Live-Hack-CVE/CVE-2022-29843 A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to execute code in the context of the root user. CVE project by @Sn0wAlice Create: 2023-02-02 02:03:05 +0000 UTC Push: 2023-02-02 02:03:08 +0000 UTC |

Live-Hack-CVE/CVE-2019-14301 Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 1 of 2). CVE project by @Sn0wAlice Create: 2023-02-02 02:03:02 +0000 UTC Push: 2023-02-02 02:03:04 +0000 UTC |

Live-Hack-CVE/CVE-2022-29844 A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to read and write arbitrary files. This could lead to a full NAS compromise and would give remote execution capabilities to the attacker. CVE project by @Sn0wAlice Create: 2023-02-02 02:02:58 +0000 UTC Push: 2023-02-02 02:03:00 +0000 UTC |

Live-Hack-CVE/CVE-2020-22452 SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php. CVE project by @Sn0wAlice Create: 2023-02-02 02:02:54 +0000 UTC Push: 2023-02-02 02:02:56 +0000 UTC |

Live-Hack-CVE/CVE-2022-31704 The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution. CVE project by @Sn0wAlice Create: 2023-02-02 02:02:50 +0000 UTC Push: 2023-02-02 02:02:52 +0000 UTC |

Live-Hack-CVE/CVE-2022-31706 The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. CVE project by @Sn0wAlice Create: 2023-02-02 02:02:46 +0000 UTC Push: 2023-02-02 02:02:49 +0000 UTC |

Live-Hack-CVE/CVE-2022-31710 vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service. CVE project by @Sn0wAlice Create: 2023-02-02 02:02:42 +0000 UTC Push: 2023-02-02 02:02:45 +0000 UTC |

paulotrindadec/CVE-2019-9193 Create: 2023-02-02 00:41:15 +0000 UTC Push: 2023-02-02 00:41:16 +0000 UTC |

Live-Hack-CVE/CVE-2023-22574 Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in platform API of IPMI module. A low-privileged user with permission to read logs on the cluster could potentially exploit this vulnerability, leading to Information disclosure and denial of service. CVE project by @Sn0wAlice Create: 2023-02-01 23:52:15 +0000 UTC Push: 2023-02-01 23:52:18 +0000 UTC |

Live-Hack-CVE/CVE-2023-22573 Dell PowerScale OneFS 9.0.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in cloudpool. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure. CVE project by @Sn0wAlice Create: 2023-02-01 23:52:11 +0000 UTC Push: 2023-02-01 23:52:13 +0000 UTC |

Live-Hack-CVE/CVE-2023-0613 A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /wireless/security.asp of the component httpd. The manipulation of the argument device_web_ip leads to memory corruption. The attack can be launched remotely. CVE project by @Sn0wAlice Create: 2023-02-01 23:52:07 +0000 UTC Push: 2023-02-01 23:52:10 +0000 UTC |

Live-Hack-CVE/CVE-2023-0612 A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. Affected is an unknown function of the file /wireless/basic.asp of the component httpd. The manipulation of the argument device_web_ip leads to buffer overflow. It is possible to launch the attack remotely. The exploit has bee CVE project by @Sn0wAlice Create: 2023-02-01 23:52:03 +0000 UTC Push: 2023-02-01 23:52:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-0611 A vulnerability, which was classified as critical, has been found in TRENDnet TEW-652BRP 3.04B01. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclose CVE project by @Sn0wAlice Create: 2023-02-01 23:51:59 +0000 UTC Push: 2023-02-01 23:52:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-47717 Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing (CORS). CVE project by @Sn0wAlice Create: 2023-02-01 23:51:56 +0000 UTC Push: 2023-02-01 23:51:58 +0000 UTC |

Live-Hack-CVE/CVE-2022-47715 In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic. CVE project by @Sn0wAlice Create: 2023-02-01 23:51:52 +0000 UTC Push: 2023-02-01 23:51:54 +0000 UTC |

Live-Hack-CVE/CVE-2022-47714 Last Yard 22.09.8-1 does not enforce HSTS headers CVE project by @Sn0wAlice Create: 2023-02-01 23:51:48 +0000 UTC Push: 2023-02-01 23:51:50 +0000 UTC |

Live-Hack-CVE/CVE-2022-47003 A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to bypass authentication via a crafted web request. CVE project by @Sn0wAlice Create: 2023-02-01 23:51:44 +0000 UTC Push: 2023-02-01 23:51:47 +0000 UTC |

Live-Hack-CVE/CVE-2022-47002 A vulnerability in the Remember Me function of Masa CMS v7.2, 7.3, and 7.4-beta allows attackers to bypass authentication via a crafted web request. CVE project by @Sn0wAlice Create: 2023-02-01 23:51:40 +0000 UTC Push: 2023-02-01 23:51:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-41151 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data CVE project by @Sn0wAlice Create: 2023-02-01 23:51:37 +0000 UTC Push: 2023-02-01 23:51:39 +0000 UTC |

Live-Hack-CVE/CVE-2022-42378 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data CVE project by @Sn0wAlice Create: 2023-02-01 23:51:30 +0000 UTC Push: 2023-02-01 23:51:32 +0000 UTC |