Live-Hack-CVE/CVE-2022-4871 A vulnerability classified as problematic was found in ummmmm nflpick-em.com up to 2.2.x. This vulnerability affects the function _Load_Users of the file html/includes/runtime/admin/JSON/LoadUsers.php. The manipulation of the argument sort leads to sql injection. The attack can be initiated remotely. The name of the pa CVE project by @Sn0wAlice Create: 2023-01-03 22:14:11 +0000 UTC Push: 2023-01-03 22:14:14 +0000 UTC |

Live-Hack-CVE/CVE-2012-10003 A vulnerability, which was classified as problematic, has been found in ahmyi RivetTracker. This issue affects some unknown processing. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated remotely. The name of the patch is f053c5cc2bc44269b0496b5f275e349928a9 CVE project by @Sn0wAlice Create: 2023-01-03 22:14:07 +0000 UTC Push: 2023-01-03 22:14:10 +0000 UTC |

Live-Hack-CVE/CVE-2015-10012 ** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in sumocoders FrameworkUserBundle up to 1.3.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Resources/views/Security/login.html.twig. The manipulation leads to information expo CVE project by @Sn0wAlice Create: 2023-01-03 20:03:58 +0000 UTC Push: 2023-01-03 20:04:01 +0000 UTC |

Live-Hack-CVE/CVE-2012-10002 A vulnerability was found in ahmyi RivetTracker. It has been declared as problematic. Affected by this vulnerability is the function changeColor of the file css.php. The manipulation of the argument set_css leads to cross site scripting. The attack can be launched remotely. The name of the patch is 45a0f33876d58cb7e4a0 CVE project by @Sn0wAlice Create: 2023-01-03 20:03:53 +0000 UTC Push: 2023-01-03 20:03:56 +0000 UTC |

Live-Hack-CVE/CVE-2022-3614 In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:55 +0000 UTC Push: 2023-01-03 14:38:57 +0000 UTC |

Live-Hack-CVE/CVE-2022-47908 Stack-based buffer overflow vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:49 +0000 UTC Push: 2023-01-03 14:38:52 +0000 UTC |

Live-Hack-CVE/CVE-2022-47618 Merit LILIN AH55B04 & AH55B08 DVR firm has hard-coded administrator credentials. An unauthenticated remote attacker can use these credentials to log in administrator page, to manipulate system or disrupt service. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:45 +0000 UTC Push: 2023-01-03 14:38:48 +0000 UTC |

Live-Hack-CVE/CVE-2022-47317 Out-of-bounds write vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:41 +0000 UTC Push: 2023-01-03 14:38:44 +0000 UTC |

Live-Hack-CVE/CVE-2022-46360 Out-of-bounds read vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:37 +0000 UTC Push: 2023-01-03 14:38:40 +0000 UTC |

Live-Hack-CVE/CVE-2022-46309 Vitals ESP upload function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to access arbitrary system files. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:33 +0000 UTC Push: 2023-01-03 14:38:36 +0000 UTC |

Live-Hack-CVE/CVE-2022-46306 ChangingTec ServiSign component has a path traversal vulnerability due to insufficient filtering for special characters in the DLL file path. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers the component to load malicious DLL files under arbitrary file pa CVE project by @Sn0wAlice Create: 2023-01-03 14:38:28 +0000 UTC Push: 2023-01-03 14:38:32 +0000 UTC |

Live-Hack-CVE/CVE-2022-46305 ChangingTec ServiSign component has a path traversal vulnerability. An unauthenticated LAN attacker can exploit this vulnerability to bypass authentication and access arbitrary system files. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:24 +0000 UTC Push: 2023-01-03 14:38:27 +0000 UTC |

Live-Hack-CVE/CVE-2022-46304 ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary system command to perfor CVE project by @Sn0wAlice Create: 2023-01-03 14:38:20 +0000 UTC Push: 2023-01-03 14:38:23 +0000 UTC |

Live-Hack-CVE/CVE-2022-43448 Out-of-bounds write vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:16 +0000 UTC Push: 2023-01-03 14:38:18 +0000 UTC |

Live-Hack-CVE/CVE-2022-43438 The Administrator function of EasyTest has an Incorrect Authorization vulnerability. A remote attacker authenticated as a general user can exploit this vulnerability to bypass the intended access restrictions, to make API functions calls, manipulate system and terminate service. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:12 +0000 UTC Push: 2023-01-03 14:38:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-43437 The Download function’s parameter of EasyTest has insufficient validation for user input. A remote attacker authenticated as a general user can inject arbitrary SQL command to access, modify or delete database. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:08 +0000 UTC Push: 2023-01-03 14:38:11 +0000 UTC |

Live-Hack-CVE/CVE-2022-43436 The File Upload function of EasyTest has insufficient filtering for special characters and file type. A remote attacker authenticated as a general user can upload and execute arbitrary files, to manipulate system or disrupt service. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:04 +0000 UTC Push: 2023-01-03 14:38:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-41645 Out-of-bounds read vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:00 +0000 UTC Push: 2023-01-03 14:38:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-40740 Realtek GPON router has insufficient filtering for special characters. A remote attacker authenticated as an administrator can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service. CVE project by @Sn0wAlice Create: 2023-01-03 14:37:56 +0000 UTC Push: 2023-01-03 14:37:58 +0000 UTC |

Live-Hack-CVE/CVE-2022-39042 aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary system command or disrupt service. CVE project by @Sn0wAlice Create: 2023-01-03 14:37:51 +0000 UTC Push: 2023-01-03 14:37:54 +0000 UTC |