Live-Hack-CVE/CVE-2019-4162 IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 is missing the HTTP Strict Transport Security header. Users can navigate by mistake to the unencrypted version of the web application or accept invalid certificates. This leads to sensitive data being sent unencrypted over the wire. IBM X-Force ID: 158661. CVE project by @Sn0wAlice Create: 2023-02-04 06:06:06 +0000 UTC Push: 2023-02-04 06:06:09 +0000 UTC |

Live-Hack-CVE/CVE-2019-4257 IBM InfoSphere Information Server 11.5 and 11.7 is affected by an information disclosure vulnerability. Sensitive information in an error message may be used to conduct further attacks against the system. IBM X-Force ID: 159945. CVE project by @Sn0wAlice Create: 2023-02-04 06:06:03 +0000 UTC Push: 2023-02-04 06:06:05 +0000 UTC |

Live-Hack-CVE/CVE-2019-4173 IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to read secret data from process memory an CVE project by @Sn0wAlice Create: 2023-02-04 06:05:59 +0000 UTC Push: 2023-02-04 06:06:01 +0000 UTC |

Live-Hack-CVE/CVE-2019-3612 Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1 HF2 and TIE prior to 2.3.1 HF1 allows Authenticated users to view sensitive information in plain text via the GUI or command line. CVE project by @Sn0wAlice Create: 2023-02-04 06:05:55 +0000 UTC Push: 2023-02-04 06:05:58 +0000 UTC |

Live-Hack-CVE/CVE-2019-4166 IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be truste CVE project by @Sn0wAlice Create: 2023-02-04 06:05:51 +0000 UTC Push: 2023-02-04 06:05:54 +0000 UTC |

Live-Hack-CVE/CVE-2020-10963 FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution) via admin/tips_image/image/file_upload image upload with PHP content within a GIF image that has the .php extension. NOTE: this product is discontinued. CVE project by @Sn0wAlice Create: 2023-02-04 06:05:47 +0000 UTC Push: 2023-02-04 06:05:50 +0000 UTC |

Live-Hack-CVE/CVE-2019-13748 Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE project by @Sn0wAlice Create: 2023-02-04 06:05:40 +0000 UTC Push: 2023-02-04 06:05:43 +0000 UTC |

Live-Hack-CVE/CVE-2019-13746 Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE project by @Sn0wAlice Create: 2023-02-04 06:05:35 +0000 UTC Push: 2023-02-04 06:05:38 +0000 UTC |

Live-Hack-CVE/CVE-2019-13744 Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE project by @Sn0wAlice Create: 2023-02-04 06:05:32 +0000 UTC Push: 2023-02-04 06:05:34 +0000 UTC |

es0j/CVE-2023-0045 Create: 2023-02-04 05:51:04 +0000 UTC Push: 2023-02-04 06:22:52 +0000 UTC |

Live-Hack-CVE/CVE-2019-6643 On versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, and 11.5.2-11.6.4, an attacker sending specifically crafted DHCPv6 requests through a BIG-IP virtual server configured with a DHCPv6 profile may be able to cause the TMM process to produce a core file. CVE project by @Sn0wAlice Create: 2023-02-04 03:54:36 +0000 UTC Push: 2023-02-04 03:54:39 +0000 UTC |

Live-Hack-CVE/CVE-2019-6648 On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration. CVE project by @Sn0wAlice Create: 2023-02-04 03:54:33 +0000 UTC Push: 2023-02-04 03:54:35 +0000 UTC |

Live-Hack-CVE/CVE-2018-3835 An exploitable out of bounds write vulnerability exists in version 2.2 of the Per Face Texture mapping application known as PTEX. The vulnerability is present in the reading of a file without proper parameter checking. The value read in, is not verified to be valid and its use can lead to a buffer overflow, potentially CVE project by @Sn0wAlice Create: 2023-02-04 03:54:29 +0000 UTC Push: 2023-02-04 03:54:31 +0000 UTC |

Live-Hack-CVE/CVE-2018-3834 An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the kind of firmware image that is going to be installed and thus CVE project by @Sn0wAlice Create: 2023-02-04 03:54:25 +0000 UTC Push: 2023-02-04 03:54:28 +0000 UTC |

Live-Hack-CVE/CVE-2019-4070 IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157015. CVE project by @Sn0wAlice Create: 2023-02-04 03:54:17 +0000 UTC Push: 2023-02-04 03:54:20 +0000 UTC |

Live-Hack-CVE/CVE-2018-3836 An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes attacker data to thi CVE project by @Sn0wAlice Create: 2023-02-04 03:54:14 +0000 UTC Push: 2023-02-04 03:54:16 +0000 UTC |

Live-Hack-CVE/CVE-2019-4103 IBM Tivoli Netcool/Impact 7.1.0 allows for remote execution of command by low privileged User. Remote code execution allow to execute arbitrary code on system which lead to take control over the system. IBM X-Force ID: 158094. CVE project by @Sn0wAlice Create: 2023-02-04 03:54:10 +0000 UTC Push: 2023-02-04 03:54:13 +0000 UTC |

Live-Hack-CVE/CVE-2018-3861 A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. CVE project by @Sn0wAlice Create: 2023-02-04 03:54:07 +0000 UTC Push: 2023-02-04 03:54:09 +0000 UTC |

Live-Hack-CVE/CVE-2020-26664 A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file. CVE project by @Sn0wAlice Create: 2023-02-04 03:54:03 +0000 UTC Push: 2023-02-04 03:54:05 +0000 UTC |

Live-Hack-CVE/CVE-2019-4062 IBM i2 Intelligent Analyis Platform 9.0.0 through 9.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 157007. CVE project by @Sn0wAlice Create: 2023-02-04 03:54:00 +0000 UTC Push: 2023-02-04 03:54:02 +0000 UTC |