Live-Hack-CVE/CVE-2019-2587 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vul CVE project by @Sn0wAlice Create: 2023-01-31 23:32:59 +0000 UTC Push: 2023-01-31 23:33:02 +0000 UTC |

antunesmpedro/CVE-2018-6574 CVE-2018-6574 go get Create: 2023-01-31 23:01:45 +0000 UTC Push: 2023-01-31 23:01:46 +0000 UTC |

Live-Hack-CVE/CVE-2022-45789 A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure™ Control Expert (All Versions), EcoStruxure™ Process Expert (Version V2020 & prior), Modico CVE project by @Sn0wAlice Create: 2023-01-31 20:16:56 +0000 UTC Push: 2023-01-31 20:16:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-22900 Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database. CVE project by @Sn0wAlice Create: 2023-01-31 20:16:52 +0000 UTC Push: 2023-01-31 20:16:54 +0000 UTC |

Live-Hack-CVE/CVE-2022-39061 ChangingTech MegaServiSignAdapter component has a vulnerability of Out-of-bounds Read due to insufficient validation for parameter length. An unauthenticated remote attacker can exploit this vulnerability to access partial sensitive content in memory and disrupts partial services. CVE project by @Sn0wAlice Create: 2023-01-31 20:16:49 +0000 UTC Push: 2023-01-31 20:16:51 +0000 UTC |

Live-Hack-CVE/CVE-2022-39060 ChangingTech MegaServiSignAdapter component has a vulnerability of improper input validation. An unauthenticated remote attacker can exploit this vulnerability to access and modify HKEY_CURRENT_USER subkey (ex: AutoRUN) in Registry where malicious scripts can be executed to take control of the system or to terminate th CVE project by @Sn0wAlice Create: 2023-01-31 20:16:45 +0000 UTC Push: 2023-01-31 20:16:47 +0000 UTC |

Live-Hack-CVE/CVE-2022-39059 ChangingTech MegaServiSignAdapter component has a path traversal vulnerability within its file reading function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files. CVE project by @Sn0wAlice Create: 2023-01-31 20:16:41 +0000 UTC Push: 2023-01-31 20:16:44 +0000 UTC |

Live-Hack-CVE/CVE-2022-44645 In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameters in the jdbc url shou CVE project by @Sn0wAlice Create: 2023-01-31 20:16:36 +0000 UTC Push: 2023-01-31 20:16:39 +0000 UTC |

Live-Hack-CVE/CVE-2023-24829 Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.3 of iotdb-web-workbenc CVE project by @Sn0wAlice Create: 2023-01-31 20:16:33 +0000 UTC Push: 2023-01-31 20:16:35 +0000 UTC |

Live-Hack-CVE/CVE-2023-0593 A path traversal vulnerability affects yaffshiv YAFFS filesystem extractor. By crafting a malicious YAFFS file, an attacker could force yaffshiv to write outside of the extraction directory. This issue affects yaffshiv up to version 0.1 included, which is the most recent at time of publication. CVE project by @Sn0wAlice Create: 2023-01-31 20:16:29 +0000 UTC Push: 2023-01-31 20:16:31 +0000 UTC |

Live-Hack-CVE/CVE-2023-0592 A path traversal vulnerability affects jefferson's JFFS2 filesystem extractor. By crafting malicious JFFS2 files, attackers could force jefferson to write outside of the extraction directory.This issue affects jefferson: before 0.4.1. CVE project by @Sn0wAlice Create: 2023-01-31 20:16:26 +0000 UTC Push: 2023-01-31 20:16:28 +0000 UTC |

Live-Hack-CVE/CVE-2023-0591 ubireader_extract_files is vulnerable to path traversal when run against specifically crafted UBIFS files, allowing the attacker to overwrite files outside of the extraction directory (provided the process has write access to that file or directory). This is due to the fact that a node name (dent_node.name) is consider CVE project by @Sn0wAlice Create: 2023-01-31 20:16:22 +0000 UTC Push: 2023-01-31 20:16:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-44644 In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, an authenticated attacker could read arbitrary local file by connecting a rogue mysql server, By adding allowLoadLocalInfile to true in the jdbc parameter. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.3.0 w CVE project by @Sn0wAlice Create: 2023-01-31 20:16:18 +0000 UTC Push: 2023-01-31 20:16:21 +0000 UTC |

mistymntncop/CVE-2022-26485 Create: 2023-01-31 17:01:17 +0000 UTC Push: 2023-01-31 17:10:21 +0000 UTC |

Live-Hack-CVE/CVE-2020-8184 A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. CVE project by @Sn0wAlice Create: 2023-01-31 14:48:31 +0000 UTC Push: 2023-01-31 14:48:33 +0000 UTC |

Live-Hack-CVE/CVE-2020-8161 A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure. CVE project by @Sn0wAlice Create: 2023-01-31 14:48:27 +0000 UTC Push: 2023-01-31 14:48:30 +0000 UTC |

Live-Hack-CVE/CVE-2022-24785 Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2 CVE project by @Sn0wAlice Create: 2023-01-31 14:48:24 +0000 UTC Push: 2023-01-31 14:48:26 +0000 UTC |

Live-Hack-CVE/CVE-2022-47951 An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user ma CVE project by @Sn0wAlice Create: 2023-01-31 14:48:11 +0000 UTC Push: 2023-01-31 14:48:13 +0000 UTC |

Live-Hack-CVE/CVE-2022-44897 A cross-site scripting (XSS) vulnerability in ApolloTheme AP PageBuilder component through 2.4.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the show_number parameter. CVE project by @Sn0wAlice Create: 2023-01-31 14:48:07 +0000 UTC Push: 2023-01-31 14:48:09 +0000 UTC |

Live-Hack-CVE/CVE-2022-30421 Improper Authentication vulnerability in Toshiba Storage Security Software V1.2.0.7413 is that allows for sensitive information to be obtained via(local) password authentication module. CVE project by @Sn0wAlice Create: 2023-01-31 14:48:03 +0000 UTC Push: 2023-01-31 14:48:06 +0000 UTC |