unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
增加标签
Tags (allow clear + 0 threshold)
Choose a tag...
Please select a valid tag.
Live-Hack-CVE/CVE-2022-3994
The Authenticator WordPress plugin before 1.3.1 does not prevent subscribers from updating a site's feed access token, which may deny other users access to the functionality in certain configurations. CVE project by @Sn0wAlice
Create: 2023-01-03 08:05:54 +0000 UTC Push: 2023-01-03 08:05:56 +0000 UTC |
Live-Hack-CVE/CVE-2022-3936
The Team Members WordPress plugin before 5.2.1 does not sanitize and escapes some of its settings, which could allow high-privilege users such as editors to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in a multisite setup). CVE project by @Sn0wAlice
Create: 2023-01-03 08:05:50 +0000 UTC Push: 2023-01-03 08:05:52 +0000 UTC |
Live-Hack-CVE/CVE-2022-3911
The iubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + more WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any authenticated users, such as subscribe CVE project by @Sn0wAlice
Create: 2023-01-03 08:05:45 +0000 UTC Push: 2023-01-03 08:05:49 +0000 UTC |
Live-Hack-CVE/CVE-2022-3860
The Visual Email Designer for WooCommerce WordPress plugin before 1.7.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author. CVE project by @Sn0wAlice
Create: 2023-01-03 08:05:42 +0000 UTC Push: 2023-01-03 08:05:44 +0000 UTC |
Live-Hack-CVE/CVE-2022-3241
The Build App Online WordPress plugin before 1.0.19 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection CVE project by @Sn0wAlice
Create: 2023-01-03 08:05:38 +0000 UTC Push: 2023-01-03 08:05:41 +0000 UTC |
Live-Hack-CVE/CVE-2015-10011
A vulnerability classified as problematic has been found in OpenDNS OpenResolve. This affects an unknown part of the file resolverapi/endpoints.py. The manipulation leads to improper output neutralization for logs. The name of the patch is 9eba6ba5abd89d0e36a008921eb307fcef8c5311. It is recommended to apply a patch to CVE project by @Sn0wAlice
Create: 2023-01-03 08:05:34 +0000 UTC Push: 2023-01-03 08:05:36 +0000 UTC |
Live-Hack-CVE/CVE-2016-15007
A vulnerability was found in Centralized-Salesforce-Dev-Framework. It has been declared as problematic. Affected by this vulnerability is the function SObjectService of the file src/classes/SObjectService.cls of the component SOQL Handler. The manipulation of the argument orderDirection leads to injection. The name of CVE project by @Sn0wAlice
Create: 2023-01-03 05:55:23 +0000 UTC Push: 2023-01-03 05:55:25 +0000 UTC |
Live-Hack-CVE/CVE-2014-125036
A vulnerability, which was classified as problematic, has been found in drybjed ansible-ntp. Affected by this issue is some unknown functionality of the file meta/main.yml. The manipulation leads to insufficient control of network message volume. The attack can only be done within the local network. The name of the pat CVE project by @Sn0wAlice
Create: 2023-01-03 05:55:19 +0000 UTC Push: 2023-01-03 05:55:22 +0000 UTC |
Live-Hack-CVE/CVE-2023-22452
kenny2automate is a Discord bot. In the web interface for server settings, form elements were generated with Discord channel IDs as part of input names. Prior to commit a947d7c, no validation was performed to ensure that the channel IDs submitted actually belonged to the server being configured. Thus anyone who has acc CVE project by @Sn0wAlice
Create: 2023-01-03 05:55:15 +0000 UTC Push: 2023-01-03 05:55:17 +0000 UTC |
Live-Hack-CVE/CVE-2021-35576
Vulnerability in the Oracle Database Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with network access via Oracle Net to compromise O CVE project by @Sn0wAlice
Create: 2023-01-03 03:45:07 +0000 UTC Push: 2023-01-03 03:45:10 +0000 UTC |
Live-Hack-CVE/CVE-2014-125038
