Live-Hack-CVE/CVE-2022-38778 A flaw (CVE-2022-38900) was discovered in one of Kibana’s third party dependencies, that could allow an authenticated user to perform a request that crashes the Kibana server process. CVE project by @Sn0wAlice Create: 2023-02-09 07:47:20 +0000 UTC Push: 2023-02-09 07:47:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-38777 An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. CVE project by @Sn0wAlice Create: 2023-02-09 07:47:16 +0000 UTC Push: 2023-02-09 07:47:19 +0000 UTC |

Live-Hack-CVE/CVE-2023-24508 Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validate CVE project by @Sn0wAlice Create: 2023-02-09 07:47:12 +0000 UTC Push: 2023-02-09 07:47:14 +0000 UTC |

Live-Hack-CVE/CVE-2022-26872 AMI Megarac Password reset interception via API CVE project by @Sn0wAlice Create: 2023-02-09 07:47:08 +0000 UTC Push: 2023-02-09 07:47:11 +0000 UTC |

Live-Hack-CVE/CVE-2019-15112 The wp-slimstat plugin before 4.8.1 for WordPress has XSS. CVE project by @Sn0wAlice Create: 2023-02-09 07:46:57 +0000 UTC Push: 2023-02-09 07:46:59 +0000 UTC |

Live-Hack-CVE/CVE-2017-18540 The weblibrarian plugin before 3.4.8.7 for WordPress has XSS via front-end short codes. CVE project by @Sn0wAlice Create: 2023-02-09 07:46:54 +0000 UTC Push: 2023-02-09 07:46:56 +0000 UTC |

Live-Hack-CVE/CVE-2017-18538 The weblibrarian plugin before 3.4.8.5 for WordPress has XSS via front-end short codes. CVE project by @Sn0wAlice Create: 2023-02-09 07:46:50 +0000 UTC Push: 2023-02-09 07:46:52 +0000 UTC |

Live-Hack-CVE/CVE-2022-4304 A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulne CVE project by @Sn0wAlice Create: 2023-02-09 05:33:35 +0000 UTC Push: 2023-02-09 05:33:38 +0000 UTC |

Live-Hack-CVE/CVE-2022-34350 IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS loo CVE project by @Sn0wAlice Create: 2023-02-09 05:33:31 +0000 UTC Push: 2023-02-09 05:33:34 +0000 UTC |

Live-Hack-CVE/CVE-2023-23131 Selfwealth iOS mobile App 3.3.1 is vulnerable to Insecure App Transport Security (ATS) Settings. CVE project by @Sn0wAlice Create: 2023-02-09 05:33:26 +0000 UTC Push: 2023-02-09 05:33:28 +0000 UTC |

Live-Hack-CVE/CVE-2023-0617 A vulnerability was found in TRENDNet TEW-811DRU 1.0.10.0. It has been classified as critical. This affects an unknown part of the file /wireless/guestnetwork.asp of the component httpd. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the publ CVE project by @Sn0wAlice Create: 2023-02-09 05:33:20 +0000 UTC Push: 2023-02-09 05:33:22 +0000 UTC |

Live-Hack-CVE/CVE-2023-0618 A vulnerability was found in TRENDnet TEW-652BRP 3.04B01. It has been declared as critical. This vulnerability affects unknown code of the file cfg_op.ccp of the component Web Service. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed to the public and may CVE project by @Sn0wAlice Create: 2023-02-09 05:33:16 +0000 UTC Push: 2023-02-09 05:33:19 +0000 UTC |

Live-Hack-CVE/CVE-2023-23136 lmxcms v1.41 was discovered to contain an arbitrary file deletion vulnerability via BackdbAction.class.php. CVE project by @Sn0wAlice Create: 2023-02-09 05:33:09 +0000 UTC Push: 2023-02-09 05:33:11 +0000 UTC |

Live-Hack-CVE/CVE-2023-22575 Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in celog. A low privileges user could potentially exploit this vulnerability, leading to information disclosure and escalation of privileges. CVE project by @Sn0wAlice Create: 2023-02-09 05:33:04 +0000 UTC Push: 2023-02-09 05:33:07 +0000 UTC |

Live-Hack-CVE/CVE-2022-46842 Cross-Site Request Forgery (CSRF) vulnerability in JS Help Desk plugin <= 2.7.1 versions. CVE project by @Sn0wAlice Create: 2023-02-09 05:32:54 +0000 UTC Push: 2023-02-09 05:32:57 +0000 UTC |

Live-Hack-CVE/CVE-2022-46815 Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin <= 2.3.1 versions. CVE project by @Sn0wAlice Create: 2023-02-09 05:32:51 +0000 UTC Push: 2023-02-09 05:32:52 +0000 UTC |

Live-Hack-CVE/CVE-2022-45807 Cross-Site Request Forgery (CSRF) in WPVibes WP Mail Log plugin <= 1.0.1 versions. CVE project by @Sn0wAlice Create: 2023-02-09 05:32:47 +0000 UTC Push: 2023-02-09 05:32:50 +0000 UTC |

Live-Hack-CVE/CVE-2023-23073 Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component. CVE project by @Sn0wAlice Create: 2023-02-09 03:21:41 +0000 UTC Push: 2023-02-09 03:21:44 +0000 UTC |

Live-Hack-CVE/CVE-2021-25296 Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the N CVE project by @Sn0wAlice Create: 2023-02-09 03:21:38 +0000 UTC Push: 2023-02-09 03:21:40 +0000 UTC |

Live-Hack-CVE/CVE-2021-25297 Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI CVE project by @Sn0wAlice Create: 2023-02-09 03:21:34 +0000 UTC Push: 2023-02-09 03:21:36 +0000 UTC |