Live-Hack-CVE/CVE-2016-4128 Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. CVE project by @Sn0wAlice Create: 2023-01-27 05:20:59 +0000 UTC Push: 2023-01-27 05:21:02 +0000 UTC |

Live-Hack-CVE/CVE-2016-1016 Use-after-free vulnerability in the Transform object implementation in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via a flash.geom.Matrix callback, a different vulnerability than CVE-2016-10 CVE project by @Sn0wAlice Create: 2023-01-27 02:05:13 +0000 UTC Push: 2023-01-27 02:05:16 +0000 UTC |

Live-Hack-CVE/CVE-2022-3100 A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API. CVE project by @Sn0wAlice Create: 2023-01-27 02:05:09 +0000 UTC Push: 2023-01-27 02:05:12 +0000 UTC |

Live-Hack-CVE/CVE-2023-0410 Cross-site Scripting (XSS) - Generic in GitHub repository builderio/qwik prior to 0.1.0-beta5. CVE project by @Sn0wAlice Create: 2023-01-27 02:05:04 +0000 UTC Push: 2023-01-27 02:05:07 +0000 UTC |

Live-Hack-CVE/CVE-2022-43976 An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. Direct access to the API is possible on TCP port 8888 via programs located in the cgi-bin folder without any authentication. CVE project by @Sn0wAlice Create: 2023-01-27 02:04:59 +0000 UTC Push: 2023-01-27 02:05:01 +0000 UTC |

Live-Hack-CVE/CVE-2022-43977 An issue was discovered on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. The debug port accessible via TCP (a qconn service) lacks access control. CVE project by @Sn0wAlice Create: 2023-01-27 02:04:55 +0000 UTC Push: 2023-01-27 02:04:57 +0000 UTC |

Live-Hack-CVE/CVE-2023-0296 The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port (9979) on etcd grp CVE project by @Sn0wAlice Create: 2023-01-27 02:04:51 +0000 UTC Push: 2023-01-27 02:04:54 +0000 UTC |

Live-Hack-CVE/CVE-2014-2383 dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter. CVE project by @Sn0wAlice Create: 2023-01-27 02:04:46 +0000 UTC Push: 2023-01-27 02:04:48 +0000 UTC |

Live-Hack-CVE/CVE-2022-48126 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the username parameter in the setting/setOpenVpnCertGenerationCfg function. CVE project by @Sn0wAlice Create: 2023-01-27 02:04:38 +0000 UTC Push: 2023-01-27 02:04:40 +0000 UTC |

Live-Hack-CVE/CVE-2022-48122 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function. CVE project by @Sn0wAlice Create: 2023-01-27 02:04:34 +0000 UTC Push: 2023-01-27 02:04:37 +0000 UTC |

Live-Hack-CVE/CVE-2022-48121 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function. CVE project by @Sn0wAlice Create: 2023-01-27 02:04:31 +0000 UTC Push: 2023-01-27 02:04:33 +0000 UTC |

Live-Hack-CVE/CVE-2022-48125 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGenerationCfg function. CVE project by @Sn0wAlice Create: 2023-01-27 02:04:27 +0000 UTC Push: 2023-01-27 02:04:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-48124 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function. CVE project by @Sn0wAlice Create: 2023-01-27 02:04:23 +0000 UTC Push: 2023-01-27 02:04:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-48123 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the servername parameter in the setting/delStaticDhcpRules function. CVE project by @Sn0wAlice Create: 2023-01-27 02:04:19 +0000 UTC Push: 2023-01-27 02:04:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-48191 A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowing a escalation of pri CVE project by @Sn0wAlice Create: 2023-01-27 02:04:16 +0000 UTC Push: 2023-01-27 02:04:18 +0000 UTC |

Live-Hack-CVE/CVE-2022-20964 A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system. This vulnerability is due to improper validation of user input within requests as part of the web-based management interf CVE project by @Sn0wAlice Create: 2023-01-27 02:04:12 +0000 UTC Push: 2023-01-27 02:04:15 +0000 UTC |

Relativ3Pa1n/CVE-2014-2383-LFI-to-RCE-Escalation Create: 2023-01-27 02:01:50 +0000 UTC Push: 2023-01-27 02:01:50 +0000 UTC |

Relativ3Pa1n/CVE-2014-2383-Escalation-to-RCE Create: 2023-01-27 01:26:50 +0000 UTC Push: 2023-01-27 01:26:51 +0000 UTC |

Live-Hack-CVE/CVE-2022-47917 Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to improper input validation of user input to several modules and services of the software. This could allow an attacker to delete arbitrary files and cause a denial-of-service condition. CVE project by @Sn0wAlice Create: 2023-01-26 23:55:11 +0000 UTC Push: 2023-01-26 23:55:13 +0000 UTC |

Live-Hack-CVE/CVE-2016-4223 Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2016-4224 and CVE-2016-4225. CVE project by @Sn0wAlice Create: 2023-01-26 23:55:07 +0000 UTC Push: 2023-01-26 23:55:09 +0000 UTC |