Live-Hack-CVE/CVE-2022-43522 Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify s CVE project by @Sn0wAlice Create: 2023-01-05 19:33:12 +0000 UTC Push: 2023-01-05 19:33:14 +0000 UTC |

Live-Hack-CVE/CVE-2022-22371 IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 221195. CVE project by @Sn0wAlice Create: 2023-01-05 19:33:07 +0000 UTC Push: 2023-01-05 19:33:11 +0000 UTC |

Live-Hack-CVE/CVE-2021-25223 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. CVE project by @Sn0wAlice Create: 2023-01-05 19:33:02 +0000 UTC Push: 2023-01-05 19:33:06 +0000 UTC |

Live-Hack-CVE/CVE-2021-25222 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. CVE project by @Sn0wAlice Create: 2023-01-05 19:32:58 +0000 UTC Push: 2023-01-05 19:33:01 +0000 UTC |

Live-Hack-CVE/CVE-2022-45857 An incorrect user management vulnerability [CWE-286] in the FortiManager version 6.4.6 and below VDOM creation component may allow an attacker to access a FortiGate without a password via newly created VDOMs after the super_admin account is deleted. CVE project by @Sn0wAlice Create: 2023-01-05 19:32:53 +0000 UTC Push: 2023-01-05 19:32:56 +0000 UTC |

Live-Hack-CVE/CVE-2019-25098 A vulnerability was found in soerennb eXtplorer up to 2.1.12. It has been classified as critical. This affects an unknown part of the file include/archive.php of the component Archive Handler. The manipulation leads to path traversal. Upgrading to version 2.1.13 is able to address this issue. The name of the patch is b CVE project by @Sn0wAlice Create: 2023-01-05 19:32:50 +0000 UTC Push: 2023-01-05 19:32:52 +0000 UTC |

Live-Hack-CVE/CVE-2019-25095 A vulnerability, which was classified as problematic, was found in kakwa LdapCherry up to 0.x. Affected is an unknown function of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The name of CVE project by @Sn0wAlice Create: 2023-01-05 19:32:46 +0000 UTC Push: 2023-01-05 19:32:49 +0000 UTC |

Live-Hack-CVE/CVE-2023-22626 PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. (Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server.) CVE project by @Sn0wAlice Create: 2023-01-05 19:32:41 +0000 UTC Push: 2023-01-05 19:32:44 +0000 UTC |

Live-Hack-CVE/CVE-2022-47523 Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection. CVE project by @Sn0wAlice Create: 2023-01-05 19:32:37 +0000 UTC Push: 2023-01-05 19:32:40 +0000 UTC |

Live-Hack-CVE/CVE-2019-25097 A vulnerability was found in soerennb eXtplorer up to 2.1.12 and classified as critical. Affected by this issue is some unknown functionality of the component Directory Content Handler. The manipulation leads to path traversal. Upgrading to version 2.1.13 is able to address this issue. The name of the patch is b8fcb888 CVE project by @Sn0wAlice Create: 2023-01-05 19:32:33 +0000 UTC Push: 2023-01-05 19:32:35 +0000 UTC |

Live-Hack-CVE/CVE-2019-25096 A vulnerability has been found in soerennb eXtplorer up to 2.1.12 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.1.13 is able to address this issue. The name of the pat CVE project by @Sn0wAlice Create: 2023-01-05 19:32:28 +0000 UTC Push: 2023-01-05 19:32:31 +0000 UTC |

Live-Hack-CVE/CVE-2022-4869 A vulnerability was found in Evolution Events Artaxerxes. It has been declared as problematic. This vulnerability affects unknown code of the file arta/common/middleware.py of the component POST Parameter Handler. The manipulation of the argument password leads to information disclosure. The attack can be initiated rem CVE project by @Sn0wAlice Create: 2023-01-05 19:32:23 +0000 UTC Push: 2023-01-05 19:32:27 +0000 UTC |

Live-Hack-CVE/CVE-2021-4303 A vulnerability, which was classified as problematic, has been found in shannah Xataface up to 2.x. Affected by this issue is the function testftp of the file install/install_form.js.php of the component Installer. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version CVE project by @Sn0wAlice Create: 2023-01-05 19:32:18 +0000 UTC Push: 2023-01-05 19:32:22 +0000 UTC |

Live-Hack-CVE/CVE-2018-25064 A vulnerability was found in OSM Lab show-me-the-way. It has been rated as problematic. This issue affects some unknown processing of the file js/site.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 4bed3b34dcc01fe6661f39c0e5d2285b340f7cac. It is recomm CVE project by @Sn0wAlice Create: 2023-01-05 19:32:14 +0000 UTC Push: 2023-01-05 19:32:17 +0000 UTC |

Live-Hack-CVE/CVE-2016-15010 ** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1. Affected by this vulnerability is an unknown functionality of the component Lookup Handler. The manipulation leads to cross site scripting. The at CVE project by @Sn0wAlice Create: 2023-01-05 19:32:09 +0000 UTC Push: 2023-01-05 19:32:13 +0000 UTC |

Live-Hack-CVE/CVE-2016-15009 A vulnerability classified as problematic has been found in OpenACS bug-tracker. Affected is an unknown function of the file lib/nav-bar.adp of the component Search. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is aee43e5714cd8b697355ec3bf83ee CVE project by @Sn0wAlice Create: 2023-01-05 19:32:05 +0000 UTC Push: 2023-01-05 19:32:08 +0000 UTC |

Live-Hack-CVE/CVE-2023-0077 Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors. CVE project by @Sn0wAlice Create: 2023-01-05 19:32:00 +0000 UTC Push: 2023-01-05 19:32:03 +0000 UTC |

Live-Hack-CVE/CVE-2022-4877 A vulnerability has been found in snoyberg keter up to 1.8.1 and classified as problematic. This vulnerability affects unknown code of the file Keter/Proxy.hs. The manipulation of the argument host leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.8.2 is able to address this is CVE project by @Sn0wAlice Create: 2023-01-05 19:31:56 +0000 UTC Push: 2023-01-05 19:31:58 +0000 UTC |

Live-Hack-CVE/CVE-2022-43932 Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitrary files via unspecified vectors. CVE project by @Sn0wAlice Create: 2023-01-05 19:31:52 +0000 UTC Push: 2023-01-05 19:31:55 +0000 UTC |

Live-Hack-CVE/CVE-2021-4304 A vulnerability was found in eprintsug ulcc-core. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file cgi/toolbox/toolbox. The manipulation of the argument password leads to command injection. The attack can be launched remotely. The name of the patch is 811edaae81eb CVE project by @Sn0wAlice Create: 2023-01-05 19:31:47 +0000 UTC Push: 2023-01-05 19:31:50 +0000 UTC |