Live-Hack-CVE/CVE-2023-25768 A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server. CVE project by @Sn0wAlice Create: 2023-02-15 23:40:45 +0000 UTC Push: 2023-02-15 23:40:48 +0000 UTC |

Live-Hack-CVE/CVE-2023-25767 A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server. CVE project by @Sn0wAlice Create: 2023-02-15 23:40:42 +0000 UTC Push: 2023-02-15 23:40:44 +0000 UTC |

Live-Hack-CVE/CVE-2023-25766 A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. CVE project by @Sn0wAlice Create: 2023-02-15 23:40:38 +0000 UTC Push: 2023-02-15 23:40:40 +0000 UTC |

Live-Hack-CVE/CVE-2023-25765 In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. CVE project by @Sn0wAlice Create: 2023-02-15 23:40:34 +0000 UTC Push: 2023-02-15 23:40:37 +0000 UTC |

Live-Hack-CVE/CVE-2023-25764 Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email template output or log output generated during template rendering, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or change custom email templates. CVE project by @Sn0wAlice Create: 2023-02-15 23:40:30 +0000 UTC Push: 2023-02-15 23:40:33 +0000 UTC |

Live-Hack-CVE/CVE-2023-25763 Jenkins Email Extension Plugin 2.93 and earlier does not escape various fields included in bundled email templates, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control affected fields. CVE project by @Sn0wAlice Create: 2023-02-15 23:40:27 +0000 UTC Push: 2023-02-15 23:40:29 +0000 UTC |

Live-Hack-CVE/CVE-2023-25762 Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control job names. CVE project by @Sn0wAlice Create: 2023-02-15 23:40:23 +0000 UTC Push: 2023-02-15 23:40:24 +0000 UTC |

Live-Hack-CVE/CVE-2023-25761 Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin. CVE project by @Sn0wAlice Create: 2023-02-15 23:40:19 +0000 UTC Push: 2023-02-15 23:40:22 +0000 UTC |

Live-Hack-CVE/CVE-2023-0841 A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function mp3_dmx_process of the file filters/reframe_mp3.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public CVE project by @Sn0wAlice Create: 2023-02-15 23:40:15 +0000 UTC Push: 2023-02-15 23:40:18 +0000 UTC |

Live-Hack-CVE/CVE-2022-32477 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the FvbServicesRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection f CVE project by @Sn0wAlice Create: 2023-02-15 23:40:11 +0000 UTC Push: 2023-02-15 23:40:14 +0000 UTC |

Live-Hack-CVE/CVE-2022-32475 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the VariableRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This issue was fixed in the kernel, which also protected CVE project by @Sn0wAlice Create: 2023-02-15 23:40:07 +0000 UTC Push: 2023-02-15 23:40:10 +0000 UTC |

Live-Hack-CVE/CVE-2022-32469 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the PnpSmm shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI run CVE project by @Sn0wAlice Create: 2023-02-15 23:40:03 +0000 UTC Push: 2023-02-15 23:40:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-0840 A vulnerability classified as problematic was found in PHPCrazy 1.1.1. This vulnerability affects unknown code of the file admin/admin.php?action=users&mode=info&user=2. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the p CVE project by @Sn0wAlice Create: 2023-02-15 23:39:59 +0000 UTC Push: 2023-02-15 23:40:02 +0000 UTC |

Live-Hack-CVE/CVE-2023-23925 Switcher Client is a JavaScript SDK to work with Switcher API which is cloud-based Feature Flag. Unsanitized input flows into Strategy match operation (EXIST), where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack (reDOS). This issue has been patched in version CVE project by @Sn0wAlice Create: 2023-02-15 23:39:54 +0000 UTC Push: 2023-02-15 23:39:57 +0000 UTC |

hotpotcookie/CVE-2022-44877-white-box Red Team utilities for setting up CWP CentOS 7 payload & reverse shell (Red Team 9 - CW2023) Create: 2023-02-15 23:22:48 +0000 UTC Push: 2023-03-09 21:26:36 +0000 UTC |

Live-Hack-CVE/CVE-2022-45154 A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise CVE project by @Sn0wAlice Create: 2023-02-15 19:12:34 +0000 UTC Push: 2023-02-15 19:12:37 +0000 UTC |

Live-Hack-CVE/CVE-2022-45153 An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: S CVE project by @Sn0wAlice Create: 2023-02-15 19:12:30 +0000 UTC Push: 2023-02-15 19:12:33 +0000 UTC |

Live-Hack-CVE/CVE-2022-42735 Improper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu. ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own. This issue affects Apache ShenYu: 2.5.0. Upgrade to Apache ShenYu 2.5.1 or apply patch https://github.com/apache/shenyu/ CVE project by @Sn0wAlice Create: 2023-02-15 19:12:27 +0000 UTC Push: 2023-02-15 19:12:29 +0000 UTC |

j00sean/CVE-2022-44666 Write-up for another forgotten Windows vulnerability (0day): Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control href attribute escape, which was not fully fixed as CVE-2022-44666 in the patches released on December, 2022. Create: 2023-02-15 18:12:04 +0000 UTC Push: 2023-06-18 18:43:08 +0000 UTC |

Live-Hack-CVE/CVE-2021-24487 The St-Daily-Tip WordPress plugin through 4.7 does not have any CSRF check in place when saving its 'Default Text to Display if no tips' setting, and was also lacking sanitisation as well as escaping before outputting it the page. This could allow attacker to make logged in administrators set a malicious payload in it, CVE project by @Sn0wAlice Create: 2023-02-15 14:48:28 +0000 UTC Push: 2023-02-15 14:48:30 +0000 UTC |