unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
增加标签
Tags (allow clear + 0 threshold)
Choose a tag...
Please select a valid tag.
Live-Hack-CVE/CVE-2023-24139
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagHost parameter in the setNetworkDiag function. CVE project by @Sn0wAlice
Create: 2023-02-11 00:30:17 +0000 UTC Push: 2023-02-11 00:30:19 +0000 UTC |
Live-Hack-CVE/CVE-2023-24140
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingNum parameter in the setNetworkDiag function. CVE project by @Sn0wAlice
Create: 2023-02-11 00:30:13 +0000 UTC Push: 2023-02-11 00:30:16 +0000 UTC |
Live-Hack-CVE/CVE-2023-24141
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingTimeOut parameter in the setNetworkDiag function. CVE project by @Sn0wAlice
Create: 2023-02-11 00:30:08 +0000 UTC Push: 2023-02-11 00:30:11 +0000 UTC |
Live-Hack-CVE/CVE-2023-24142
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingSize parameter in the setNetworkDiag function. CVE project by @Sn0wAlice
Create: 2023-02-11 00:30:04 +0000 UTC Push: 2023-02-11 00:30:06 +0000 UTC |
Live-Hack-CVE/CVE-2023-24144
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hour parameter in the setRebootScheCfg function. CVE project by @Sn0wAlice
Create: 2023-02-11 00:30:00 +0000 UTC Push: 2023-02-11 00:30:02 +0000 UTC |
Live-Hack-CVE/CVE-2023-24143
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagTracertHop parameter in the setNetworkDiag function. CVE project by @Sn0wAlice
Create: 2023-02-11 00:29:56 +0000 UTC Push: 2023-02-11 00:29:58 +0000 UTC |
dhina016/CVE-2022-47986
Create: 2023-02-10 21:16:42 +0000 UTC Push: 2023-02-10 21:17:09 +0000 UTC |
0xf4n9x/CVE-2023-0669
CVE-2023-0669 GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object.
Create: 2023-02-10 21:02:55 +0000 UTC Push: 2023-02-11 15:18:39 +0000 UTC |
PyterSmithDarkGhost/CVE-2023-24055-PoC-KeePass-2.5x-
Create: 2023-02-10 20:04:29 +0000 UTC Push: 2023-02-10 20:04:29 +0000 UTC |
DickDock/CVE-2022-46166
CVE-2022-46166 靶场环境
Create: 2023-02-10 16:29:24 +0000 UTC Push: 2023-02-10 16:29:30 +0000 UTC |
houquanen/POC_CVE-2018-19518
Create: 2023-02-10 15:47:54 +0000 UTC Push: 2023-02-10 15:47:55 +0000 UTC |
UNICORDev/exploit-CVE-2022-25765
Exploit for CVE-2022–25765 (pdfkit) - Command Injection
Create: 2023-02-10 08:50:35 +0000 UTC Push: 2023-02-24 10:29:15 +0000 UTC |
Live-Hack-CVE/CVE-2023-24689
An issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files inside the root path of the webserver via manipulation of the "s" parameter in /DesignTools/ManageSkin.aspx CVE project by @Sn0wAlice
Create: 2023-02-10 05:53:40 +0000 UTC Push: 2023-02-10 05:53:43 +0000 UTC |
Live-Hack-CVE/CVE-2023-24688
An issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to register a new user even if the Allow User Registrations feature is disabled. CVE project by @Sn0wAlice
Create: 2023-02-10 05:53:36 +0000 UTC Push: 2023-02-10 05:53:39 +0000 UTC |
Live-Hack-CVE/CVE-2023-24687
Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Company Info Settings component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtCompanyName parameter. CVE project by @Sn0wAlice
Create: 2023-02-10 05:53:32 +0000 UTC Push: 2023-02-10 05:53:35 +0000 UTC |
Live-Hack-CVE/CVE-2023-24323
Mojoportal v2.7 was discovered to contain an authenticated XML external entity (XXE) injection vulnerability. CVE project by @Sn0wAlice
Create: 2023-02-10 05:53:28 +0000 UTC Push: 2023-02-10 05:53:31 +0000 UTC |
Live-Hack-CVE/CVE-2023-24322
A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters. CVE project by @Sn0wAlice
Create: 2023-02-10 05:53:25 +0000 UTC Push: 2023-02-10 05:53:27 +0000 UTC |
Live-Hack-CVE/CVE-2023-23912
A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote CVE project by @Sn0wAlice
Create: 2023-02-10 05:53:22 +0000 UTC Push: 2023-02-10 05:53:24 +0000 UTC |
Live-Hack-CVE/CVE-2023-22799
A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately. CVE project by @Sn0wAlice
Create: 2023-02-10 05:53:18 +0000 UTC Push: 2023-02-10 05:53:20 +0000 UTC |
Live-Hack-CVE/CVE-2023-22798
Prior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0, https://github.com/brave/adblock-lists removed redirect interceptors on some websites like Facebook in which the redirect interceptor may have been there for security purposes. This could potentially cause open redirects on these websites. Brave's redirect inter CVE project by @Sn0wAlice
Create: 2023-02-10 05:53:14 +0000 UTC Push: 2023-02-10 05:53:16 +0000 UTC |
Previous
390
391
392
393
394
395
396
397
Next