Live-Hack-CVE/CVE-2022-48161 Easy Images v2.0 was discovered to contain an arbitrary file download vulnerability via the component /application/down.php. This vulnerability is exploited via a crafted GET request. CVE project by @Sn0wAlice Create: 2023-02-01 09:24:44 +0000 UTC Push: 2023-02-01 09:24:47 +0000 UTC |

Halcy0nic/CVE-2022-44318 Proof of concept for CVE-2022-44318 Create: 2023-02-01 09:00:33 +0000 UTC Push: 2023-02-01 09:00:34 +0000 UTC |

Halcy0nic/CVE-2022-43343 Proof of concept for (CVE-2022-43343) Create: 2023-02-01 08:33:57 +0000 UTC Push: 2023-02-01 08:33:57 +0000 UTC |

Halcy0nic/CVE-2022-44311 Proof of concept for CVE-2022-44311 Create: 2023-02-01 07:53:39 +0000 UTC Push: 2023-02-01 07:53:40 +0000 UTC |

Live-Hack-CVE/CVE-2019-4308 IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034. CVE project by @Sn0wAlice Create: 2023-02-01 07:14:32 +0000 UTC Push: 2023-02-01 07:14:35 +0000 UTC |

Live-Hack-CVE/CVE-2019-4473 Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984. CVE project by @Sn0wAlice Create: 2023-02-01 07:14:29 +0000 UTC Push: 2023-02-01 07:14:31 +0000 UTC |

Live-Hack-CVE/CVE-2019-4310 IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161036. CVE project by @Sn0wAlice Create: 2023-02-01 07:14:25 +0000 UTC Push: 2023-02-01 07:14:27 +0000 UTC |

Live-Hack-CVE/CVE-2019-4298 IBM Robotic Process Automation with Automation Anywhere 11 uses a high privileged PostgreSQL account for database access which could allow a local user to perform actions they should not have privileges to execute. IBM X-Force ID: 160764. CVE project by @Sn0wAlice Create: 2023-02-01 07:14:22 +0000 UTC Push: 2023-02-01 07:14:24 +0000 UTC |

Live-Hack-CVE/CVE-2019-4299 IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. IBM X-Force ID: 160765. CVE project by @Sn0wAlice Create: 2023-02-01 07:14:18 +0000 UTC Push: 2023-02-01 07:14:20 +0000 UTC |

Live-Hack-CVE/CVE-2020-16242 The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts. CVE project by @Sn0wAlice Create: 2023-02-01 07:14:15 +0000 UTC Push: 2023-02-01 07:14:17 +0000 UTC |

Live-Hack-CVE/CVE-2020-26137 urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. CVE project by @Sn0wAlice Create: 2023-02-01 07:14:11 +0000 UTC Push: 2023-02-01 07:14:13 +0000 UTC |

Live-Hack-CVE/CVE-2019-4383 When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle or MongoDB databases, a redirected restore operation may result in an escalation of user privileges. IBM X-Force ID: 162165. CVE project by @Sn0wAlice Create: 2023-02-01 07:14:08 +0000 UTC Push: 2023-02-01 07:14:10 +0000 UTC |

Halcy0nic/CVE-2022-36752 Proof of concept for CVE-2022-36752 Create: 2023-02-01 07:14:06 +0000 UTC Push: 2023-02-01 07:14:07 +0000 UTC |

Live-Hack-CVE/CVE-2020-26154 url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. CVE project by @Sn0wAlice Create: 2023-02-01 07:14:04 +0000 UTC Push: 2023-02-01 07:14:06 +0000 UTC |

Live-Hack-CVE/CVE-2020-5387 Dell XPS 13 9370 BIOS versions prior to 1.13.1 contains an Improper Exception Handling vulnerability. A local attacker with physical access could exploit this vulnerability to prevent the system from booting until the exploited boot device is removed. CVE project by @Sn0wAlice Create: 2023-02-01 07:14:01 +0000 UTC Push: 2023-02-01 07:14:03 +0000 UTC |

Live-Hack-CVE/CVE-2020-26164 In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack. CVE project by @Sn0wAlice Create: 2023-02-01 07:13:57 +0000 UTC Push: 2023-02-01 07:13:59 +0000 UTC |

Live-Hack-CVE/CVE-2020-26935 An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query. CVE project by @Sn0wAlice Create: 2023-02-01 07:13:53 +0000 UTC Push: 2023-02-01 07:13:56 +0000 UTC |

Live-Hack-CVE/CVE-2020-13943 If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - in CVE project by @Sn0wAlice Create: 2023-02-01 07:13:50 +0000 UTC Push: 2023-02-01 07:13:52 +0000 UTC |

Live-Hack-CVE/CVE-2020-27619 In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. CVE project by @Sn0wAlice Create: 2023-02-01 07:13:45 +0000 UTC Push: 2023-02-01 07:13:48 +0000 UTC |

Live-Hack-CVE/CVE-2020-26566 A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP request. CVE project by @Sn0wAlice Create: 2023-02-01 07:13:42 +0000 UTC Push: 2023-02-01 07:13:44 +0000 UTC |