Live-Hack-CVE/CVE-2022-48323 Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) 1.0.1.43315 is vulnerable to a path traversal issue. A remote and unauthenticated attacker can execute arbitrary programs on the victim host by sending a crafted HTTP request, as demonstrated by /check?cmd=ping../ followed by the pathname of the powershe CVE project by @Sn0wAlice Create: 2023-02-13 14:48:31 +0000 UTC Push: 2023-02-13 14:48:33 +0000 UTC |

Live-Hack-CVE/CVE-2022-48322 NETGEAR Nighthawk WiFi Mesh systems and routers are affected by a stack-based buffer overflow vulnerability. This affects MR60 before 1.1.7.132, MS60 before 1.1.7.132, R6900P before 1.3.3.154, R7000P before 1.3.3.154, R7960P before 1.4.4.94, and R8000P before 1.4.4.94. CVE project by @Sn0wAlice Create: 2023-02-13 14:48:28 +0000 UTC Push: 2023-02-13 14:48:30 +0000 UTC |

Live-Hack-CVE/CVE-2022-25937 Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:20180129). CVE project by @Sn0wAlice Create: 2023-02-13 14:48:25 +0000 UTC Push: 2023-02-13 14:48:27 +0000 UTC |

Malwareman007/CVE-2023-21608 Adobe Acrobat Reader - CVE-2023-21608 - Remote Code Execution Exploit Create: 2023-02-13 14:11:40 +0000 UTC Push: 2023-02-13 14:11:40 +0000 UTC |

4ra1n/CVE-2023-21839 Weblogic CVE-2023-21839 RCE (无需Java依赖，构造协议通过socket一键RCE) Create: 2023-02-13 11:42:27 +0000 UTC Push: 2023-02-24 21:29:38 +0000 UTC |

Live-Hack-CVE/CVE-2015-5233 Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary hosts or (2) remote authenticated users with the destroy_reports permission to delete reports from arbitrary hosts via dir CVE project by @Sn0wAlice Create: 2023-02-13 10:27:39 +0000 UTC Push: 2023-02-13 10:27:41 +0000 UTC |

Live-Hack-CVE/CVE-2015-5305 Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd. CVE project by @Sn0wAlice Create: 2023-02-13 10:27:35 +0000 UTC Push: 2023-02-13 10:27:37 +0000 UTC |

Live-Hack-CVE/CVE-2015-5329 The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the default credentials. CVE project by @Sn0wAlice Create: 2023-02-13 10:27:32 +0000 UTC Push: 2023-02-13 10:27:34 +0000 UTC |

Live-Hack-CVE/CVE-2015-5295 The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a template, as demonstrated by file:///dev/ze CVE project by @Sn0wAlice Create: 2023-02-13 10:27:29 +0000 UTC Push: 2023-02-13 10:27:31 +0000 UTC |

Live-Hack-CVE/CVE-2015-5313 Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in CVE project by @Sn0wAlice Create: 2023-02-13 10:27:26 +0000 UTC Push: 2023-02-13 10:27:27 +0000 UTC |

Live-Hack-CVE/CVE-2015-5292 Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos a CVE project by @Sn0wAlice Create: 2023-02-13 10:27:22 +0000 UTC Push: 2023-02-13 10:27:24 +0000 UTC |

Live-Hack-CVE/CVE-2015-5302 libreport 2.0.7 before 2.6.3 only saves changes to the first file when editing a crash report, which allows remote attackers to obtain sensitive information via unspecified vectors related to the (1) backtrace, (2) cmdline, (3) environ, (4) open_fds, (5) maps, (6) smaps, (7) hostname, (8) remote, (9) ks.cfg, or (10) an CVE project by @Sn0wAlice Create: 2023-02-13 10:27:19 +0000 UTC Push: 2023-02-13 10:27:21 +0000 UTC |

Live-Hack-CVE/CVE-2015-7502 Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to (1) database exports or (2) log files. CVE project by @Sn0wAlice Create: 2023-02-13 10:27:16 +0000 UTC Push: 2023-02-13 10:27:17 +0000 UTC |

Live-Hack-CVE/CVE-2015-7500 The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. CVE project by @Sn0wAlice Create: 2023-02-13 10:27:12 +0000 UTC Push: 2023-02-13 10:27:14 +0000 UTC |

Live-Hack-CVE/CVE-2015-7499 Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. CVE project by @Sn0wAlice Create: 2023-02-13 10:27:09 +0000 UTC Push: 2023-02-13 10:27:11 +0000 UTC |

Live-Hack-CVE/CVE-2015-7504 Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode. CVE project by @Sn0wAlice Create: 2023-02-13 10:27:05 +0000 UTC Push: 2023-02-13 10:27:07 +0000 UTC |

Live-Hack-CVE/CVE-2015-7512 Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. CVE project by @Sn0wAlice Create: 2023-02-13 10:27:02 +0000 UTC Push: 2023-02-13 10:27:04 +0000 UTC |

Live-Hack-CVE/CVE-2015-7544 redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment. CVE project by @Sn0wAlice Create: 2023-02-13 10:26:59 +0000 UTC Push: 2023-02-13 10:27:01 +0000 UTC |

Live-Hack-CVE/CVE-2015-7549 The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method. CVE project by @Sn0wAlice Create: 2023-02-13 10:26:55 +0000 UTC Push: 2023-02-13 10:26:57 +0000 UTC |

Live-Hack-CVE/CVE-2015-7529 sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date. CVE project by @Sn0wAlice Create: 2023-02-13 10:26:52 +0000 UTC Push: 2023-02-13 10:26:54 +0000 UTC |