Live-Hack-CVE/CVE-2018-3934 An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker can sniff network traffic and send a set of packets to trigger this vulnerability. CVE project by @Sn0wAlice Create: 2023-02-02 14:22:12 +0000 UTC Push: 2023-02-02 14:22:14 +0000 UTC |

Live-Hack-CVE/CVE-2018-3935 An exploitable code execution vulnerability exists in the UDP network functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can allocate unlimited memory, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability. CVE project by @Sn0wAlice Create: 2023-02-02 14:22:09 +0000 UTC Push: 2023-02-02 14:22:11 +0000 UTC |

Live-Hack-CVE/CVE-2018-3928 An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a settings change, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability. CVE project by @Sn0wAlice Create: 2023-02-02 14:22:05 +0000 UTC Push: 2023-02-02 14:22:07 +0000 UTC |

Live-Hack-CVE/CVE-2018-3920 An exploitable code execution vulnerability exists in the firmware update functionality of the Yi Home Camera 27US 1.8.7.0D. A specially crafted 7-Zip file can cause a CRC collision, resulting in a firmware update and code execution. An attacker can insert an SDcard to trigger this vulnerability. CVE project by @Sn0wAlice Create: 2023-02-02 14:22:02 +0000 UTC Push: 2023-02-02 14:22:04 +0000 UTC |

Live-Hack-CVE/CVE-2018-3910 An exploitable code execution vulnerability exists in the cloud OTA setup functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted SSID can cause a command injection, resulting in code execution. An attacker can cause a camera to connect to this SSID to trigger this vulnerability. Alternatively, an attacker c CVE project by @Sn0wAlice Create: 2023-02-02 14:21:58 +0000 UTC Push: 2023-02-02 14:22:01 +0000 UTC |

Live-Hack-CVE/CVE-2018-3900 An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. An attacker can make the camera scan a QR code to trigger this vulnerability. Alternatively, a user could be con CVE project by @Sn0wAlice Create: 2023-02-02 14:21:55 +0000 UTC Push: 2023-02-02 14:21:57 +0000 UTC |

Live-Hack-CVE/CVE-2018-3892 An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted packet can cause a buffer overflow, resulting in code execution. An attacker can intercept and alter network traffic to trigger this vulnerability. CVE project by @Sn0wAlice Create: 2023-02-02 14:21:51 +0000 UTC Push: 2023-02-02 14:21:53 +0000 UTC |

Live-Hack-CVE/CVE-2018-3899 An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans_info call can overwrite a buffer of size 0x104, which is more than enough to overflow the return addre CVE project by @Sn0wAlice Create: 2023-02-02 14:21:48 +0000 UTC Push: 2023-02-02 14:21:50 +0000 UTC |

Live-Hack-CVE/CVE-2018-3898 An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans_info call can overwrite a buffer of size 0x104, which is more than enough to overflow the return addre CVE project by @Sn0wAlice Create: 2023-02-02 14:21:44 +0000 UTC Push: 2023-02-02 14:21:47 +0000 UTC |

Live-Hack-CVE/CVE-2018-3891 An exploitable firmware downgrade vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw, resulting in a firmware downgrade. An attacker can insert an SD card to trigger this vulnerability. CVE project by @Sn0wAlice Create: 2023-02-02 14:21:41 +0000 UTC Push: 2023-02-02 14:21:43 +0000 UTC |

Live-Hack-CVE/CVE-2018-3888 A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code executio CVE project by @Sn0wAlice Create: 2023-02-02 14:21:37 +0000 UTC Push: 2023-02-02 14:21:39 +0000 UTC |

Live-Hack-CVE/CVE-2018-3887 A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code executio CVE project by @Sn0wAlice Create: 2023-02-02 14:21:22 +0000 UTC Push: 2023-02-02 14:21:23 +0000 UTC |

Live-Hack-CVE/CVE-2018-3981 An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. CVE project by @Sn0wAlice Create: 2023-02-02 14:21:18 +0000 UTC Push: 2023-02-02 14:21:21 +0000 UTC |

Live-Hack-CVE/CVE-2019-19746 make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. CVE project by @Sn0wAlice Create: 2023-02-02 14:21:15 +0000 UTC Push: 2023-02-02 14:21:17 +0000 UTC |

Live-Hack-CVE/CVE-2019-7004 A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not evaluated. CVE project by @Sn0wAlice Create: 2023-02-02 14:21:11 +0000 UTC Push: 2023-02-02 14:21:13 +0000 UTC |

Live-Hack-CVE/CVE-2019-19649 Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function. CVE project by @Sn0wAlice Create: 2023-02-02 14:21:08 +0000 UTC Push: 2023-02-02 14:21:10 +0000 UTC |

Live-Hack-CVE/CVE-2018-1386 IBM Tivoli Workload Automation for AIX (IBM Workload Scheduler 8.6, 9.1, 9.2, 9.3, and 9.4) contains directories with improper permissions that could allow a local user to with special access to gain root privileges. IBM X-Force ID: 138208. CVE project by @Sn0wAlice Create: 2023-02-02 14:21:04 +0000 UTC Push: 2023-02-02 14:21:07 +0000 UTC |

Live-Hack-CVE/CVE-2019-19722 In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient. CVE project by @Sn0wAlice Create: 2023-02-02 14:21:01 +0000 UTC Push: 2023-02-02 14:21:03 +0000 UTC |

Live-Hack-CVE/CVE-2023-25015 Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF. CVE project by @Sn0wAlice Create: 2023-02-02 14:20:56 +0000 UTC Push: 2023-02-02 14:20:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-0599 Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another Metasploit Pro user using CVE project by @Sn0wAlice Create: 2023-02-02 09:50:12 +0000 UTC Push: 2023-02-02 09:50:15 +0000 UTC |