Live-Hack-CVE/CVE-2019-3691 A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE Linux Enterprise Server 15; openSUSE Factory allowed local attackers to escalate privileges from user munge to root. This issue affects: SUSE Linux Enterprise Server 15 munge versions prior to 0.5.13-4.3.1. openSUSE Factory munge versio CVE project by @Sn0wAlice Create: 2023-02-01 06:07:34 +0000 UTC Push: 2023-02-01 06:07:37 +0000 UTC |

Live-Hack-CVE/CVE-2019-19547 Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially bypass access contr CVE project by @Sn0wAlice Create: 2023-02-01 06:07:30 +0000 UTC Push: 2023-02-01 06:07:33 +0000 UTC |

Live-Hack-CVE/CVE-2019-20361 There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability). CVE project by @Sn0wAlice Create: 2023-02-01 06:07:27 +0000 UTC Push: 2023-02-01 06:07:29 +0000 UTC |

Live-Hack-CVE/CVE-2019-17190 A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the elevated process cl CVE project by @Sn0wAlice Create: 2023-02-01 06:07:22 +0000 UTC Push: 2023-02-01 06:07:25 +0000 UTC |

Live-Hack-CVE/CVE-2020-1767 Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: ((OTRS)) Community Edition 6.0.x version 6.0.24 and prior ver CVE project by @Sn0wAlice Create: 2023-02-01 06:07:18 +0000 UTC Push: 2023-02-01 06:07:21 +0000 UTC |

Live-Hack-CVE/CVE-2019-18859 Digi AnywhereUSB 14 allows XSS via a link for the Digi Page. CVE project by @Sn0wAlice Create: 2023-02-01 06:07:15 +0000 UTC Push: 2023-02-01 06:07:17 +0000 UTC |

Live-Hack-CVE/CVE-2020-7108 The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field. CVE project by @Sn0wAlice Create: 2023-02-01 06:07:11 +0000 UTC Push: 2023-02-01 06:07:13 +0000 UTC |

Live-Hack-CVE/CVE-2020-7105 async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked. CVE project by @Sn0wAlice Create: 2023-02-01 06:07:07 +0000 UTC Push: 2023-02-01 06:07:10 +0000 UTC |

Halcy0nic/CVE-2022-36234 Create: 2023-02-01 04:59:35 +0000 UTC Push: 2023-02-01 04:59:35 +0000 UTC |

Live-Hack-CVE/CVE-2022-45172 An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can occur under the /api/v1/registration/validateEmail endpoint, the /api/v1/vdeskintegration/user/adduser endpoint, and the /api/v1/registration/changePasswordUser endpoint. The web application is affected by flaws in authorizati CVE project by @Sn0wAlice Create: 2023-02-01 03:58:26 +0000 UTC Push: 2023-02-01 03:58:28 +0000 UTC |

Live-Hack-CVE/CVE-2022-47854 i-librarian 4.10 is vulnerable to Arbitrary file upload in ajaxsupplement.php. CVE project by @Sn0wAlice Create: 2023-02-01 03:58:22 +0000 UTC Push: 2023-02-01 03:58:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-47701 COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Cross Site Scripting (XSS). CVE project by @Sn0wAlice Create: 2023-02-01 03:58:19 +0000 UTC Push: 2023-02-01 03:58:21 +0000 UTC |

Live-Hack-CVE/CVE-2022-47700 COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Incorrect Access Control. Improper authentication allows requests to be made to back-end scripts without a valid session or authentication. CVE project by @Sn0wAlice Create: 2023-02-01 03:58:15 +0000 UTC Push: 2023-02-01 03:58:17 +0000 UTC |

Live-Hack-CVE/CVE-2022-47699 COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Incorrect Access Control. CVE project by @Sn0wAlice Create: 2023-02-01 03:58:12 +0000 UTC Push: 2023-02-01 03:58:14 +0000 UTC |

Live-Hack-CVE/CVE-2022-47698 COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Cross Site Scripting (XSS) via the URL filtering feature in the router. CVE project by @Sn0wAlice Create: 2023-02-01 03:58:08 +0000 UTC Push: 2023-02-01 03:58:10 +0000 UTC |

Live-Hack-CVE/CVE-2022-47697 COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Account takeover. Anyone can reset the password of the admin accounts. CVE project by @Sn0wAlice Create: 2023-02-01 03:58:04 +0000 UTC Push: 2023-02-01 03:58:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-22610 A CWE-285: Improper Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure™ Geo SCADA Expert 2019, EcoStruxure™ Geo SCADA Expert 2020, EcoStruxure™ Geo SCADA Expert CVE project by @Sn0wAlice Create: 2023-02-01 03:58:01 +0000 UTC Push: 2023-02-01 03:58:03 +0000 UTC |

Live-Hack-CVE/CVE-2022-0316 The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPress theme from ChimpStudio and PixFill doe CVE project by @Sn0wAlice Create: 2023-02-01 03:57:57 +0000 UTC Push: 2023-02-01 03:57:59 +0000 UTC |

Live-Hack-CVE/CVE-2016-4279 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE project by @Sn0wAlice Create: 2023-02-01 03:57:53 +0000 UTC Push: 2023-02-01 03:57:56 +0000 UTC |

Live-Hack-CVE/CVE-2016-6929 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE project by @Sn0wAlice Create: 2023-02-01 03:57:49 +0000 UTC Push: 2023-02-01 03:57:52 +0000 UTC |