Live-Hack-CVE/CVE-2023-0861 NetModule NSRW web administration interface executes an OS command constructed with unsanitized user input. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 b CVE project by @Sn0wAlice Create: 2023-02-16 19:38:18 +0000 UTC Push: 2023-02-16 19:38:20 +0000 UTC |

Live-Hack-CVE/CVE-2023-0862 The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges. This issue affects NSRW: from 4.3.0.0 befor CVE project by @Sn0wAlice Create: 2023-02-16 19:38:15 +0000 UTC Push: 2023-02-16 19:38:17 +0000 UTC |

Live-Hack-CVE/CVE-2023-0860 Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4. CVE project by @Sn0wAlice Create: 2023-02-16 19:38:11 +0000 UTC Push: 2023-02-16 19:38:14 +0000 UTC |

Live-Hack-CVE/CVE-2019-6623 On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, undisclosed traffic sent to BIG-IP iSession virtual server may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS). CVE project by @Sn0wAlice Create: 2023-02-16 15:17:18 +0000 UTC Push: 2023-02-16 15:17:21 +0000 UTC |

Live-Hack-CVE/CVE-2019-6629 On BIG-IP 14.1.0-14.1.0.5, undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Client SSL profile must have session tickets enabled and use DHE cipher suites to be affected. This only impacts the data plane, there is no impact to the control plane. CVE project by @Sn0wAlice Create: 2023-02-16 15:17:15 +0000 UTC Push: 2023-02-16 15:17:17 +0000 UTC |

Live-Hack-CVE/CVE-2019-6631 On BIG-IP 11.5.1-11.6.4, iRules performing HTTP header manipulation may cause an interruption to service when processing traffic handled by a Virtual Server with an associated HTTP profile, in specific circumstances, when the requests do not strictly conform to RFCs. CVE project by @Sn0wAlice Create: 2023-02-16 15:17:11 +0000 UTC Push: 2023-02-16 15:17:13 +0000 UTC |

Live-Hack-CVE/CVE-2019-6635 On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, when the BIG-IP system is licensed for Appliance mode, a user with either the Administrator or the Resource Administrator role can bypass Appliance mode restrictions. CVE project by @Sn0wAlice Create: 2023-02-16 15:17:08 +0000 UTC Push: 2023-02-16 15:17:10 +0000 UTC |

Live-Hack-CVE/CVE-2019-6639 On BIG-IP (AFM, PEM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, an undisclosed TMUI pages for AFM and PEM Subscriber management are vulnerable to a stored cross-site scripting (XSS) issue. This is a control plane issue only and is not accessible from the data p CVE project by @Sn0wAlice Create: 2023-02-16 15:17:04 +0000 UTC Push: 2023-02-16 15:17:06 +0000 UTC |

Live-Hack-CVE/CVE-2019-6633 On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, when the BIG-IP system is licensed with Appliance mode, user accounts with Administrator and Resource Administrator roles can bypass Appliance mode restrictions. CVE project by @Sn0wAlice Create: 2023-02-16 15:17:00 +0000 UTC Push: 2023-02-16 15:17:03 +0000 UTC |

h4md153v63n/CVE-2022-40348_Intern-Record-System-Cross-site-Scripting-V1.0-Vulnerability-Unauthenticated CVE-2022-40348: Intern Record System - 'name' and 'email' Cross-site Scripting (Unauthenticated) Create: 2023-02-16 10:29:33 +0000 UTC Push: 2023-02-16 10:29:34 +0000 UTC |

h4md153v63n/CVE-2022-40347_Intern-Record-System-phone-V1.0-SQL-Injection-Vulnerability-Unauthenticated CVE-2022-40347: Intern Record System - 'phone', 'email', 'deptType' and 'name' SQL Injection (Unauthenticated) Create: 2023-02-16 10:16:51 +0000 UTC Push: 2023-02-16 10:16:52 +0000 UTC |

h4md153v63n/CVE-2022-40032_Simple-Task-Managing-System-V1.0-SQL-Injection-Vulnerability-Unauthenticated CVE-2022-40032: Simple Task Managing System - 'login' and 'password' SQL Injection (Unauthenticated) Create: 2023-02-16 09:42:48 +0000 UTC Push: 2023-02-16 09:42:48 +0000 UTC |

h4md153v63n/CVE-2022-40032-Simple-Task-Managing-System---login-and-password-SQL-Injection-Unauthenticated- CVE-2022-40032: Simple Task Managing System - 'login' and 'password' SQL Injection (Unauthenticated) Create: 2023-02-16 09:33:09 +0000 UTC Push: 2023-02-16 09:33:09 +0000 UTC |

Live-Hack-CVE/CVE-2023-22855 Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution. It spawns a web interface listening on port 8088. A user-controllable path is handed to a path-concatenation method (Path.Combine from .NET) without proper sanitisation. This yields the possibility of including local files, as well as remote files CVE project by @Sn0wAlice Create: 2023-02-16 07:26:06 +0000 UTC Push: 2023-02-16 07:26:08 +0000 UTC |

Live-Hack-CVE/CVE-2022-45546 Information Disclosure in Authentication Component of ScreenCheck BadgeMaker 2.6.2.0 application allows internal attacker to obtain credentials for authentication via network sniffing. CVE project by @Sn0wAlice Create: 2023-02-16 07:26:02 +0000 UTC Push: 2023-02-16 07:26:05 +0000 UTC |

Live-Hack-CVE/CVE-2022-42455 ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. Local users can gain privileges CVE project by @Sn0wAlice Create: 2023-02-16 07:25:59 +0000 UTC Push: 2023-02-16 07:26:01 +0000 UTC |

Live-Hack-CVE/CVE-2022-45543 Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search. CVE project by @Sn0wAlice Create: 2023-02-16 07:25:55 +0000 UTC Push: 2023-02-16 07:25:57 +0000 UTC |

Live-Hack-CVE/CVE-2023-0850 A vulnerability was found in Netgear WNDR3700v2 1.0.1.14 and classified as problematic. This issue affects some unknown processing of the component Web Interface. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifi CVE project by @Sn0wAlice Create: 2023-02-16 07:25:47 +0000 UTC Push: 2023-02-16 07:25:50 +0000 UTC |

Live-Hack-CVE/CVE-2023-0849 A vulnerability has been found in Netgear WNDR3700v2 1.0.1.14 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifie CVE project by @Sn0wAlice Create: 2023-02-16 07:25:42 +0000 UTC Push: 2023-02-16 07:25:46 +0000 UTC |

Live-Hack-CVE/CVE-2023-0848 A vulnerability was found in Netgear WNDR3700v2 1.0.1.14. It has been rated as problematic. This issue affects some unknown processing of the component Web Management Interface. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be use CVE project by @Sn0wAlice Create: 2023-02-16 07:25:38 +0000 UTC Push: 2023-02-16 07:25:41 +0000 UTC |