through the web application, despite the affected application not being published. In addition, it was discovered that it CVE project by @Sn0wAlice
Create: 2023-01-21 06:17:39 +0000 UTC Push: 2023-01-21 06:17:42 +0000 UTC |
Live-Hack-CVE/CVE-2019-20204
The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCript:/* at the beginning and a crafted SVG element. CVE project by @Sn0wAlice
Create: 2023-01-21 06:17:36 +0000 UTC Push: 2023-01-21 06:17:38 +0000 UTC |
Live-Hack-CVE/CVE-2020-12778
Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack. CVE project by @Sn0wAlice
Create: 2023-01-21 06:17:32 +0000 UTC Push: 2023-01-21 06:17:34 +0000 UTC |
Live-Hack-CVE/CVE-2020-12777
A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information. CVE project by @Sn0wAlice
Create: 2023-01-21 06:17:28 +0000 UTC Push: 2023-01-21 06:17:30 +0000 UTC |
Live-Hack-CVE/CVE-2020-12781
Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery. CVE project by @Sn0wAlice
Create: 2023-01-21 06:17:24 +0000 UTC Push: 2023-01-21 06:17:26 +0000 UTC |
Live-Hack-CVE/CVE-2019-20208
dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack-based buffer overflow. CVE project by @Sn0wAlice
Create: 2023-01-21 06:17:19 +0000 UTC Push: 2023-01-21 06:17:22 +0000 UTC |
Live-Hack-CVE/CVE-2022-24713
regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guara CVE project by @Sn0wAlice
Create: 2023-01-21 04:04:38 +0000 UTC Push: 2023-01-21 04:04:40 +0000 UTC |
Live-Hack-CVE/CVE-2020-1106
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1101. CVE project by @Sn0wAlice
Create: 2023-01-21 04:04:33 +0000 UTC Push: 2023-01-21 04:04:36 +0000 UTC |
Live-Hack-CVE/CVE-2023-23489
The Easy Digital Downloads WordPress Plugin, version < 3.1.0.4, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action. CVE project by @Sn0wAlice
Create: 2023-01-21 04:04:29 +0000 UTC Push: 2023-01-21 04:04:32 +0000 UTC |
Live-Hack-CVE/CVE-2023-23488
The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route. CVE project by @Sn0wAlice
Create: 2023-01-21 04:04:25 +0000 UTC Push: 2023-01-21 04:04:27 +0000 UTC |
Live-Hack-CVE/CVE-2023-22912
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated (aka re-used) nonce, allowing an adversary to decrypt. CVE project by @Sn0wAlice
Create: 2023-01-21 04:04:21 +0000 UTC Push: 2023-01-21 04:04:24 +0000 UTC |
Live-Hack-CVE/CVE-2023-22910
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision-* fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs capability. CVE project by @Sn0wAlice
Create: 2023-01-21 04:04:17 +0000 UTC Push: 2023-01-21 04:04:20 +0000 UTC |
Live-Hack-CVE/CVE-2022-38112
In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext. CVE project by @Sn0wAlice
Create: 2023-01-21 04:04:13 +0000 UTC Push: 2023-01-21 04:04:16 +0000 UTC |
Live-Hack-CVE/CVE-2022-38110
In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting. CVE project by @Sn0wAlice
Create: 2023-01-21 04:04:09 +0000 UTC Push: 2023-01-21 04:04:11 +0000 UTC |
Live-Hack-CVE/CVE-2020-12872
yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0. CVE project by @Sn0wAlice
Create: 2023-01-21 04:04:05 +0000 UTC Push: 2023-01-21 04:04:07 +0000 UTC |
Live-Hack-CVE/CVE-2020-7663
websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be ab CVE project by @Sn0wAlice
Create: 2023-01-21 04:04:00 +0000 UTC Push: 2023-01-21 04:04:02 +0000 UTC |
Live-Hack-CVE/CVE-2020-12109
Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304. CVE project by @Sn0wAlice
Create: 2023-01-21 04:03:56 +0000 UTC Push: 2023-01-21 04:03:58 +0000 UTC |
Live-Hack-CVE/CVE-2020-12059
An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception. CVE project by @Sn0wAlice
Create: 2023-01-21 04:03:51 +0000 UTC Push: 2023-01-21 04:03:54 +0000 UTC |
Live-Hack-CVE/CVE-2021-46795
A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result in a denial of service. CVE project by @Sn0wAlice
Create: 2023-01-21 04:03:46 +0000 UTC Push: 2023-01-21 04:03:49 +0000 UTC |
Previous
476
477
478
479
480
481
482
483
Next