Live-Hack-CVE/CVE-2022-36715 Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/search.php. CVE project by @Sn0wAlice Create: 2022-12-30 10:35:22 +0000 UTC Push: 2022-12-30 10:35:24 +0000 UTC |

Live-Hack-CVE/CVE-2004-0686 Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors. CVE project by @Sn0wAlice Create: 2022-12-30 09:53:39 +0000 UTC Push: 2022-12-30 09:53:41 +0000 UTC |

Live-Hack-CVE/CVE-2021-23173 The affected product is vulnerable to an improper access control, which may allow an authenticated user to gain unauthorized access to sensitive data. CVE project by @Sn0wAlice Create: 2022-12-30 09:12:01 +0000 UTC Push: 2022-12-30 09:12:04 +0000 UTC |

Live-Hack-CVE/CVE-2022-36748 PicUploader v2.6.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /master/index.php. CVE project by @Sn0wAlice Create: 2022-12-30 08:30:22 +0000 UTC Push: 2022-12-30 08:30:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-23675 A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. CVE project by @Sn0wAlice Create: 2022-12-30 07:48:43 +0000 UTC Push: 2022-12-30 07:48:45 +0000 UTC |

Live-Hack-CVE/CVE-2022-2895 Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. These controls may allow two stack-based buffer overflow instances while processing a specific project file. CVE project by @Sn0wAlice Create: 2022-12-30 07:06:39 +0000 UTC Push: 2022-12-30 07:06:41 +0000 UTC |

Live-Hack-CVE/CVE-2022-2003 AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06 CVE project by @Sn0wAlice Create: 2022-12-30 06:24:55 +0000 UTC Push: 2022-12-30 06:24:57 +0000 UTC |

Live-Hack-CVE/CVE-2015-4866 Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. CVE project by @Sn0wAlice Create: 2022-12-30 05:43:18 +0000 UTC Push: 2022-12-30 05:43:20 +0000 UTC |

Live-Hack-CVE/CVE-2021-46378 DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download. CVE project by @Sn0wAlice Create: 2022-12-30 05:01:10 +0000 UTC Push: 2022-12-30 05:01:13 +0000 UTC |

Live-Hack-CVE/CVE-2020-9281 A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax). CVE project by @Sn0wAlice Create: 2022-12-30 04:19:48 +0000 UTC Push: 2022-12-30 04:19:50 +0000 UTC |

Live-Hack-CVE/CVE-2022-38274 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/comment/list. CVE project by @Sn0wAlice Create: 2022-12-30 03:37:55 +0000 UTC Push: 2022-12-30 03:37:58 +0000 UTC |

Live-Hack-CVE/CVE-2022-37796 In Simple Online Book Store System 1.0 in /admin_book.php the Title, Author, and Description parameters are vulnerable to Cross Site Scripting(XSS). CVE project by @Sn0wAlice Create: 2022-12-30 02:56:04 +0000 UTC Push: 2022-12-30 02:56:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-35832 Windows Event Tracing Denial of Service Vulnerability. CVE project by @Sn0wAlice Create: 2022-12-30 02:14:36 +0000 UTC Push: 2022-12-30 02:14:38 +0000 UTC |

Live-Hack-CVE/CVE-2022-40663 This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TI CVE project by @Sn0wAlice Create: 2022-12-30 01:33:20 +0000 UTC Push: 2022-12-30 01:33:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-25688 Memory corruption in video due to buffer overflow while parsing ps video clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables CVE project by @Sn0wAlice Create: 2022-12-30 00:51:22 +0000 UTC Push: 2022-12-30 00:51:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-30675 Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a vict CVE project by @Sn0wAlice Create: 2022-12-30 00:09:21 +0000 UTC Push: 2022-12-30 00:09:23 +0000 UTC |

Live-Hack-CVE/CVE-2022-40807 The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0 CVE project by @Sn0wAlice Create: 2022-12-29 23:27:40 +0000 UTC Push: 2022-12-29 23:27:42 +0000 UTC |

Live-Hack-CVE/CVE-2022-34746 An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in th CVE project by @Sn0wAlice Create: 2022-12-29 22:46:07 +0000 UTC Push: 2022-12-29 22:46:09 +0000 UTC |

Live-Hack-CVE/CVE-2021-2475 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBo CVE project by @Sn0wAlice Create: 2022-12-29 22:04:12 +0000 UTC Push: 2022-12-29 22:04:14 +0000 UTC |

Live-Hack-CVE/CVE-2021-25460 An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService. CVE project by @Sn0wAlice Create: 2022-12-29 21:22:37 +0000 UTC Push: 2022-12-29 21:22:39 +0000 UTC |