unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
增加标签
Tags (allow clear + 0 threshold)
Choose a tag...
Please select a valid tag.
Live-Hack-CVE/CVE-2019-12746
An issue was discovered in Open Ticket Request System (OTRS) Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. A user logged into OTRS as an agent might unknowingly disclose their session ID by sharing the link of an embedded ticket article with third parties. This identifier can be then be potentially a CVE project by @Sn0wAlice
Create: 2023-01-21 01:54:50 +0000 UTC Push: 2023-01-21 01:54:53 +0000 UTC |
Live-Hack-CVE/CVE-2019-13458
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. An attacker who is logged into OTRS as an agent user with appropriate permissions can leverage OTRS notification tags in templates in order to disclose hashed user passw CVE project by @Sn0wAlice
Create: 2023-01-21 01:54:46 +0000 UTC Push: 2023-01-21 01:54:49 +0000 UTC |
Live-Hack-CVE/CVE-2019-16303
A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness (apache.commons.lang3 RandomStringUtils). This allows an attacker (if able to obtain their own password reset URL) to compute the value for all other password resets for CVE project by @Sn0wAlice
Create: 2023-01-21 01:54:41 +0000 UTC Push: 2023-01-21 01:54:44 +0000 UTC |
Live-Hack-CVE/CVE-2019-13361
Smanos W100 1.0.0 devices have Insecure Permissions, exploitable by an attacker on the same Wi-Fi network. CVE project by @Sn0wAlice
Create: 2023-01-21 01:54:37 +0000 UTC Push: 2023-01-21 01:54:40 +0000 UTC |
Live-Hack-CVE/CVE-2019-15715
MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution. CVE project by @Sn0wAlice
Create: 2023-01-21 01:54:33 +0000 UTC Push: 2023-01-21 01:54:36 +0000 UTC |
Live-Hack-CVE/CVE-2019-15587
In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. CVE project by @Sn0wAlice
Create: 2023-01-21 01:54:28 +0000 UTC Push: 2023-01-21 01:54:31 +0000 UTC |
Live-Hack-CVE/CVE-2020-5306
Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content. CVE project by @Sn0wAlice
Create: 2023-01-21 01:54:24 +0000 UTC Push: 2023-01-21 01:54:27 +0000 UTC |
Live-Hack-CVE/CVE-2019-12416
we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. This is only active if a developer selected the ClientSideWindowStrategy which is not the default. CVE project by @Sn0wAlice
Create: 2023-01-21 01:54:20 +0000 UTC Push: 2023-01-21 01:54:23 +0000 UTC |
grimlockx/CVE-2019-9978-2
Create: 2023-01-21 00:29:18 +0000 UTC Push: 2023-01-21 00:29:54 +0000 UTC |
Live-Hack-CVE/CVE-2022-20967
A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface. This vulnerability is due to improper validation of input to an application CVE project by @Sn0wAlice
Create: 2023-01-20 23:43:08 +0000 UTC Push: 2023-01-20 23:43:11 +0000 UTC |
Live-Hack-CVE/CVE-2017-16332
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authentica CVE project by @Sn0wAlice
Create: 2023-01-20 23:42:59 +0000 UTC Push: 2023-01-20 23:43:02 +0000 UTC |
Live-Hack-CVE/CVE-2017-16334
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authentica CVE project by @Sn0wAlice
Create: 2023-01-20 23:42:51 +0000 UTC Push: 2023-01-20 23:42:54 +0000 UTC |
Live-Hack-CVE/CVE-2022-0742
Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc. CVE project by @Sn0wAlice
Create: 2023-01-20 23:42:46 +0000 UTC Push: 2023-01-20 23:42:49 +0000 UTC |
Live-Hack-CVE/CVE-2012-6689
The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux kernel before 3.5.5 does not validate the dst_pid field, which allows local users to have an unspecified impact by spoofing Netlink messages. CVE project by @Sn0wAlice
Create: 2023-01-20 23:42:41 +0000 UTC Push: 2023-01-20 23:42:44 +0000 UTC |
Live-Hack-CVE/CVE-2019-18813
A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka CID-9bbfceea12a8. CVE project by @Sn0wAlice
Create: 2023-01-20 23:42:38 +0000 UTC Push: 2023-01-20 23:42:40 +0000 UTC |
Live-Hack-CVE/CVE-2017-16335
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authentica CVE project by @Sn0wAlice
Create: 2023-01-20 23:42:34 +0000 UTC Push: 2023-01-20 23:42:36 +0000 UTC |
Live-Hack-CVE/CVE-2017-7615
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php. CVE project by @Sn0wAlice
Create: 2023-01-20 23:42:23 +0000 UTC Push: 2023-01-20 23:42:26 +0000 UTC |
Live-Hack-CVE/CVE-2021-37500
Directory traversal vulnerability in Reprise License Manager (RLM) web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file the on the server. CVE project by @Sn0wAlice
Create: 2023-01-20 21:31:06 +0000 UTC Push: 2023-01-20 21:31:09 +0000 UTC |
Live-Hack-CVE/CVE-2021-37499
CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers. CVE project by @Sn0wAlice
Create: 2023-01-20 21:31:02 +0000 UTC Push: 2023-01-20 21:31:04 +0000 UTC |
Live-Hack-CVE/CVE-2021-37498
An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function. CVE project by @Sn0wAlice
Create: 2023-01-20 21:30:58 +0000 UTC Push: 2023-01-20 21:31:00 +0000 UTC |
Previous
478
479
480
481
482
483
484
485
Next