Live-Hack-CVE/CVE-2023-22807 LS ELECTRIC XBC-DN32U with operating system version 01.80 does not properly control access to the PLC over its internal XGT protocol. An attacker could control and tamper with the PLC by sending the packets to the PLC over its XGT protocol. CVE project by @Sn0wAlice Create: 2023-02-16 04:06:25 +0000 UTC Push: 2023-02-16 04:06:28 +0000 UTC |

Live-Hack-CVE/CVE-2023-22806 LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits sensitive information in cleartext when communicating over its XGT protocol. This could allow an attacker to gain sensitive information such as user credentials. CVE project by @Sn0wAlice Create: 2023-02-16 04:06:21 +0000 UTC Push: 2023-02-16 04:06:24 +0000 UTC |

Live-Hack-CVE/CVE-2023-22805 LS ELECTRIC XBC-DN32U with operating system version 01.80 has improper access control to its read prohibition feature. This could allow a remote attacker to remotely set the feature to lock users out of reading data from the device. CVE project by @Sn0wAlice Create: 2023-02-16 04:06:18 +0000 UTC Push: 2023-02-16 04:06:20 +0000 UTC |

Live-Hack-CVE/CVE-2023-22804 LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to create users on the PLC. This could allow an attacker to create and use an account with elevated privileges and take control of the device. CVE project by @Sn0wAlice Create: 2023-02-16 04:06:14 +0000 UTC Push: 2023-02-16 04:06:16 +0000 UTC |

Live-Hack-CVE/CVE-2023-22803 LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to perform critical functions to the PLC. This could allow an attacker to change the PLC's mode arbitrarily. CVE project by @Sn0wAlice Create: 2023-02-16 04:06:10 +0000 UTC Push: 2023-02-16 04:06:12 +0000 UTC |

Live-Hack-CVE/CVE-2023-0361 A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of CVE project by @Sn0wAlice Create: 2023-02-16 04:06:06 +0000 UTC Push: 2023-02-16 04:06:09 +0000 UTC |

Live-Hack-CVE/CVE-2023-0103 If an attacker were to access memory locations of LS ELECTRIC XBC-DN32U with operating system version 01.80 that are outside of the communication buffer, the device stops operating. This could allow an attacker to cause a denial-of-service condition. CVE project by @Sn0wAlice Create: 2023-02-16 04:06:03 +0000 UTC Push: 2023-02-16 04:06:05 +0000 UTC |

Live-Hack-CVE/CVE-2022-45587 Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service. CVE project by @Sn0wAlice Create: 2023-02-16 04:05:59 +0000 UTC Push: 2023-02-16 04:06:01 +0000 UTC |

Live-Hack-CVE/CVE-2023-0102 LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication for its deletion command. This could allow an attacker to delete arbitrary files. CVE project by @Sn0wAlice Create: 2023-02-16 04:05:55 +0000 UTC Push: 2023-02-16 04:05:57 +0000 UTC |

Live-Hack-CVE/CVE-2022-45586 Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of service. CVE project by @Sn0wAlice Create: 2023-02-16 04:05:51 +0000 UTC Push: 2023-02-16 04:05:53 +0000 UTC |

yerodin/CVE-2022-45701 Arris Router Firmware 9.1.103 - Remote Code Execution (RCE) (Authenticated) POC Exploit for CVE-2022-45701 Create: 2023-02-16 02:31:32 +0000 UTC Push: 2023-02-16 02:31:32 +0000 UTC |

Live-Hack-CVE/CVE-2023-0373 The Lightweight Accordion WordPress plugin before 1.5.15 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks CVE project by @Sn0wAlice Create: 2023-02-16 01:52:10 +0000 UTC Push: 2023-02-16 01:52:13 +0000 UTC |

Live-Hack-CVE/CVE-2023-0360 The Location Weather WordPress plugin before 1.3.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. CVE project by @Sn0wAlice Create: 2023-02-16 01:52:06 +0000 UTC Push: 2023-02-16 01:52:09 +0000 UTC |

Live-Hack-CVE/CVE-2023-0333 The TemplatesNext ToolKit WordPress plugin before 3.2.9 does not validate some of its shortcode attributes before using them to generate an HTML tag, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks CVE project by @Sn0wAlice Create: 2023-02-16 01:52:02 +0000 UTC Push: 2023-02-16 01:52:05 +0000 UTC |

Live-Hack-CVE/CVE-2023-0275 The Easy Accept Payments for PayPal WordPress plugin before 4.9.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. CVE project by @Sn0wAlice Create: 2023-02-16 01:51:58 +0000 UTC Push: 2023-02-16 01:52:01 +0000 UTC |

Live-Hack-CVE/CVE-2023-0263 The WP Yelp Review Slider WordPress plugin before 7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. CVE project by @Sn0wAlice Create: 2023-02-16 01:51:51 +0000 UTC Push: 2023-02-16 01:51:54 +0000 UTC |

Live-Hack-CVE/CVE-2023-23943 Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network of the Nextcloud Server. It is recommended that the Nextcloud Maill app is upgraded to 1.15.0 or 2.2. CVE project by @Sn0wAlice Create: 2023-02-16 01:51:47 +0000 UTC Push: 2023-02-16 01:51:49 +0000 UTC |

Live-Hack-CVE/CVE-2022-42950 An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2. A crafted HTTP REST request from an administrator account to the Couchbase Server Backup Service can exhaust memory resources, causing the process to be killed, which can be used for denial of service. CVE project by @Sn0wAlice Create: 2023-02-15 23:40:56 +0000 UTC Push: 2023-02-15 23:40:59 +0000 UTC |

Live-Hack-CVE/CVE-2022-42951 An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time (before the cluster management authentication has started) where an attacker can connect to the cluster manager using defaul CVE project by @Sn0wAlice Create: 2023-02-15 23:40:52 +0000 UTC Push: 2023-02-15 23:40:55 +0000 UTC |

Live-Hack-CVE/CVE-2023-25768 A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server. CVE project by @Sn0wAlice Create: 2023-02-15 23:40:45 +0000 UTC Push: 2023-02-15 23:40:48 +0000 UTC |