Live-Hack-CVE/CVE-2020-15860 Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic Error causing remote code execution. It allows an authenticated user to execute any application in the backend operating system through the web application, despite the affected application not being published. In addition, it was discovered that it CVE project by @Sn0wAlice Create: 2023-01-21 06:17:39 +0000 UTC Push: 2023-01-21 06:17:42 +0000 UTC |

Live-Hack-CVE/CVE-2019-20204 The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCript:/* at the beginning and a crafted SVG element. CVE project by @Sn0wAlice Create: 2023-01-21 06:17:36 +0000 UTC Push: 2023-01-21 06:17:38 +0000 UTC |

Live-Hack-CVE/CVE-2020-12778 Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack. CVE project by @Sn0wAlice Create: 2023-01-21 06:17:32 +0000 UTC Push: 2023-01-21 06:17:34 +0000 UTC |

Live-Hack-CVE/CVE-2020-12777 A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information. CVE project by @Sn0wAlice Create: 2023-01-21 06:17:28 +0000 UTC Push: 2023-01-21 06:17:30 +0000 UTC |

Live-Hack-CVE/CVE-2020-12781 Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery. CVE project by @Sn0wAlice Create: 2023-01-21 06:17:24 +0000 UTC Push: 2023-01-21 06:17:26 +0000 UTC |

Live-Hack-CVE/CVE-2019-20208 dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack-based buffer overflow. CVE project by @Sn0wAlice Create: 2023-01-21 06:17:19 +0000 UTC Push: 2023-01-21 06:17:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-24713 regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guara CVE project by @Sn0wAlice Create: 2023-01-21 04:04:38 +0000 UTC Push: 2023-01-21 04:04:40 +0000 UTC |

Live-Hack-CVE/CVE-2020-1106 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1101. CVE project by @Sn0wAlice Create: 2023-01-21 04:04:33 +0000 UTC Push: 2023-01-21 04:04:36 +0000 UTC |

Live-Hack-CVE/CVE-2023-23489 The Easy Digital Downloads WordPress Plugin, version < 3.1.0.4, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action. CVE project by @Sn0wAlice Create: 2023-01-21 04:04:29 +0000 UTC Push: 2023-01-21 04:04:32 +0000 UTC |

Live-Hack-CVE/CVE-2023-23488 The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route. CVE project by @Sn0wAlice Create: 2023-01-21 04:04:25 +0000 UTC Push: 2023-01-21 04:04:27 +0000 UTC |

Live-Hack-CVE/CVE-2023-22912 An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated (aka re-used) nonce, allowing an adversary to decrypt. CVE project by @Sn0wAlice Create: 2023-01-21 04:04:21 +0000 UTC Push: 2023-01-21 04:04:24 +0000 UTC |

Live-Hack-CVE/CVE-2023-22910 An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision-* fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs capability. CVE project by @Sn0wAlice Create: 2023-01-21 04:04:17 +0000 UTC Push: 2023-01-21 04:04:20 +0000 UTC |

Live-Hack-CVE/CVE-2022-38112 In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext. CVE project by @Sn0wAlice Create: 2023-01-21 04:04:13 +0000 UTC Push: 2023-01-21 04:04:16 +0000 UTC |

Live-Hack-CVE/CVE-2022-38110 In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting. CVE project by @Sn0wAlice Create: 2023-01-21 04:04:09 +0000 UTC Push: 2023-01-21 04:04:11 +0000 UTC |

Live-Hack-CVE/CVE-2020-12872 yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0. CVE project by @Sn0wAlice Create: 2023-01-21 04:04:05 +0000 UTC Push: 2023-01-21 04:04:07 +0000 UTC |

Live-Hack-CVE/CVE-2020-7663 websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be ab CVE project by @Sn0wAlice Create: 2023-01-21 04:04:00 +0000 UTC Push: 2023-01-21 04:04:02 +0000 UTC |

Live-Hack-CVE/CVE-2020-12109 Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304. CVE project by @Sn0wAlice Create: 2023-01-21 04:03:56 +0000 UTC Push: 2023-01-21 04:03:58 +0000 UTC |

Live-Hack-CVE/CVE-2020-12059 An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception. CVE project by @Sn0wAlice Create: 2023-01-21 04:03:51 +0000 UTC Push: 2023-01-21 04:03:54 +0000 UTC |

Live-Hack-CVE/CVE-2021-46795 A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result in a denial of service. CVE project by @Sn0wAlice Create: 2023-01-21 04:03:46 +0000 UTC Push: 2023-01-21 04:03:49 +0000 UTC |

Live-Hack-CVE/CVE-2019-20811 An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c. CVE project by @Sn0wAlice Create: 2023-01-21 04:03:42 +0000 UTC Push: 2023-01-21 04:03:45 +0000 UTC |