unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
增加标签
Tags (allow clear + 0 threshold)
Choose a tag...
Please select a valid tag.
Live-Hack-CVE/CVE-2021-36204
Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.3 allows API calls to expose credentials in plain text. CVE project by @Sn0wAlice
Create: 2023-01-14 07:48:20 +0000 UTC Push: 2023-01-14 07:48:23 +0000 UTC |
Live-Hack-CVE/CVE-2017-20169
A vulnerability, which was classified as critical, has been found in GGGGGGGG ToN-MasterServer. Affected by this issue is some unknown functionality of the file public_html/irc_updater/svr_request_pub.php. The manipulation leads to sql injection. The name of the patch is 3a4c7e6d51bf95760820e3245e06c6e321a7168a. It is CVE project by @Sn0wAlice
Create: 2023-01-14 07:48:15 +0000 UTC Push: 2023-01-14 07:48:18 +0000 UTC |
Live-Hack-CVE/CVE-2015-10042
** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in Dovgalyuk AIBattle. Affected by this vulnerability is the function registerUser of the file site/procedures.php. The manipulation of the argument postLogin leads to sql injection. The name of the patch is CVE project by @Sn0wAlice
Create: 2023-01-14 07:48:11 +0000 UTC Push: 2023-01-14 07:48:14 +0000 UTC |
Live-Hack-CVE/CVE-2022-32294
** DISPUTED ** Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). It is visible in cleartext on port UDP 514 (aka the syslog port). NOTE: a third party reports that this cannot be reproduced. CVE project by @Sn0wAlice
Create: 2023-01-14 07:48:07 +0000 UTC Push: 2023-01-14 07:48:10 +0000 UTC |
Live-Hack-CVE/CVE-2022-46093
Hospital Management System v1.0 is vulnerable to SQL Injection. Attackers can gain administrator privileges without the need for a password. CVE project by @Sn0wAlice
Create: 2023-01-14 07:48:01 +0000 UTC Push: 2023-01-14 07:48:05 +0000 UTC |
Live-Hack-CVE/CVE-2023-21589
Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. CVE project by @Sn0wAlice
Create: 2023-01-14 05:38:03 +0000 UTC Push: 2023-01-14 05:38:05 +0000 UTC |
Live-Hack-CVE/CVE-2023-21588
Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. CVE project by @Sn0wAlice
Create: 2023-01-14 05:37:59 +0000 UTC Push: 2023-01-14 05:38:02 +0000 UTC |
Live-Hack-CVE/CVE-2023-21587
Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. CVE project by @Sn0wAlice
Create: 2023-01-14 05:37:55 +0000 UTC Push: 2023-01-14 05:37:57 +0000 UTC |
Live-Hack-CVE/CVE-2023-0295
The Launchpad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its settings parameters in versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, CVE project by @Sn0wAlice
Create: 2023-01-14 05:37:51 +0000 UTC Push: 2023-01-14 05:37:53 +0000 UTC |
Live-Hack-CVE/CVE-2023-0294
The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on its AJAX actions function. This makes it possible for unauthenticated attackers to change image categories used by the CVE project by @Sn0wAlice
Create: 2023-01-14 05:37:47 +0000 UTC Push: 2023-01-14 05:37:48 +0000 UTC |
Live-Hack-CVE/CVE-2023-0293
The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change image categories, wh CVE project by @Sn0wAlice
Create: 2023-01-14 05:37:42 +0000 UTC Push: 2023-01-14 05:37:45 +0000 UTC |
Live-Hack-CVE/CVE-2022-46956
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/manage_user.php. CVE project by @Sn0wAlice
Create: 2023-01-14 05:37:38 +0000 UTC Push: 2023-01-14 05:37:41 +0000 UTC |
Live-Hack-CVE/CVE-2022-46955
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=save_queue. CVE project by @Sn0wAlice
Create: 2023-01-14 05:37:34 +0000 UTC Push: 2023-01-14 05:37:37 +0000 UTC |
Live-Hack-CVE/CVE-2022-46954
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_transaction. CVE project by @Sn0wAlice
Create: 2023-01-14 05:37:30 +0000 UTC Push: 2023-01-14 05:37:33 +0000 UTC |
Live-Hack-CVE/CVE-2022-46953
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=save_window. CVE project by @Sn0wAlice
Create: 2023-01-14 05:37:26 +0000 UTC Push: 2023-01-14 05:37:28 +0000 UTC |
Live-Hack-CVE/CVE-2022-46952
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_user. CVE project by @Sn0wAlice
Create: 2023-01-14 05:37:22 +0000 UTC Push: 2023-01-14 05:37:24 +0000 UTC |
Live-Hack-CVE/CVE-2022-46951
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_uploads. CVE project by @Sn0wAlice
Create: 2023-01-14 05:37:19 +0000 UTC Push: 2023-01-14 05:37:21 +0000 UTC |
Live-Hack-CVE/CVE-2022-46950
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_window. CVE project by @Sn0wAlice
Create: 2023-01-14 05:37:14 +0000 UTC Push: 2023-01-14 05:37:17 +0000 UTC |
Live-Hack-CVE/CVE-2022-46949
Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_helmet. CVE project by @Sn0wAlice
Create: 2023-01-14 05:37:10 +0000 UTC Push: 2023-01-14 05:37:13 +0000 UTC |
Live-Hack-CVE/CVE-2022-46947
Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category. CVE project by @Sn0wAlice
Create: 2023-01-14 05:37:05 +0000 UTC Push: 2023-01-14 05:37:08 +0000 UTC |
Previous
507
508
509
510
511
512
513
514
Next