Live-Hack-CVE/CVE-2019-13458 An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. An attacker who is logged into OTRS as an agent user with appropriate permissions can leverage OTRS notification tags in templates in order to disclose hashed user passw CVE project by @Sn0wAlice Create: 2023-01-21 01:54:46 +0000 UTC Push: 2023-01-21 01:54:49 +0000 UTC |

Live-Hack-CVE/CVE-2019-16303 A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness (apache.commons.lang3 RandomStringUtils). This allows an attacker (if able to obtain their own password reset URL) to compute the value for all other password resets for CVE project by @Sn0wAlice Create: 2023-01-21 01:54:41 +0000 UTC Push: 2023-01-21 01:54:44 +0000 UTC |

Live-Hack-CVE/CVE-2019-13361 Smanos W100 1.0.0 devices have Insecure Permissions, exploitable by an attacker on the same Wi-Fi network. CVE project by @Sn0wAlice Create: 2023-01-21 01:54:37 +0000 UTC Push: 2023-01-21 01:54:40 +0000 UTC |

Live-Hack-CVE/CVE-2019-15715 MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution. CVE project by @Sn0wAlice Create: 2023-01-21 01:54:33 +0000 UTC Push: 2023-01-21 01:54:36 +0000 UTC |

Live-Hack-CVE/CVE-2019-15587 In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. CVE project by @Sn0wAlice Create: 2023-01-21 01:54:28 +0000 UTC Push: 2023-01-21 01:54:31 +0000 UTC |

Live-Hack-CVE/CVE-2020-5306 Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content. CVE project by @Sn0wAlice Create: 2023-01-21 01:54:24 +0000 UTC Push: 2023-01-21 01:54:27 +0000 UTC |

Live-Hack-CVE/CVE-2019-12416 we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. This is only active if a developer selected the ClientSideWindowStrategy which is not the default. CVE project by @Sn0wAlice Create: 2023-01-21 01:54:20 +0000 UTC Push: 2023-01-21 01:54:23 +0000 UTC |

grimlockx/CVE-2019-9978-2 Create: 2023-01-21 00:29:18 +0000 UTC Push: 2023-01-21 00:29:54 +0000 UTC |

Live-Hack-CVE/CVE-2022-20967 A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface. This vulnerability is due to improper validation of input to an application CVE project by @Sn0wAlice Create: 2023-01-20 23:43:08 +0000 UTC Push: 2023-01-20 23:43:11 +0000 UTC |

Live-Hack-CVE/CVE-2017-16332 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authentica CVE project by @Sn0wAlice Create: 2023-01-20 23:42:59 +0000 UTC Push: 2023-01-20 23:43:02 +0000 UTC |

Live-Hack-CVE/CVE-2017-16334 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authentica CVE project by @Sn0wAlice Create: 2023-01-20 23:42:51 +0000 UTC Push: 2023-01-20 23:42:54 +0000 UTC |

Live-Hack-CVE/CVE-2022-0742 Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc. CVE project by @Sn0wAlice Create: 2023-01-20 23:42:46 +0000 UTC Push: 2023-01-20 23:42:49 +0000 UTC |

Live-Hack-CVE/CVE-2012-6689 The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux kernel before 3.5.5 does not validate the dst_pid field, which allows local users to have an unspecified impact by spoofing Netlink messages. CVE project by @Sn0wAlice Create: 2023-01-20 23:42:41 +0000 UTC Push: 2023-01-20 23:42:44 +0000 UTC |

Live-Hack-CVE/CVE-2019-18813 A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka CID-9bbfceea12a8. CVE project by @Sn0wAlice Create: 2023-01-20 23:42:38 +0000 UTC Push: 2023-01-20 23:42:40 +0000 UTC |

Live-Hack-CVE/CVE-2017-16335 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authentica CVE project by @Sn0wAlice Create: 2023-01-20 23:42:34 +0000 UTC Push: 2023-01-20 23:42:36 +0000 UTC |

Live-Hack-CVE/CVE-2017-7615 MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php. CVE project by @Sn0wAlice Create: 2023-01-20 23:42:23 +0000 UTC Push: 2023-01-20 23:42:26 +0000 UTC |

Live-Hack-CVE/CVE-2021-37500 Directory traversal vulnerability in Reprise License Manager (RLM) web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file the on the server. CVE project by @Sn0wAlice Create: 2023-01-20 21:31:06 +0000 UTC Push: 2023-01-20 21:31:09 +0000 UTC |

Live-Hack-CVE/CVE-2021-37499 CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers. CVE project by @Sn0wAlice Create: 2023-01-20 21:31:02 +0000 UTC Push: 2023-01-20 21:31:04 +0000 UTC |

Live-Hack-CVE/CVE-2021-37498 An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function. CVE project by @Sn0wAlice Create: 2023-01-20 21:30:58 +0000 UTC Push: 2023-01-20 21:31:00 +0000 UTC |

rahulpatwari/CVE-2023-23163 Create: 2023-01-20 19:32:19 +0000 UTC Push: 2023-01-20 19:32:20 +0000 UTC |