unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
增加标签
Tags (allow clear + 0 threshold)
Choose a tag...
Please select a valid tag.
Live-Hack-CVE/CVE-2022-4877
A vulnerability has been found in snoyberg keter up to 1.8.1 and classified as problematic. This vulnerability affects unknown code of the file Keter/Proxy.hs. The manipulation of the argument host leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.8.2 is able to address this is CVE project by @Sn0wAlice
Create: 2023-01-05 19:31:56 +0000 UTC Push: 2023-01-05 19:31:58 +0000 UTC |
Live-Hack-CVE/CVE-2022-43932
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitrary files via unspecified vectors. CVE project by @Sn0wAlice
Create: 2023-01-05 19:31:52 +0000 UTC Push: 2023-01-05 19:31:55 +0000 UTC |
Live-Hack-CVE/CVE-2021-4304
A vulnerability was found in eprintsug ulcc-core. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file cgi/toolbox/toolbox. The manipulation of the argument password leads to command injection. The attack can be launched remotely. The name of the patch is 811edaae81eb CVE project by @Sn0wAlice
Create: 2023-01-05 19:31:47 +0000 UTC Push: 2023-01-05 19:31:50 +0000 UTC |
Live-Hack-CVE/CVE-2020-36640
A vulnerability, which was classified as problematic, was found in bonitasoft bonita-connector-webservice up to 1.3.0. This affects the function TransformerConfigurationException of the file src/main/java/org/bonitasoft/connectors/ws/SecureWSConnector.java. The manipulation leads to xml external entity reference. Upgra CVE project by @Sn0wAlice
Create: 2023-01-05 19:31:43 +0000 UTC Push: 2023-01-05 19:31:46 +0000 UTC |
Live-Hack-CVE/CVE-2018-25065
A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags and classified as problematic. This issue affects some unknown processing of the file I18nTags_body.php of the component Unlike Parser. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is b4bc CVE project by @Sn0wAlice
Create: 2023-01-05 19:31:39 +0000 UTC Push: 2023-01-05 19:31:41 +0000 UTC |
Live-Hack-CVE/CVE-2015-10013
A vulnerability was found in WebDevStudios taxonomy-switcher Plugin up to 1.0.3. It has been classified as problematic. Affected is the function taxonomy_switcher_init of the file taxonomy-switcher.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1. CVE project by @Sn0wAlice
Create: 2023-01-05 19:31:34 +0000 UTC Push: 2023-01-05 19:31:37 +0000 UTC |
Live-Hack-CVE/CVE-2022-45434
Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could exploit the victim server to launch ICMP request attack to the des CVE project by @Sn0wAlice
Create: 2023-01-05 15:12:58 +0000 UTC Push: 2023-01-05 15:13:00 +0000 UTC |
Live-Hack-CVE/CVE-2022-45425
Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability. CVE project by @Sn0wAlice
Create: 2023-01-05 15:12:53 +0000 UTC Push: 2023-01-05 15:12:56 +0000 UTC |
Live-Hack-CVE/CVE-2022-45430
Some Dahua software products have a vulnerability of unauthenticated enable or disable SSHD service. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could enable or disable the SSHD service. CVE project by @Sn0wAlice
Create: 2023-01-05 15:12:49 +0000 UTC Push: 2023-01-05 15:12:52 +0000 UTC |
Live-Hack-CVE/CVE-2022-45432
Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated search for devices in range of IPs from remote DSS Server. CVE project by @Sn0wAlice
Create: 2023-01-05 15:12:45 +0000 UTC Push: 2023-01-05 15:12:48 +0000 UTC |
Live-Hack-CVE/CVE-2022-45431
Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server. CVE project by @Sn0wAlice
Create: 2023-01-05 15:12:41 +0000 UTC Push: 2023-01-05 15:12:43 +0000 UTC |
Live-Hack-CVE/CVE-2022-45427
Some Dahua software products have a vulnerability of unrestricted upload of file. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can upload arbitrary files. CVE project by @Sn0wAlice
Create: 2023-01-05 15:12:37 +0000 UTC Push: 2023-01-05 15:12:39 +0000 UTC |
Live-Hack-CVE/CVE-2022-45428
Some Dahua software products have a vulnerability of sensitive information leakage. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can obtain the debugging information. CVE project by @Sn0wAlice
Create: 2023-01-05 15:12:33 +0000 UTC Push: 2023-01-05 15:12:36 +0000 UTC |
Live-Hack-CVE/CVE-2022-45424
Some Dahua software products have a vulnerability of unauthenticated request of AES crypto key. An attacker can obtain the AES crypto key by sending a specific crafted packet to the vulnerable interface. CVE project by @Sn0wAlice
Create: 2023-01-05 15:12:29 +0000 UTC Push: 2023-01-05 15:12:30 +0000 UTC |
Live-Hack-CVE/CVE-2022-45433
Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could get the traceroute results. CVE project by @Sn0wAlice
Create: 2023-01-05 15:12:24 +0000 UTC Push: 2023-01-05 15:12:27 +0000 UTC |
Live-Hack-CVE/CVE-2022-45429
Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An Attacker can access internal resources by concatenating links (URL) that conform to specific rules. CVE project by @Sn0wAlice
Create: 2023-01-05 15:12:20 +0000 UTC Push: 2023-01-05 15:12:23 +0000 UTC |
Live-Hack-CVE/CVE-2022-2583
A race condition can cause incorrect HTTP request routing. CVE project by @Sn0wAlice
Create: 2023-01-05 15:12:15 +0000 UTC Push: 2023-01-05 15:12:18 +0000 UTC |
Live-Hack-CVE/CVE-2022-2582
The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it. CVE project by @Sn0wAlice
Create: 2023-01-05 15:12:11 +0000 UTC Push: 2023-01-05 15:12:14 +0000 UTC |
Live-Hack-CVE/CVE-2021-4238
Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions. CVE project by @Sn0wAlice
Create: 2023-01-05 15:12:07 +0000 UTC Push: 2023-01-05 15:12:10 +0000 UTC |
Live-Hack-CVE/CVE-2022-46178
MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.1 allow users to upload a file, but do not validate the file name, which may lead to upload file to any path. The vulnerability has been fixed in v2.5 CVE project by @Sn0wAlice
Create: 2023-01-05 15:12:02 +0000 UTC Push: 2023-01-05 15:12:05 +0000 UTC |
Previous
548
549
550
551
552
553
554
555
Next