Live-Hack-CVE/CVE-2022-38731 Qaelum DOSE 18.08 through 21.1 before 21.2 allows Directory Traversal via the loadimages name parameter. It allows a user to specify an arbitrary location on the server's filesystem from which to load an image. (Only images are displayed to the attacker. All other files are loaded but not displayed.) The Content-Type r CVE project by @Sn0wAlice Create: 2023-02-17 00:07:18 +0000 UTC Push: 2023-02-17 00:07:20 +0000 UTC |

Live-Hack-CVE/CVE-2023-22953 In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user. CVE project by @Sn0wAlice Create: 2023-02-17 00:07:07 +0000 UTC Push: 2023-02-17 00:07:09 +0000 UTC |

Live-Hack-CVE/CVE-2023-0574 Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulati CVE project by @Sn0wAlice Create: 2023-02-17 00:07:03 +0000 UTC Push: 2023-02-17 00:07:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-24813 Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Dompdf parses the href attribute of `image` tags and respects `xlink:href` even if `href` is specified. However, php-svg-lib, wh CVE project by @Sn0wAlice Create: 2023-02-17 00:06:54 +0000 UTC Push: 2023-02-17 00:06:57 +0000 UTC |

Live-Hack-CVE/CVE-2023-0705 Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) CVE project by @Sn0wAlice Create: 2023-02-17 00:06:50 +0000 UTC Push: 2023-02-17 00:06:53 +0000 UTC |

grandDancer/CVE-2017-5124-RCE-0-Day CVE-2017-5124 RCE 0-Day Create: 2023-02-16 23:36:38 +0000 UTC Push: 2023-02-16 23:37:40 +0000 UTC |

0xsu3ks/CVE-2023-0860 Create: 2023-02-16 21:49:20 +0000 UTC Push: 2023-02-16 21:49:21 +0000 UTC |

Live-Hack-CVE/CVE-2023-0662 In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. CVE project by @Sn0wAlice Create: 2023-02-16 19:38:25 +0000 UTC Push: 2023-02-16 19:38:27 +0000 UTC |

Live-Hack-CVE/CVE-2023-0568 In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unaut CVE project by @Sn0wAlice Create: 2023-02-16 19:38:22 +0000 UTC Push: 2023-02-16 19:38:24 +0000 UTC |

Live-Hack-CVE/CVE-2023-0861 NetModule NSRW web administration interface executes an OS command constructed with unsanitized user input. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 b CVE project by @Sn0wAlice Create: 2023-02-16 19:38:18 +0000 UTC Push: 2023-02-16 19:38:20 +0000 UTC |

Live-Hack-CVE/CVE-2023-0862 The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges. This issue affects NSRW: from 4.3.0.0 befor CVE project by @Sn0wAlice Create: 2023-02-16 19:38:15 +0000 UTC Push: 2023-02-16 19:38:17 +0000 UTC |

Live-Hack-CVE/CVE-2023-0860 Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4. CVE project by @Sn0wAlice Create: 2023-02-16 19:38:11 +0000 UTC Push: 2023-02-16 19:38:14 +0000 UTC |

Live-Hack-CVE/CVE-2019-6623 On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, undisclosed traffic sent to BIG-IP iSession virtual server may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS). CVE project by @Sn0wAlice Create: 2023-02-16 15:17:18 +0000 UTC Push: 2023-02-16 15:17:21 +0000 UTC |

Live-Hack-CVE/CVE-2019-6629 On BIG-IP 14.1.0-14.1.0.5, undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Client SSL profile must have session tickets enabled and use DHE cipher suites to be affected. This only impacts the data plane, there is no impact to the control plane. CVE project by @Sn0wAlice Create: 2023-02-16 15:17:15 +0000 UTC Push: 2023-02-16 15:17:17 +0000 UTC |

Live-Hack-CVE/CVE-2019-6631 On BIG-IP 11.5.1-11.6.4, iRules performing HTTP header manipulation may cause an interruption to service when processing traffic handled by a Virtual Server with an associated HTTP profile, in specific circumstances, when the requests do not strictly conform to RFCs. CVE project by @Sn0wAlice Create: 2023-02-16 15:17:11 +0000 UTC Push: 2023-02-16 15:17:13 +0000 UTC |

Live-Hack-CVE/CVE-2019-6635 On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, when the BIG-IP system is licensed for Appliance mode, a user with either the Administrator or the Resource Administrator role can bypass Appliance mode restrictions. CVE project by @Sn0wAlice Create: 2023-02-16 15:17:08 +0000 UTC Push: 2023-02-16 15:17:10 +0000 UTC |

Live-Hack-CVE/CVE-2019-6639 On BIG-IP (AFM, PEM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, an undisclosed TMUI pages for AFM and PEM Subscriber management are vulnerable to a stored cross-site scripting (XSS) issue. This is a control plane issue only and is not accessible from the data p CVE project by @Sn0wAlice Create: 2023-02-16 15:17:04 +0000 UTC Push: 2023-02-16 15:17:06 +0000 UTC |

Live-Hack-CVE/CVE-2019-6633 On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, when the BIG-IP system is licensed with Appliance mode, user accounts with Administrator and Resource Administrator roles can bypass Appliance mode restrictions. CVE project by @Sn0wAlice Create: 2023-02-16 15:17:00 +0000 UTC Push: 2023-02-16 15:17:03 +0000 UTC |

h4md153v63n/CVE-2022-40348_Intern-Record-System-Cross-site-Scripting-V1.0-Vulnerability-Unauthenticated CVE-2022-40348: Intern Record System - 'name' and 'email' Cross-site Scripting (Unauthenticated) Create: 2023-02-16 10:29:33 +0000 UTC Push: 2023-02-16 10:29:34 +0000 UTC |

h4md153v63n/CVE-2022-40347_Intern-Record-System-phone-V1.0-SQL-Injection-Vulnerability-Unauthenticated CVE-2022-40347: Intern Record System - 'phone', 'email', 'deptType' and 'name' SQL Injection (Unauthenticated) Create: 2023-02-16 10:16:51 +0000 UTC Push: 2023-02-16 10:16:52 +0000 UTC |