Live-Hack-CVE/CVE-2019-25090 A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and classified as problematic. Affected by this issue is some unknown functionality of the component Views Handler. The manipulation of the argument dataurl leads to cross site scripting. The attack may be launched remotely. Upgrading to version 13.0.5.4 is CVE project by @Sn0wAlice Create: 2023-01-06 19:41:11 +0000 UTC Push: 2023-01-06 19:41:13 +0000 UTC |

Live-Hack-CVE/CVE-2020-36634 A vulnerability classified as problematic has been found in Indeed Engineering util up to 1.0.33. Affected is the function visit/appendTo of the file varexport/src/main/java/com/indeed/util/varexport/servlet/ViewExportedVariablesServlet.java. The manipulation leads to cross site scripting. It is possible to launch the CVE project by @Sn0wAlice Create: 2023-01-06 19:41:07 +0000 UTC Push: 2023-01-06 19:41:09 +0000 UTC |

Live-Hack-CVE/CVE-2020-36633 A vulnerability was found in moodle-block_sitenews 1.0. It has been classified as problematic. This affects the function get_content of the file block_sitenews.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.1 is able to address this issu CVE project by @Sn0wAlice Create: 2023-01-06 19:41:03 +0000 UTC Push: 2023-01-06 19:41:05 +0000 UTC |

Live-Hack-CVE/CVE-2021-4289 A vulnerability classified as problematic was found in OpenMRS openmrs-module-referenceapplication up to 2.11.x. Affected by this vulnerability is the function post of the file omod/src/main/java/org/openmrs/module/referenceapplication/page/controller/UserAppPageController.java of the component User App Page. The manip CVE project by @Sn0wAlice Create: 2023-01-06 19:40:59 +0000 UTC Push: 2023-01-06 19:41:02 +0000 UTC |

Live-Hack-CVE/CVE-2021-4288 A vulnerability was found in OpenMRS openmrs-module-referenceapplication up to 2.11.x. It has been rated as problematic. This issue affects some unknown processing of the file omod/src/main/webapp/pages/userApp.gsp. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to versi CVE project by @Sn0wAlice Create: 2023-01-06 19:40:55 +0000 UTC Push: 2023-01-06 19:40:57 +0000 UTC |

Live-Hack-CVE/CVE-2022-4766 A vulnerability was found in dolibarr_project_timesheet up to 4.5.5. It has been declared as problematic. This vulnerability affects unknown code of the component Form Handler. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. Upgrading to version 4.5.6.a is able to address thi CVE project by @Sn0wAlice Create: 2023-01-06 19:40:51 +0000 UTC Push: 2023-01-06 19:40:53 +0000 UTC |

Live-Hack-CVE/CVE-2023-22671 Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided input into eval, leading to command injection when calling analyzeHeadless with untrusted input. CVE project by @Sn0wAlice Create: 2023-01-06 19:40:46 +0000 UTC Push: 2023-01-06 19:40:49 +0000 UTC |

Live-Hack-CVE/CVE-2022-4878 A vulnerability classified as critical has been found in JATOS. Affected is the function ZipUtil of the file modules/common/app/utils/common/ZipUtil.java of the component ZIP Handler. The manipulation leads to path traversal. Upgrading to version 3.7.5-alpha is able to address this issue. The name of the patch is 2b425 CVE project by @Sn0wAlice Create: 2023-01-06 19:40:41 +0000 UTC Push: 2023-01-06 19:40:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-45935 Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions. CVE project by @Sn0wAlice Create: 2023-01-06 19:40:36 +0000 UTC Push: 2023-01-06 19:40:39 +0000 UTC |

Live-Hack-CVE/CVE-2022-45787 Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or later. CVE project by @Sn0wAlice Create: 2023-01-06 19:40:33 +0000 UTC Push: 2023-01-06 19:40:35 +0000 UTC |

Live-Hack-CVE/CVE-2016-15011 A vulnerability classified as problematic was found in e-Contract dssp up to 1.3.1. Affected by this vulnerability is the function checkSignResponse of the file dssp-client/src/main/java/be/e_contract/dssp/client/SignResponseVerifier.java. The manipulation leads to xml external entity reference. Upgrading to version 1. CVE project by @Sn0wAlice Create: 2023-01-06 19:40:28 +0000 UTC Push: 2023-01-06 19:40:31 +0000 UTC |

Live-Hack-CVE/CVE-2015-10016 A vulnerability, which was classified as critical, has been found in jeff-kelley opensim-utils. Affected by this issue is the function DatabaseForRegion of the file regionscrits.php. The manipulation of the argument region leads to sql injection. The name of the patch is c29e5c729a833a29dbf5b1e505a0553fe154575e. It is CVE project by @Sn0wAlice Create: 2023-01-06 19:40:24 +0000 UTC Push: 2023-01-06 19:40:27 +0000 UTC |

Live-Hack-CVE/CVE-2014-125046 A vulnerability, which was classified as critical, was found in Seiji42 cub-scout-tracker. This affects an unknown part of the file databaseAccessFunctions.js. The manipulation leads to sql injection. The name of the patch is b4bc1a328b1f59437db159f9d136d9ed15707e31. It is recommended to apply a patch to fix this issue CVE project by @Sn0wAlice Create: 2023-01-06 19:40:19 +0000 UTC Push: 2023-01-06 19:40:23 +0000 UTC |

Live-Hack-CVE/CVE-2020-36564 Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid. CVE project by @Sn0wAlice Create: 2023-01-06 14:14:26 +0000 UTC Push: 2023-01-06 14:14:29 +0000 UTC |

Live-Hack-CVE/CVE-2020-36561 Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory. CVE project by @Sn0wAlice Create: 2023-01-06 14:14:22 +0000 UTC Push: 2023-01-06 14:14:24 +0000 UTC |

Live-Hack-CVE/CVE-2021-4235 Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector. CVE project by @Sn0wAlice Create: 2023-01-06 14:14:17 +0000 UTC Push: 2023-01-06 14:14:21 +0000 UTC |

Live-Hack-CVE/CVE-2020-36569 Authentication is globally bypassed in github.com/nanobox-io/golang-nanoauth between v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896 if ListenAndServe is called with an empty token. CVE project by @Sn0wAlice Create: 2023-01-06 14:14:13 +0000 UTC Push: 2023-01-06 14:14:16 +0000 UTC |

Live-Hack-CVE/CVE-2021-4239 The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 (~18.4 quintillion) messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to be encrypted with the CVE project by @Sn0wAlice Create: 2023-01-06 14:14:09 +0000 UTC Push: 2023-01-06 14:14:12 +0000 UTC |

Live-Hack-CVE/CVE-2022-46442 dedecms <=V5.7.102 is vulnerable to SQL Injection. In sys_ sql_ n query.php there are no restrictions on the sql query. CVE project by @Sn0wAlice Create: 2023-01-06 14:14:05 +0000 UTC Push: 2023-01-06 14:14:08 +0000 UTC |

Live-Hack-CVE/CVE-2022-4822 A vulnerability, which was classified as problematic, has been found in FlatPress. This issue affects some unknown processing of the file setup/lib/main.lib.php of the component Setup. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 5f23b4c2eac294cc0ba5e541 CVE project by @Sn0wAlice Create: 2023-01-06 14:13:59 +0000 UTC Push: 2023-01-06 14:14:00 +0000 UTC |