Live-Hack-CVE/CVE-2023-24426 Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:48 +0000 UTC Push: 2023-02-03 23:29:50 +0000 UTC |

Live-Hack-CVE/CVE-2019-4207 IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 may disclose sensitive information only available to a local user that could be used in further attacks against the system. IBM X-Force ID: 159148. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:42 +0000 UTC Push: 2023-02-03 23:29:44 +0000 UTC |

Live-Hack-CVE/CVE-2019-4238 IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159464. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:38 +0000 UTC Push: 2023-02-03 23:29:41 +0000 UTC |

Live-Hack-CVE/CVE-2019-4220 IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded encryption key that could be used to decrypt sensitive information. IBM X-Force ID: 159229. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:34 +0000 UTC Push: 2023-02-03 23:29:37 +0000 UTC |

Live-Hack-CVE/CVE-2019-4208 IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 159129. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:31 +0000 UTC Push: 2023-02-03 23:29:33 +0000 UTC |

Live-Hack-CVE/CVE-2020-4788 IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:23 +0000 UTC Push: 2023-02-03 23:29:26 +0000 UTC |

Live-Hack-CVE/CVE-2023-0549 A vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10. This issue affects some unknown processing of the file /forum/PostPrivateMessage of the component Private Message Handler. The manipulation of the argument subject/message leads to cross site scripting. The attack may be initia CVE project by @Sn0wAlice Create: 2023-02-03 21:16:28 +0000 UTC Push: 2023-02-03 21:16:30 +0000 UTC |

Live-Hack-CVE/CVE-2023-25139 sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buf CVE project by @Sn0wAlice Create: 2023-02-03 20:07:56 +0000 UTC Push: 2023-02-03 20:07:57 +0000 UTC |

Live-Hack-CVE/CVE-2023-25136 OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be triggered by an unauthenticated attacker in the default configuration; however, the vulnerability discoverer reports that "exploiting this vulnerability will not CVE project by @Sn0wAlice Create: 2023-02-03 20:07:52 +0000 UTC Push: 2023-02-03 20:07:54 +0000 UTC |

Live-Hack-CVE/CVE-2022-48074 An issue in NoMachine before v8.2.3 allows attackers to execute arbitrary commands via a crafted .nxs file. CVE project by @Sn0wAlice Create: 2023-02-03 20:07:48 +0000 UTC Push: 2023-02-03 20:07:51 +0000 UTC |

Live-Hack-CVE/CVE-2023-23130 ** DISPUTED ** Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Authentication is being done via HTTP (cleartext) with SSL disabled. OTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS) during tr CVE project by @Sn0wAlice Create: 2023-02-03 20:07:44 +0000 UTC Push: 2023-02-03 20:07:47 +0000 UTC |

Live-Hack-CVE/CVE-2023-23126 ** DISPUTED ** Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions. NOTE: the vendor's position is that a Content-Security-Policy HTTP response header is present to block this attack. CVE project by @Sn0wAlice Create: 2023-02-03 20:07:40 +0000 UTC Push: 2023-02-03 20:07:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-2327 io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We recommend upgrading the CVE project by @Sn0wAlice Create: 2023-02-03 20:07:36 +0000 UTC Push: 2023-02-03 20:07:38 +0000 UTC |

Ashifcoder/CVE-2022-44268-automated-poc An information disclosure vulnerability that could be exploited to read arbitrary files from a server when parsing an image in Image Magic. Create: 2023-02-03 19:33:27 +0000 UTC Push: 2023-02-03 19:33:28 +0000 UTC |

SpiralBL0CK/CVE-2022-31144 CVE-2022-31144 dos pt redis, not finished yet or too soon, this can be turned into rce but oh well if you smart enough Create: 2023-02-03 16:40:38 +0000 UTC Push: 2023-02-03 16:40:38 +0000 UTC |

y1nglamore/CVE-2022-44268-ImageMagick-Vulnerable-Docker-Environment The vulnerable recurrence docker environment for CVE-2022-44268 Create: 2023-02-03 16:02:28 +0000 UTC Push: 2023-02-03 16:03:19 +0000 UTC |

Live-Hack-CVE/CVE-2019-5447 A path traversal vulnerability in <= v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders. CVE project by @Sn0wAlice Create: 2023-02-03 14:37:59 +0000 UTC Push: 2023-02-03 14:38:01 +0000 UTC |

Live-Hack-CVE/CVE-2020-12673 In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read. CVE project by @Sn0wAlice Create: 2023-02-03 14:37:54 +0000 UTC Push: 2023-02-03 14:37:57 +0000 UTC |

Live-Hack-CVE/CVE-2020-12674 In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled. CVE project by @Sn0wAlice Create: 2023-02-03 14:37:50 +0000 UTC Push: 2023-02-03 14:37:53 +0000 UTC |

Live-Hack-CVE/CVE-2020-14042 ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site Scripting (XSS) vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder's name $path variable in components/filemanager/class.filemanager.php. NOTE: the vendor states "Codiad is no longer under act CVE project by @Sn0wAlice Create: 2023-02-03 14:37:47 +0000 UTC Push: 2023-02-03 14:37:49 +0000 UTC |