Live-Hack-CVE/CVE-2023-0827 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 1.5.17. CVE project by @Sn0wAlice Create: 2023-02-14 23:16:08 +0000 UTC Push: 2023-02-14 23:16:11 +0000 UTC |

Live-Hack-CVE/CVE-2023-0173 The Drag & Drop Sales Funnel Builder for WordPress plugin before 2.6.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. CVE project by @Sn0wAlice Create: 2023-02-14 23:16:03 +0000 UTC Push: 2023-02-14 23:16:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-0171 The jQuery T(-) Countdown Widget WordPress plugin before 2.3.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. CVE project by @Sn0wAlice Create: 2023-02-14 23:15:59 +0000 UTC Push: 2023-02-14 23:16:02 +0000 UTC |

Live-Hack-CVE/CVE-2023-0174 The WP VR WordPress plugin before 8.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. CVE project by @Sn0wAlice Create: 2023-02-14 23:15:55 +0000 UTC Push: 2023-02-14 23:15:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-0236 The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the reset_key and user_id parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin CVE project by @Sn0wAlice Create: 2023-02-14 23:15:52 +0000 UTC Push: 2023-02-14 23:15:54 +0000 UTC |

Live-Hack-CVE/CVE-2023-0178 The Annual Archive WordPress plugin before 1.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. CVE project by @Sn0wAlice Create: 2023-02-14 23:15:48 +0000 UTC Push: 2023-02-14 23:15:50 +0000 UTC |

Live-Hack-CVE/CVE-2023-0176 The Giveaways and Contests by RafflePress WordPress plugin before 1.11.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. CVE project by @Sn0wAlice Create: 2023-02-14 23:15:44 +0000 UTC Push: 2023-02-14 23:15:46 +0000 UTC |

Live-Hack-CVE/CVE-2021-32936 An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or exe CVE project by @Sn0wAlice Create: 2023-02-14 22:10:28 +0000 UTC Push: 2023-02-14 22:10:30 +0000 UTC |

Live-Hack-CVE/CVE-2021-43391 An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid dash counter in line types) can trigger a read past the end of an allocated buffer. An attacker can CVE project by @Sn0wAlice Create: 2023-02-14 22:10:22 +0000 UTC Push: 2023-02-14 22:10:24 +0000 UTC |

Live-Hack-CVE/CVE-2021-43336 An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF and DWG files. Crafted data in a DXF or DWG file (an invalid number of properties) can trigger a write operation past the end of an alloc CVE project by @Sn0wAlice Create: 2023-02-14 22:10:17 +0000 UTC Push: 2023-02-14 22:10:21 +0000 UTC |

Live-Hack-CVE/CVE-2023-25065 Cross-Site Request Forgery (CSRF) vulnerability in ShapedPlugin WP Tabs – Responsive Tabs Plugin for WordPress plugin <= 2.1.14 versions. CVE project by @Sn0wAlice Create: 2023-02-14 22:09:58 +0000 UTC Push: 2023-02-14 22:10:00 +0000 UTC |

Live-Hack-CVE/CVE-2023-24382 Cross-Site Request Forgery (CSRF) vulnerability in Photon WP Material Design Icons for Page Builders plugin <= 1.4.2 versions. CVE project by @Sn0wAlice Create: 2023-02-14 22:09:54 +0000 UTC Push: 2023-02-14 22:09:56 +0000 UTC |

Live-Hack-CVE/CVE-2023-24377 Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.3 versions. CVE project by @Sn0wAlice Create: 2023-02-14 22:09:50 +0000 UTC Push: 2023-02-14 22:09:53 +0000 UTC |

Live-Hack-CVE/CVE-2022-46862 Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin <= 8.0.7 versions. CVE project by @Sn0wAlice Create: 2023-02-14 22:09:46 +0000 UTC Push: 2023-02-14 22:09:49 +0000 UTC |

Live-Hack-CVE/CVE-2023-25066 Cross-Site Request Forgery (CSRF) vulnerability in FolioVision FV Flowplayer Video Player plugin <= 7.5.30.7212 versions. CVE project by @Sn0wAlice Create: 2023-02-14 19:56:15 +0000 UTC Push: 2023-02-14 19:56:18 +0000 UTC |

Live-Hack-CVE/CVE-2022-43469 Cross-Site Request Forgery (CSRF) vulnerability in Orchestrated Corona Virus (COVID-19) Banner & Live Data plugin <= 1.7.0.6 versions. CVE project by @Sn0wAlice Create: 2023-02-14 19:56:11 +0000 UTC Push: 2023-02-14 19:56:13 +0000 UTC |

Live-Hack-CVE/CVE-2012-3287 Poul-Henning Kamp md5crypt has insufficient algorithmic complexity and a consequently short runtime, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack, as demonstrated by an attack using GPU hardware. CVE project by @Sn0wAlice Create: 2023-02-14 19:56:07 +0000 UTC Push: 2023-02-14 19:56:10 +0000 UTC |

Live-Hack-CVE/CVE-2023-25758 Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.10.0 allow man-in-the-middle attackers to obtain the seed phase. The man-in-the-middle access can only be obtained after disassembling a device (i.e., here, "man-in-the-middle" does not refer to the attacker's position on an IP network). NOTE: the ven CVE project by @Sn0wAlice Create: 2023-02-14 19:56:03 +0000 UTC Push: 2023-02-14 19:56:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-22375 ** UNSUPPORTED WHEN ASSIGNED ** Cross-site request forgery (CSRF) vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to hijack the authentication and conduct arbitrary operations by having a logged-in user to view a malicious page. NOTE: This vuln CVE project by @Sn0wAlice Create: 2023-02-14 14:27:50 +0000 UTC Push: 2023-02-14 14:27:53 +0000 UTC |

Live-Hack-CVE/CVE-2023-22370 ** UNSUPPORTED WHEN ASSIGNED ** Stored cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a network-adjacent authenticated attacker to inject an arbitrary script. NOTE: This vulnerability only affects products that are no longer supported by the developer. CVE project by @Sn0wAlice Create: 2023-02-14 14:27:47 +0000 UTC Push: 2023-02-14 14:27:49 +0000 UTC |