Live-Hack-CVE/CVE-2022-4201 A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner. CVE project by @Sn0wAlice Create: 2023-01-28 07:52:23 +0000 UTC Push: 2023-01-28 07:52:26 +0000 UTC |

Live-Hack-CVE/CVE-2022-46968 A stored cross-site scripting (XSS) vulnerability in /index.php?page=help of Revenue Collection System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into sent messages. CVE project by @Sn0wAlice Create: 2023-01-28 07:52:20 +0000 UTC Push: 2023-01-28 07:52:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-43980 There is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing functionality. An attacker could modify a network map, including on purpose the name of an XSS payload. Once created, if a user with admin privileges clicks on the edited network maps, the XSS payload will be executed. CVE project by @Sn0wAlice Create: 2023-01-28 07:52:17 +0000 UTC Push: 2023-01-28 07:52:19 +0000 UTC |

Live-Hack-CVE/CVE-2022-43979 There is a Path Traversal that leads to a Local File Inclusion in Pandora FMS v764. A function is called to check that the parameter that the user has inserted does not contain malicious characteres, but this check is insufficient. An attacker could insert an absolute path to overcome the heck, thus being able to inclu CVE project by @Sn0wAlice Create: 2023-01-28 07:52:13 +0000 UTC Push: 2023-01-28 07:52:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-43978 There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid session when he is not trying to do a login. Since the secret is static in generatePublicHash function, an attacker with knowledge of a valid session can abuse this in order to pass the authenticati CVE project by @Sn0wAlice Create: 2023-01-28 07:52:10 +0000 UTC Push: 2023-01-28 07:52:12 +0000 UTC |

Live-Hack-CVE/CVE-2022-39813 Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under NMSCIWebGui/j_security_check via the j_username parameter, or NMSCIWebGui/actloglineview.jsp via the name or actLine parameter. An attacker leveraging this vulnerability could inject arbitrary JavaScript. The payload would then be tr CVE project by @Sn0wAlice Create: 2023-01-28 07:52:06 +0000 UTC Push: 2023-01-28 07:52:08 +0000 UTC |

Live-Hack-CVE/CVE-2022-39812 Italtel NetMatch-S CI 5.2.0-20211008 allows Absolute Path Traversal under NMSCI-WebGui/SaveFileUploader. An unauthenticated user can upload files to an arbitrary path. An attacker can change the uploadDir parameter in a POST request (not possible using the GUI) to an arbitrary directory. Because the application does no CVE project by @Sn0wAlice Create: 2023-01-28 07:52:03 +0000 UTC Push: 2023-01-28 07:52:05 +0000 UTC |

Live-Hack-CVE/CVE-2022-39811 Italtel NetMatch-S CI 5.2.0-20211008 has incorrect Access Control under NMSCI-WebGui/advancedsettings.jsp and NMSCIWebGui/SaveFileUploader. By not verifying permissions for access to resources, it allows an attacker to view pages that are not allowed, and modify the system configuration, bypassing all controls (without CVE project by @Sn0wAlice Create: 2023-01-28 07:51:59 +0000 UTC Push: 2023-01-28 07:52:01 +0000 UTC |

Live-Hack-CVE/CVE-2022-48116 AyaCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/tpl_edit.inc.php. CVE project by @Sn0wAlice Create: 2023-01-28 05:41:14 +0000 UTC Push: 2023-01-28 05:41:16 +0000 UTC |

Live-Hack-CVE/CVE-2022-32952 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CVE project by @Sn0wAlice Create: 2023-01-28 05:41:10 +0000 UTC Push: 2023-01-28 05:41:13 +0000 UTC |

Live-Hack-CVE/CVE-2022-32472 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CVE project by @Sn0wAlice Create: 2023-01-28 05:41:07 +0000 UTC Push: 2023-01-28 05:41:09 +0000 UTC |

Live-Hack-CVE/CVE-2022-42400 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data CVE project by @Sn0wAlice Create: 2023-01-28 05:41:03 +0000 UTC Push: 2023-01-28 05:41:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-42399 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data CVE project by @Sn0wAlice Create: 2023-01-28 05:41:00 +0000 UTC Push: 2023-01-28 05:41:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-42407 This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. Craf CVE project by @Sn0wAlice Create: 2023-01-28 05:40:55 +0000 UTC Push: 2023-01-28 05:40:57 +0000 UTC |

Live-Hack-CVE/CVE-2022-42406 This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. Craf CVE project by @Sn0wAlice Create: 2023-01-28 05:40:50 +0000 UTC Push: 2023-01-28 05:40:53 +0000 UTC |

Live-Hack-CVE/CVE-2022-42405 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. The issue re CVE project by @Sn0wAlice Create: 2023-01-28 05:40:47 +0000 UTC Push: 2023-01-28 05:40:49 +0000 UTC |

Live-Hack-CVE/CVE-2022-42403 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue re CVE project by @Sn0wAlice Create: 2023-01-28 05:40:43 +0000 UTC Push: 2023-01-28 05:40:46 +0000 UTC |

Live-Hack-CVE/CVE-2020-14073 XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScript code. This can be exploited against any user with View Maps or Edit Maps access. CVE project by @Sn0wAlice Create: 2023-01-28 05:40:38 +0000 UTC Push: 2023-01-28 05:40:41 +0000 UTC |

Live-Hack-CVE/CVE-2019-13033 In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload the data of additional sc CVE project by @Sn0wAlice Create: 2023-01-28 05:40:35 +0000 UTC Push: 2023-01-28 05:40:37 +0000 UTC |

Live-Hack-CVE/CVE-2019-17637 In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06), XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences. CVE project by @Sn0wAlice Create: 2023-01-28 05:40:31 +0000 UTC Push: 2023-01-28 05:40:33 +0000 UTC |