Live-Hack-CVE/CVE-2023-24202 Raffle Draw System v1.0 was discovered to contain a local file inclusion vulnerability via the page parameter in index.php. CVE project by @Sn0wAlice Create: 2023-02-07 01:31:33 +0000 UTC Push: 2023-02-07 01:31:36 +0000 UTC |

Live-Hack-CVE/CVE-2023-24201 Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at get_ticket.php. CVE project by @Sn0wAlice Create: 2023-02-07 01:31:29 +0000 UTC Push: 2023-02-07 01:31:32 +0000 UTC |

Live-Hack-CVE/CVE-2023-24200 Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at save_ticket.php. CVE project by @Sn0wAlice Create: 2023-02-07 01:31:26 +0000 UTC Push: 2023-02-07 01:31:28 +0000 UTC |

Live-Hack-CVE/CVE-2023-24199 Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at delete_ticket.php. CVE project by @Sn0wAlice Create: 2023-02-07 01:31:22 +0000 UTC Push: 2023-02-07 01:31:24 +0000 UTC |

Live-Hack-CVE/CVE-2023-24198 Raffle Draw System v1.0 was discovered to contain multiple SQL injection vulnerabilities at save_winner.php via the ticket_id and draw parameters. CVE project by @Sn0wAlice Create: 2023-02-07 01:31:18 +0000 UTC Push: 2023-02-07 01:31:21 +0000 UTC |

Live-Hack-CVE/CVE-2023-24197 Online Food Ordering System v2 was discovered to contain a SQL injection vulnerability via the id parameter at view_order.php. CVE project by @Sn0wAlice Create: 2023-02-07 01:31:15 +0000 UTC Push: 2023-02-07 01:31:17 +0000 UTC |

Live-Hack-CVE/CVE-2023-24195 Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in index.php. CVE project by @Sn0wAlice Create: 2023-02-07 01:31:11 +0000 UTC Push: 2023-02-07 01:31:13 +0000 UTC |

Live-Hack-CVE/CVE-2023-24194 Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in navbar.php. CVE project by @Sn0wAlice Create: 2023-02-07 01:31:08 +0000 UTC Push: 2023-02-07 01:31:10 +0000 UTC |

Live-Hack-CVE/CVE-2023-24192 Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in login.php. CVE project by @Sn0wAlice Create: 2023-02-07 01:31:04 +0000 UTC Push: 2023-02-07 01:31:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-24191 Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in signup.php. CVE project by @Sn0wAlice Create: 2023-02-07 01:31:00 +0000 UTC Push: 2023-02-07 01:31:03 +0000 UTC |

Live-Hack-CVE/CVE-2022-48019 The components wfshbr64.sys and wfshbr32.sys in Another Eden before v3.0.20 and before v2.14.200 allows attackers to perform privilege escalation via a crafted payload. CVE project by @Sn0wAlice Create: 2023-02-07 01:30:57 +0000 UTC Push: 2023-02-07 01:30:59 +0000 UTC |

Live-Hack-CVE/CVE-2023-0451 All versions of Econolite EOS traffic control software are vulnerable to CWE-284: Improper Access Control, and lack a password requirement for gaining “READONLY” access to log files, as well as certain database and configuration files. One such file contains tables with message-digest algorithm 5 (MD5) hashes and usern CVE project by @Sn0wAlice Create: 2023-02-07 01:30:53 +0000 UTC Push: 2023-02-07 01:30:55 +0000 UTC |

Live-Hack-CVE/CVE-2022-48078 pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was discovered to contain a stack overflow via the component ASTree.cpp:BuildFromCode. CVE project by @Sn0wAlice Create: 2023-02-07 01:30:48 +0000 UTC Push: 2023-02-07 01:30:51 +0000 UTC |

Live-Hack-CVE/CVE-2022-47040 An issue in ASKEY router RTF3505VW-N1 BR_SV_g000_R3505VMN1001_s32_7 allows attackers to escalate privileges via running the tcpdump command after placing a crafted file in the /tmp directory and sending crafted packets through port 80. CVE project by @Sn0wAlice Create: 2023-02-07 01:30:45 +0000 UTC Push: 2023-02-07 01:30:47 +0000 UTC |

Live-Hack-CVE/CVE-2022-43997 Incorrect access control in Aternity agent in Riverbed Aternity before 12.1.4.27 allows for local privilege escalation. There is an insufficiently protected handle to the A180AG.exe SYSTEM process with PROCESS_ALL_ACCESS rights. CVE project by @Sn0wAlice Create: 2023-02-07 01:30:41 +0000 UTC Push: 2023-02-07 01:30:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-42330 Guests can cause Xenstore crash via soft reset When a guest issues a "Soft Reset" (e.g. for performing a kexec) the libxl based Xen toolstack will normally perform a XS_RELEASE Xenstore operation. Due to a bug in xenstored this can result in a crash of xenstored. Any other use of XS_RELEASE will have the same impact. CVE project by @Sn0wAlice Create: 2023-02-07 01:30:37 +0000 UTC Push: 2023-02-07 01:30:40 +0000 UTC |

Live-Hack-CVE/CVE-2022-3924 This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clients that are waiting CVE project by @Sn0wAlice Create: 2023-02-07 01:30:33 +0000 UTC Push: 2023-02-07 01:30:36 +0000 UTC |

Live-Hack-CVE/CVE-2023-20020 A vulnerability in the Device Management Servlet application of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input va CVE project by @Sn0wAlice Create: 2023-02-07 01:30:29 +0000 UTC Push: 2023-02-07 01:30:32 +0000 UTC |

Live-Hack-CVE/CVE-2023-20019 A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform, Cisco BroadWorks Application Server, and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of a CVE project by @Sn0wAlice Create: 2023-02-07 01:30:26 +0000 UTC Push: 2023-02-07 01:30:28 +0000 UTC |

Live-Hack-CVE/CVE-2023-0321 Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network. From factory defaults, the mentioned datalogges have HTTP and PakBus enabled. The devices, with the default configuration, allow CVE project by @Sn0wAlice Create: 2023-02-07 01:30:22 +0000 UTC Push: 2023-02-07 01:30:24 +0000 UTC |