Live-Hack-CVE/CVE-2023-24494 A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session. CVE project by @Sn0wAlice Create: 2023-02-03 02:23:10 +0000 UTC Push: 2023-02-03 02:23:12 +0000 UTC |

Live-Hack-CVE/CVE-2023-24493 A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could leverage the reporting system to export reports containing formulas, which would then require a victim to approve and execute on a host. CVE project by @Sn0wAlice Create: 2023-02-03 02:23:06 +0000 UTC Push: 2023-02-03 02:23:09 +0000 UTC |

Live-Hack-CVE/CVE-2023-24459 A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. CVE project by @Sn0wAlice Create: 2023-02-03 02:23:03 +0000 UTC Push: 2023-02-03 02:23:05 +0000 UTC |

Live-Hack-CVE/CVE-2023-24458 A cross-site request forgery (CSRF) vulnerability in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified URL. CVE project by @Sn0wAlice Create: 2023-02-03 02:22:59 +0000 UTC Push: 2023-02-03 02:23:01 +0000 UTC |

Live-Hack-CVE/CVE-2023-24457 A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account. CVE project by @Sn0wAlice Create: 2023-02-03 02:22:55 +0000 UTC Push: 2023-02-03 02:22:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-24456 Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login. CVE project by @Sn0wAlice Create: 2023-02-03 02:22:51 +0000 UTC Push: 2023-02-03 02:22:54 +0000 UTC |

Live-Hack-CVE/CVE-2023-24455 Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. CVE project by @Sn0wAlice Create: 2023-02-03 02:22:47 +0000 UTC Push: 2023-02-03 02:22:50 +0000 UTC |

Live-Hack-CVE/CVE-2023-24454 Jenkins TestQuality Updater Plugin 1.3 and earlier stores the TestQuality Updater password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. CVE project by @Sn0wAlice Create: 2023-02-03 02:22:43 +0000 UTC Push: 2023-02-03 02:22:46 +0000 UTC |

Live-Hack-CVE/CVE-2023-24453 A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. CVE project by @Sn0wAlice Create: 2023-02-03 02:22:39 +0000 UTC Push: 2023-02-03 02:22:42 +0000 UTC |

Live-Hack-CVE/CVE-2023-24452 A cross-site request forgery (CSRF) vulnerability in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password. CVE project by @Sn0wAlice Create: 2023-02-03 02:22:36 +0000 UTC Push: 2023-02-03 02:22:38 +0000 UTC |

Live-Hack-CVE/CVE-2022-39193 An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by users with checkuser access. CVE project by @Sn0wAlice Create: 2023-02-03 02:22:31 +0000 UTC Push: 2023-02-03 02:22:33 +0000 UTC |

Live-Hack-CVE/CVE-2019-10186 A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool. CVE project by @Sn0wAlice Create: 2023-02-03 02:22:26 +0000 UTC Push: 2023-02-03 02:22:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-0286 A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service. CVE project by @Sn0wAlice Create: 2023-02-03 02:22:22 +0000 UTC Push: 2023-02-03 02:22:25 +0000 UTC |

miko550/CVE-2022-46169 Create: 2023-02-03 02:21:08 +0000 UTC Push: 2023-02-03 02:21:09 +0000 UTC |

Live-Hack-CVE/CVE-2011-2920 CVE-2011-2920 Satellite: XSS flaw(s) in filter handling CVE project by @Sn0wAlice Create: 2023-02-03 00:11:02 +0000 UTC Push: 2023-02-03 00:11:05 +0000 UTC |

Live-Hack-CVE/CVE-2012-2386 CVE-2012-2386 php: Integer overflow leading to heap-buffer overflow in the Phar extension CVE project by @Sn0wAlice Create: 2023-02-03 00:10:59 +0000 UTC Push: 2023-02-03 00:11:01 +0000 UTC |

Live-Hack-CVE/CVE-2011-2487 A flaw was found in JBoss web services where the services used a weak symmetric encryption protocol, PKCS#1 v1.5. An attacker could use this weakness in chosen-ciphertext attacks to recover the symmetric key and conduct further attacks. CVE project by @Sn0wAlice Create: 2023-02-03 00:10:55 +0000 UTC Push: 2023-02-03 00:10:57 +0000 UTC |

Live-Hack-CVE/CVE-2011-2927 CVE-2011-2927 Satellite/Spacewalk: XSS flaw in channels search CVE project by @Sn0wAlice Create: 2023-02-03 00:10:51 +0000 UTC Push: 2023-02-03 00:10:54 +0000 UTC |

Live-Hack-CVE/CVE-2018-1111 A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using CVE project by @Sn0wAlice Create: 2023-02-03 00:10:47 +0000 UTC Push: 2023-02-03 00:10:50 +0000 UTC |

Live-Hack-CVE/CVE-2011-4127 CVE-2011-4127 kernel: possible privilege escalation via SG_IO ioctl CVE project by @Sn0wAlice Create: 2023-02-03 00:10:43 +0000 UTC Push: 2023-02-03 00:10:46 +0000 UTC |