Live-Hack-CVE/CVE-2021-24388 In the VikRentCar Car Rental Management System WordPress plugin before 1.1.7, there is a custom filed option by which we can manage all the fields that the users will have to fill in before saving the order. However, the field name is not sanitised or escaped before being output back in the page, leading to a stored Cr CVE project by @Sn0wAlice Create: 2023-02-15 14:48:24 +0000 UTC Push: 2023-02-15 14:48:26 +0000 UTC |

Live-Hack-CVE/CVE-2019-19774 An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetails from hostdetails" at the /event/runquery.do endpoint, it is possible to bypass the security restrictions that prevent even administrative users from viewing credential data stored in the database, CVE project by @Sn0wAlice Create: 2023-02-15 14:48:20 +0000 UTC Push: 2023-02-15 14:48:22 +0000 UTC |

Live-Hack-CVE/CVE-2019-11281 Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authentic CVE project by @Sn0wAlice Create: 2023-02-15 14:48:16 +0000 UTC Push: 2023-02-15 14:48:19 +0000 UTC |

Live-Hack-CVE/CVE-2019-15018 A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant. CVE project by @Sn0wAlice Create: 2023-02-15 14:48:13 +0000 UTC Push: 2023-02-15 14:48:15 +0000 UTC |

Live-Hack-CVE/CVE-2019-15020 A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection. CVE project by @Sn0wAlice Create: 2023-02-15 14:48:08 +0000 UTC Push: 2023-02-15 14:48:10 +0000 UTC |

Live-Hack-CVE/CVE-2019-15019 A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector. CVE project by @Sn0wAlice Create: 2023-02-15 14:48:04 +0000 UTC Push: 2023-02-15 14:48:07 +0000 UTC |

Live-Hack-CVE/CVE-2019-15023 A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration. CVE project by @Sn0wAlice Create: 2023-02-15 14:48:01 +0000 UTC Push: 2023-02-15 14:48:03 +0000 UTC |

Live-Hack-CVE/CVE-2019-15022 A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing. CVE project by @Sn0wAlice Create: 2023-02-15 14:47:57 +0000 UTC Push: 2023-02-15 14:47:59 +0000 UTC |

Live-Hack-CVE/CVE-2019-1584 A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an attacker's cloud endpoint. CVE project by @Sn0wAlice Create: 2023-02-15 14:47:53 +0000 UTC Push: 2023-02-15 14:47:56 +0000 UTC |

Live-Hack-CVE/CVE-2023-20949 In s2mpg11_pmic_probe of s2mpg11-regulator.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-259323 CVE project by @Sn0wAlice Create: 2023-02-15 14:47:48 +0000 UTC Push: 2023-02-15 14:47:50 +0000 UTC |

Live-Hack-CVE/CVE-2023-20927 In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-24 CVE project by @Sn0wAlice Create: 2023-02-15 14:47:44 +0000 UTC Push: 2023-02-15 14:47:47 +0000 UTC |

Live-Hack-CVE/CVE-2022-32953 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the SdHostDriver buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated by using IOMMU protection for the ACPI r CVE project by @Sn0wAlice Create: 2023-02-15 14:47:41 +0000 UTC Push: 2023-02-15 14:47:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-32476 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the AhciBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI CVE project by @Sn0wAlice Create: 2023-02-15 14:47:37 +0000 UTC Push: 2023-02-15 14:47:39 +0000 UTC |

Live-Hack-CVE/CVE-2022-32473 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the HddPassword shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACP CVE project by @Sn0wAlice Create: 2023-02-15 14:47:34 +0000 UTC Push: 2023-02-15 14:47:36 +0000 UTC |

Live-Hack-CVE/CVE-2022-32470 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the FwBlockServiceSmm shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for t CVE project by @Sn0wAlice Create: 2023-02-15 14:47:30 +0000 UTC Push: 2023-02-15 14:47:33 +0000 UTC |

Live-Hack-CVE/CVE-2023-25011 PC settings tool Ver10.1.26.0 and earlier, PC settings tool Ver11.0.22.0 and earlier allows a attacker to write to the registry as administrator privileges with standard user privileges. CVE project by @Sn0wAlice Create: 2023-02-15 14:47:27 +0000 UTC Push: 2023-02-15 14:47:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-47373 Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malicious JavaScript payload. CVE project by @Sn0wAlice Create: 2023-02-15 14:47:23 +0000 UTC Push: 2023-02-15 14:47:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-47372 Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability by injecting XSS payloads on popular pages of a site or passing a link to a victim, tricking them into viewing the page that contains the stored XSS payload. CVE project by @Sn0wAlice Create: 2023-02-15 14:47:19 +0000 UTC Push: 2023-02-15 14:47:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-45437 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all allows Cross-Site Scripting (XSS). A user with edition privileges can create a Payload in the reporting dashboard module. An admin user can observe the Payload without interaction an CVE project by @Sn0wAlice Create: 2023-02-15 14:47:16 +0000 UTC Push: 2023-02-15 14:47:18 +0000 UTC |

Live-Hack-CVE/CVE-2022-45436 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting (XSS). As a manager privilege user , create a network map containing name as xss payload. Once created, admin user must click on the edit netwo CVE project by @Sn0wAlice Create: 2023-02-15 14:47:12 +0000 UTC Push: 2023-02-15 14:47:14 +0000 UTC |