A vulnerability has been found in IS_Projecto2 and classified as critical. This vulnerability affects unknown code of the file Cnn-EJB/ejbModule/ejbs/NewsBean.java. The manipulation of the argument date leads to sql injection. The name of the patch is aa128b2c9c9fdcbbf5ecd82c1e92103573017fe0. It is recommended to apply CVE project by @Sn0wAlice
Create: 2023-01-03 03:45:02 +0000 UTC Push: 2023-01-03 03:45:05 +0000 UTC |
Live-Hack-CVE/CVE-2014-125037
A vulnerability, which was classified as critical, was found in License to Kill. This affects an unknown part of the file models/injury.rb. The manipulation of the argument name leads to sql injection. The name of the patch is cd11cf174f361c98e9b1b4c281aa7b77f46b5078. It is recommended to apply a patch to fix this issu CVE project by @Sn0wAlice
Create: 2023-01-03 03:44:58 +0000 UTC Push: 2023-01-03 03:45:01 +0000 UTC |
Inplex-sys/CVE-2022-46169
Cacti Unauthenticated Command Injection
Create: 2023-01-03 02:03:26 +0000 UTC Push: 2023-01-03 02:03:26 +0000 UTC |
Live-Hack-CVE/CVE-2023-22451
Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register new accounts and/or change passwords, there is no validation in place which would prevent them from picking an easy to guess password. This issue is resolved by providing defaults for the `AUTH_PASSWORD_VALIDATORS` config CVE project by @Sn0wAlice
Create: 2023-01-03 01:34:51 +0000 UTC Push: 2023-01-03 01:34:54 +0000 UTC |
Live-Hack-CVE/CVE-2022-48197
** UNSUPPORTED WHEN ASSIGNED ** Reflected cross-site scripting (XSS) exists in the TreeView of YUI2 through 2800: up.php sam.php renderhidden.php removechildren.php removeall.php readd.php overflow.php newnode2.php newnode.php. NOTE: This vulnerability only affects products that are no longer supported by the maintaine CVE project by @Sn0wAlice
Create: 2023-01-03 01:34:47 +0000 UTC Push: 2023-01-03 01:34:50 +0000 UTC |
Live-Hack-CVE/CVE-2017-20161
A vulnerability classified as problematic has been found in rofl0r MacGeiger. Affected is the function dump_wlan_at of the file macgeiger.c of the component ESSID Handler. The manipulation leads to injection. Access to the local network is required for this attack to succeed. The name of the patch is 57f1dd50a4821b8c8e CVE project by @Sn0wAlice
Create: 2023-01-03 01:34:43 +0000 UTC Push: 2023-01-03 01:34:46 +0000 UTC |
Live-Hack-CVE/CVE-2015-10009
A vulnerability was found in nterchange up to 4.1.0. It has been rated as critical. This issue affects the function getContent of the file app/controllers/code_caller_controller.php. The manipulation of the argument q with the input %5C%27%29;phpinfo%28%29;/* leads to code injection. The exploit has been disclosed to t CVE project by @Sn0wAlice
Create: 2023-01-03 01:34:39 +0000 UTC Push: 2023-01-03 01:34:41 +0000 UTC |
Live-Hack-CVE/CVE-2014-125035
A vulnerability classified as problematic was found in Jobs-Plugin. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The name of the patch is b8a56718b1d42834c6ec51d9c489c5dc20471d7b. It is recommended to apply a patch to fi CVE project by @Sn0wAlice
Create: 2023-01-03 01:34:35 +0000 UTC Push: 2023-01-03 01:34:37 +0000 UTC |
batuhan-dilek99/CVE-2019-5736
images for proof of concept
Create: 2023-01-03 00:41:46 +0000 UTC Push: 2023-01-03 00:41:47 +0000 UTC |
Live-Hack-CVE/CVE-2019-25093
A vulnerability, which was classified as problematic, was found in dragonexpert Recent Threads on Index. Affected is the function recentthread_list_threads of the file inc/plugins/recentthreads/hooks.php of the component Setting Handler. The manipulation of the argument recentthread_forumskip leads to cross site script CVE project by @Sn0wAlice
Create: 2023-01-02 21:14:07 +0000 UTC Push: 2023-01-02 21:14:11 +0000 UTC |
Previous
558
559
560
561
562
563
564
565
Next