Live-Hack-CVE/CVE-2022-48072 Phicomm K2G v22.6.3.20 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function. CVE project by @Sn0wAlice Create: 2023-01-28 01:15:22 +0000 UTC Push: 2023-01-28 01:15:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-48071 Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext. CVE project by @Sn0wAlice Create: 2023-01-28 01:15:19 +0000 UTC Push: 2023-01-28 01:15:21 +0000 UTC |

Live-Hack-CVE/CVE-2022-48070 Phicomm K2 v22.6.534.263 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function. CVE project by @Sn0wAlice Create: 2023-01-28 01:15:15 +0000 UTC Push: 2023-01-28 01:15:17 +0000 UTC |

Live-Hack-CVE/CVE-2022-48069 Totolink A830R V4.1.2cu.5182 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter. CVE project by @Sn0wAlice Create: 2023-01-28 01:15:11 +0000 UTC Push: 2023-01-28 01:15:14 +0000 UTC |

Live-Hack-CVE/CVE-2022-48067 An information disclosure vulnerability in Totolink A830R V4.1.2cu.5182 allows attackers to obtain the root password via a brute-force attack. CVE project by @Sn0wAlice Create: 2023-01-28 01:15:07 +0000 UTC Push: 2023-01-28 01:15:10 +0000 UTC |

Live-Hack-CVE/CVE-2022-48066 An issue in the component global.so of Totolink A830R V4.1.2cu.5182 allows attackers to bypass authentication via a crafted cookie. CVE project by @Sn0wAlice Create: 2023-01-28 01:15:03 +0000 UTC Push: 2023-01-28 01:15:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-47632 Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation. Attackers can place malicious DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write a CVE project by @Sn0wAlice Create: 2023-01-28 01:14:59 +0000 UTC Push: 2023-01-28 01:15:01 +0000 UTC |

Live-Hack-CVE/CVE-2020-14983 The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack. CVE project by @Sn0wAlice Create: 2023-01-28 01:14:55 +0000 UTC Push: 2023-01-28 01:14:57 +0000 UTC |

Live-Hack-CVE/CVE-2021-21395 Magneto LTS (Long Term Support) is a community developed alternative to the Magento CE official releases. Versions prior to 19.4.22 and 20.0.19 are vulnerable to Cross-Site Request Forgery. The password reset form is vulnerable to CSRF between the time the reset password link is clicked and user submits new password. T CVE project by @Sn0wAlice Create: 2023-01-28 01:14:51 +0000 UTC Push: 2023-01-28 01:14:53 +0000 UTC |

Live-Hack-CVE/CVE-2020-14943 The Firstname and Lastname parameters in Global RADAR BSA Radar 1.6.7234.24750 and earlier are vulnerable to stored cross-site scripting (XSS) via Update User Profile. CVE project by @Sn0wAlice Create: 2023-01-28 01:14:46 +0000 UTC Push: 2023-01-28 01:14:49 +0000 UTC |

Live-Hack-CVE/CVE-2020-3963 VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a use-after-free vulnerability in PVNVRAM. A malicious actor with local access to a virtual machine may be able to read privil CVE project by @Sn0wAlice Create: 2023-01-28 01:14:42 +0000 UTC Push: 2023-01-28 01:14:44 +0000 UTC |

Live-Hack-CVE/CVE-2020-5903 In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. CVE project by @Sn0wAlice Create: 2023-01-28 01:14:38 +0000 UTC Push: 2023-01-28 01:14:40 +0000 UTC |

Live-Hack-CVE/CVE-2020-5906 In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not properly enforce the access controls for the scp.blacklist files. This allows Admin and Resource Admin users with Secure Copy (SCP) protocol access to read and overwrite blacklisted files via SCP. CVE project by @Sn0wAlice Create: 2023-01-28 01:14:34 +0000 UTC Push: 2023-01-28 01:14:37 +0000 UTC |

Live-Hack-CVE/CVE-2020-11074 In PrestaShop from version 1.5.3.0 and before version 1.7.6.6, there is a stored XSS when using the name of a quick access item. The problem is fixed in 1.7.6.6. CVE project by @Sn0wAlice Create: 2023-01-28 01:14:30 +0000 UTC Push: 2023-01-28 01:14:33 +0000 UTC |

Live-Hack-CVE/CVE-2020-4074 In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 1.7.6.6. CVE project by @Sn0wAlice Create: 2023-01-28 01:14:26 +0000 UTC Push: 2023-01-28 01:14:29 +0000 UTC |

Live-Hack-CVE/CVE-2020-12424 When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; bypassing the prompt. This vulnerability affects Firefox < 78. CVE project by @Sn0wAlice Create: 2023-01-28 01:14:23 +0000 UTC Push: 2023-01-28 01:14:25 +0000 UTC |

Live-Hack-CVE/CVE-2020-12406 Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. CVE project by @Sn0wAlice Create: 2023-01-28 01:14:19 +0000 UTC Push: 2023-01-28 01:14:21 +0000 UTC |

Live-Hack-CVE/CVE-2020-12415 When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. This vulnerability affects Firefox < 78. CVE project by @Sn0wAlice Create: 2023-01-28 01:14:15 +0000 UTC Push: 2023-01-28 01:14:18 +0000 UTC |

Live-Hack-CVE/CVE-2020-12418 Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. CVE project by @Sn0wAlice Create: 2023-01-28 01:14:12 +0000 UTC Push: 2023-01-28 01:14:14 +0000 UTC |

Live-Hack-CVE/CVE-2022-47016 A null pointer dereference issue was discovered in function window_pane_set_event in window.c in tmux 3.0 thru 3.3 and later, allows attackers to cause denial of service or other unspecified impacts. CVE project by @Sn0wAlice Create: 2023-01-28 00:09:20 +0000 UTC Push: 2023-01-28 00:09:22 +0000 UTC |