Live-Hack-CVE/CVE-2013-10007 A vulnerability classified as problematic has been found in ethitter WP-Print-Friendly up to 0.5.2. This affects an unknown part of the file wp-print-friendly.php. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. Upgrading to version 0.5.3 is able to address this issue. CVE project by @Sn0wAlice Create: 2023-01-03 22:14:17 +0000 UTC Push: 2023-01-03 22:14:19 +0000 UTC |

Live-Hack-CVE/CVE-2022-4871 A vulnerability classified as problematic was found in ummmmm nflpick-em.com up to 2.2.x. This vulnerability affects the function _Load_Users of the file html/includes/runtime/admin/JSON/LoadUsers.php. The manipulation of the argument sort leads to sql injection. The attack can be initiated remotely. The name of the pa CVE project by @Sn0wAlice Create: 2023-01-03 22:14:11 +0000 UTC Push: 2023-01-03 22:14:14 +0000 UTC |

Live-Hack-CVE/CVE-2012-10003 A vulnerability, which was classified as problematic, has been found in ahmyi RivetTracker. This issue affects some unknown processing. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated remotely. The name of the patch is f053c5cc2bc44269b0496b5f275e349928a9 CVE project by @Sn0wAlice Create: 2023-01-03 22:14:07 +0000 UTC Push: 2023-01-03 22:14:10 +0000 UTC |

Live-Hack-CVE/CVE-2015-10012 ** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in sumocoders FrameworkUserBundle up to 1.3.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Resources/views/Security/login.html.twig. The manipulation leads to information expo CVE project by @Sn0wAlice Create: 2023-01-03 20:03:58 +0000 UTC Push: 2023-01-03 20:04:01 +0000 UTC |

Live-Hack-CVE/CVE-2012-10002 A vulnerability was found in ahmyi RivetTracker. It has been declared as problematic. Affected by this vulnerability is the function changeColor of the file css.php. The manipulation of the argument set_css leads to cross site scripting. The attack can be launched remotely. The name of the patch is 45a0f33876d58cb7e4a0 CVE project by @Sn0wAlice Create: 2023-01-03 20:03:53 +0000 UTC Push: 2023-01-03 20:03:56 +0000 UTC |

Live-Hack-CVE/CVE-2022-3614 In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:55 +0000 UTC Push: 2023-01-03 14:38:57 +0000 UTC |

Live-Hack-CVE/CVE-2022-47908 Stack-based buffer overflow vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:49 +0000 UTC Push: 2023-01-03 14:38:52 +0000 UTC |

Live-Hack-CVE/CVE-2022-47618 Merit LILIN AH55B04 & AH55B08 DVR firm has hard-coded administrator credentials. An unauthenticated remote attacker can use these credentials to log in administrator page, to manipulate system or disrupt service. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:45 +0000 UTC Push: 2023-01-03 14:38:48 +0000 UTC |

Live-Hack-CVE/CVE-2022-47317 Out-of-bounds write vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:41 +0000 UTC Push: 2023-01-03 14:38:44 +0000 UTC |

Live-Hack-CVE/CVE-2022-46360 Out-of-bounds read vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:37 +0000 UTC Push: 2023-01-03 14:38:40 +0000 UTC |

Live-Hack-CVE/CVE-2022-46309 Vitals ESP upload function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to access arbitrary system files. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:33 +0000 UTC Push: 2023-01-03 14:38:36 +0000 UTC |

Live-Hack-CVE/CVE-2022-46306 ChangingTec ServiSign component has a path traversal vulnerability due to insufficient filtering for special characters in the DLL file path. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers the component to load malicious DLL files under arbitrary file pa CVE project by @Sn0wAlice Create: 2023-01-03 14:38:28 +0000 UTC Push: 2023-01-03 14:38:32 +0000 UTC |

Live-Hack-CVE/CVE-2022-46305 ChangingTec ServiSign component has a path traversal vulnerability. An unauthenticated LAN attacker can exploit this vulnerability to bypass authentication and access arbitrary system files. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:24 +0000 UTC Push: 2023-01-03 14:38:27 +0000 UTC |

Live-Hack-CVE/CVE-2022-46304 ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary system command to perfor CVE project by @Sn0wAlice Create: 2023-01-03 14:38:20 +0000 UTC Push: 2023-01-03 14:38:23 +0000 UTC |

Live-Hack-CVE/CVE-2022-43448 Out-of-bounds write vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:16 +0000 UTC Push: 2023-01-03 14:38:18 +0000 UTC |

Live-Hack-CVE/CVE-2022-43438 The Administrator function of EasyTest has an Incorrect Authorization vulnerability. A remote attacker authenticated as a general user can exploit this vulnerability to bypass the intended access restrictions, to make API functions calls, manipulate system and terminate service. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:12 +0000 UTC Push: 2023-01-03 14:38:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-43437 The Download function’s parameter of EasyTest has insufficient validation for user input. A remote attacker authenticated as a general user can inject arbitrary SQL command to access, modify or delete database. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:08 +0000 UTC Push: 2023-01-03 14:38:11 +0000 UTC |

Live-Hack-CVE/CVE-2022-43436 The File Upload function of EasyTest has insufficient filtering for special characters and file type. A remote attacker authenticated as a general user can upload and execute arbitrary files, to manipulate system or disrupt service. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:04 +0000 UTC Push: 2023-01-03 14:38:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-41645 Out-of-bounds read vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:00 +0000 UTC Push: 2023-01-03 14:38:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-40740 Realtek GPON router has insufficient filtering for special characters. A remote attacker authenticated as an administrator can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service. CVE project by @Sn0wAlice Create: 2023-01-03 14:37:56 +0000 UTC Push: 2023-01-03 14:37:58 +0000 UTC |