unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
增加标签
Tags (allow clear + 0 threshold)
Choose a tag...
Please select a valid tag.
Live-Hack-CVE/CVE-2023-24027
In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name. CVE project by @Sn0wAlice
Create: 2023-01-21 07:23:01 +0000 UTC Push: 2023-01-21 07:23:04 +0000 UTC |
Live-Hack-CVE/CVE-2023-24026
In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload. CVE project by @Sn0wAlice
Create: 2023-01-21 07:22:57 +0000 UTC Push: 2023-01-21 07:22:59 +0000 UTC |
Live-Hack-CVE/CVE-2023-22726
act is a project which allows for local running of github actions. The artifact server that stores artifacts from Github Action runs does not sanitize path inputs. This allows an attacker to download and overwrite arbitrary files on the host from a Github Action. This issue may lead to privilege escalation. The /upload CVE project by @Sn0wAlice
Create: 2023-01-21 07:22:53 +0000 UTC Push: 2023-01-21 07:22:56 +0000 UTC |
Live-Hack-CVE/CVE-2023-0052
SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an unauthorized user could access the system and mod CVE project by @Sn0wAlice
Create: 2023-01-21 07:22:49 +0000 UTC Push: 2023-01-21 07:22:52 +0000 UTC |
Live-Hack-CVE/CVE-2019-20085
TVT NVMS-1000 devices allow GET /.. Directory Traversal CVE project by @Sn0wAlice
Create: 2023-01-21 06:18:41 +0000 UTC Push: 2023-01-21 06:18:43 +0000 UTC |
Live-Hack-CVE/CVE-2019-20093
The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp. CVE project by @Sn0wAlice
Create: 2023-01-21 06:18:37 +0000 UTC Push: 2023-01-21 06:18:39 +0000 UTC |
Live-Hack-CVE/CVE-2020-15562
An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns (aka XML namespace) attribute of a HEAD element when an SVG element exists. CVE project by @Sn0wAlice
Create: 2023-01-21 06:18:33 +0000 UTC Push: 2023-01-21 06:18:36 +0000 UTC |
Live-Hack-CVE/CVE-2020-6509
Use after free in extensions in Google Chrome prior to 83.0.4103.116 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. CVE project by @Sn0wAlice
Create: 2023-01-21 06:18:29 +0000 UTC Push: 2023-01-21 06:18:32 +0000 UTC |
Live-Hack-CVE/CVE-2020-13625
PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message. CVE project by @Sn0wAlice
Create: 2023-01-21 06:18:25 +0000 UTC Push: 2023-01-21 06:18:28 +0000 UTC |
Live-Hack-CVE/CVE-2019-4343
IBM Cognos Analytics 11.0 and 11.1 allows overly permissive cross-origin resource sharing which could allow an attacker to transfer private information. An attacker could exploit this vulnerability to access content that should be restricted. IBM X-Force ID: 161422. CVE project by @Sn0wAlice
Create: 2023-01-21 06:18:22 +0000 UTC Push: 2023-01-21 06:18:24 +0000 UTC |
Live-Hack-CVE/CVE-2020-11081
osquery before version 4.4.0 enables a privilege escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables local escalation. This CVE project by @Sn0wAlice
Create: 2023-01-21 06:18:18 +0000 UTC Push: 2023-01-21 06:18:20 +0000 UTC |
Live-Hack-CVE/CVE-2020-15890
LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled. CVE project by @Sn0wAlice
Create: 2023-01-21 06:18:14 +0000 UTC Push: 2023-01-21 06:18:17 +0000 UTC |
Live-Hack-CVE/CVE-2023-0246
A vulnerability, which was classified as problematic, was found in earclink ESPCMS P8.21120101. Affected is an unknown function of the component Content Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VD CVE project by @Sn0wAlice
Create: 2023-01-21 06:18:11 +0000 UTC Push: 2023-01-21 06:18:13 +0000 UTC |
Live-Hack-CVE/CVE-2023-0245
A vulnerability, which was classified as critical, has been found in SourceCodester Online Flight Booking Management System. This issue affects some unknown processing of the file add_contestant.php. The manipulation of the argument add_contestant leads to sql injection. The attack may be initiated remotely. The exploi CVE project by @Sn0wAlice
Create: 2023-01-21 06:18:07 +0000 UTC Push: 2023-01-21 06:18:09 +0000 UTC |
Live-Hack-CVE/CVE-2019-20096
In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b. CVE project by @Sn0wAlice
Create: 2023-01-21 06:18:03 +0000 UTC Push: 2023-01-21 06:18:06 +0000 UTC |
Live-Hack-CVE/CVE-2023-0244
A vulnerability classified as critical was found in TuziCMS 2.0.6. This vulnerability affects the function delall of the file \App\Manage\Controller\KefuController.class.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public an CVE project by @Sn0wAlice
Create: 2023-01-21 06:17:59 +0000 UTC Push: 2023-01-21 06:18:02 +0000 UTC |
Live-Hack-CVE/CVE-2019-20141
An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter. CVE project by @Sn0wAlice
Create: 2023-01-21 06:17:54 +0000 UTC Push: 2023-01-21 06:17:57 +0000 UTC |
Live-Hack-CVE/CVE-2019-17621
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. CVE project by @Sn0wAlice
Create: 2023-01-21 06:17:50 +0000 UTC Push: 2023-01-21 06:17:53 +0000 UTC |
Live-Hack-CVE/CVE-2019-20176
In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c. CVE project by @Sn0wAlice
Create: 2023-01-21 06:17:47 +0000 UTC Push: 2023-01-21 06:17:49 +0000 UTC |
Live-Hack-CVE/CVE-2020-15920
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required. CVE project by @Sn0wAlice
Create: 2023-01-21 06:17:43 +0000 UTC Push: 2023-01-21 06:17:46 +0000 UTC |
Previous
475
476
477
478
479
480
481
482
Next