Live-Hack-CVE/CVE-2013-4247 Off-by-one error in the build_unc_path_to_root function in fs/cifs/connect.c in the Linux kernel before 3.9.6 allows remote attackers to cause a denial of service (memory corruption and system crash) via a DFS share mount operation that triggers use of an unexpected DFS referral name length. CVE project by @Sn0wAlice Create: 2023-01-18 07:40:12 +0000 UTC Push: 2023-01-18 07:40:14 +0000 UTC |

Live-Hack-CVE/CVE-2012-6704 The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a craf CVE project by @Sn0wAlice Create: 2023-01-18 07:40:07 +0000 UTC Push: 2023-01-18 07:40:10 +0000 UTC |

Live-Hack-CVE/CVE-2012-6703 Integer overflow in the snd_compr_allocate_buffer function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.6-rc6-next-20120917 allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_P CVE project by @Sn0wAlice Create: 2023-01-18 07:40:03 +0000 UTC Push: 2023-01-18 07:40:05 +0000 UTC |

Live-Hack-CVE/CVE-2012-6701 Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. CVE project by @Sn0wAlice Create: 2023-01-18 07:39:58 +0000 UTC Push: 2023-01-18 07:40:02 +0000 UTC |

Live-Hack-CVE/CVE-2012-3400 Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem. CVE project by @Sn0wAlice Create: 2023-01-18 07:39:54 +0000 UTC Push: 2023-01-18 07:39:56 +0000 UTC |

Live-Hack-CVE/CVE-2012-6638 The tcp_rcv_state_process function in net/ipv4/tcp_input.c in the Linux kernel before 3.2.24 allows remote attackers to cause a denial of service (kernel resource consumption) via a flood of SYN+FIN TCP packets, a different vulnerability than CVE-2012-2663. CVE project by @Sn0wAlice Create: 2023-01-18 07:39:49 +0000 UTC Push: 2023-01-18 07:39:53 +0000 UTC |

Live-Hack-CVE/CVE-2023-22734 Shopware is an open source commerce platform based on Symfony Framework and Vue js. The newsletter double opt-in validation was not checked properly, and it was possible to skip the complete double opt in process. As a result operators may have inconsistencies in their newsletter systems. This problem has been fixed wi CVE project by @Sn0wAlice Create: 2023-01-18 07:39:46 +0000 UTC Push: 2023-01-18 07:39:48 +0000 UTC |

Live-Hack-CVE/CVE-2023-22733 Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions the log module would write out all kind of sent mails. An attacker with access to either the local system logs or a centralized logging store may have access to other users accounts. This issue has been addressed in CVE project by @Sn0wAlice Create: 2023-01-18 07:39:42 +0000 UTC Push: 2023-01-18 07:39:44 +0000 UTC |

Live-Hack-CVE/CVE-2023-22732 Shopware is an open source commerce platform based on Symfony Framework and Vue js. The Administration session expiration was set to one week, when an attacker has stolen the session cookie they could use it for a long period of time. In version 6.4.18.1 an automatic logout into the Administration session has been adde CVE project by @Sn0wAlice Create: 2023-01-18 07:39:37 +0000 UTC Push: 2023-01-18 07:39:40 +0000 UTC |

Live-Hack-CVE/CVE-2023-22731 Shopware is an open source commerce platform based on Symfony Framework and Vue js. In a Twig environment **without the Sandbox extension**, it is possible to refer to PHP functions in twig filters like `map`, `filter`, `sort`. This allows a template to call any global PHP function and thus execute arbitrary code. The CVE project by @Sn0wAlice Create: 2023-01-18 07:39:33 +0000 UTC Push: 2023-01-18 07:39:36 +0000 UTC |

Live-Hack-CVE/CVE-2023-22730 Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions It was possible to put the same line item multiple times in the cart using the AP. The Cart Validators checked the line item's individuality and the user was able to bypass quantity limits in sales. This problem has CVE project by @Sn0wAlice Create: 2023-01-18 07:39:29 +0000 UTC Push: 2023-01-18 07:39:32 +0000 UTC |

Live-Hack-CVE/CVE-2022-41953 Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it, among other things runn CVE project by @Sn0wAlice Create: 2023-01-18 07:39:24 +0000 UTC Push: 2023-01-18 07:39:27 +0000 UTC |

Live-Hack-CVE/CVE-2021-32837 mechanize, a library for automatically interacting with HTTP web servers, contains a regular expression that is vulnerable to regular expression denial of service (ReDoS) prior to version 0.4.6. If a web server responds in a malicious way, then mechanize could crash. Version 0.4.6 has a patch for the issue. CVE project by @Sn0wAlice Create: 2023-01-18 07:39:20 +0000 UTC Push: 2023-01-18 07:39:23 +0000 UTC |

horizon3ai/CVE-2022-47966 POC for CVE-2022-47966 affecting multiple ManageEngine products Create: 2023-01-18 05:26:28 +0000 UTC Push: 2023-01-19 21:10:07 +0000 UTC |

Live-Hack-CVE/CVE-2006-20001 A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. CVE project by @Sn0wAlice Create: 2023-01-18 05:26:19 +0000 UTC Push: 2023-01-18 05:26:22 +0000 UTC |

Live-Hack-CVE/CVE-2023-23749 The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. An attacker can manipulate this paramter to dump arbitrary contents form the LDAP Database. CVE project by @Sn0wAlice Create: 2023-01-18 05:26:15 +0000 UTC Push: 2023-01-18 05:26:18 +0000 UTC |

Live-Hack-CVE/CVE-2023-22624 Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks. CVE project by @Sn0wAlice Create: 2023-01-18 05:26:10 +0000 UTC Push: 2023-01-18 05:26:14 +0000 UTC |

Live-Hack-CVE/CVE-2022-4891 A vulnerability has been found in Sisimai up to 4.25.14p11 and classified as problematic. This vulnerability affects the function to_plain of the file lib/sisimai/string.rb. The manipulation leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be used. Upgrading to ve CVE project by @Sn0wAlice Create: 2023-01-18 05:26:06 +0000 UTC Push: 2023-01-18 05:26:09 +0000 UTC |

Live-Hack-CVE/CVE-2022-37436 Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client. CVE project by @Sn0wAlice Create: 2023-01-18 05:26:01 +0000 UTC Push: 2023-01-18 05:26:05 +0000 UTC |

Live-Hack-CVE/CVE-2022-36760 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions. CVE project by @Sn0wAlice Create: 2023-01-18 05:25:57 +0000 UTC Push: 2023-01-18 05:25:59 +0000 UTC |