Live-Hack-CVE/CVE-2023-25718 The cryptographic code signing process and controls on ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect) are cryptographically flawed. An attacker can remotely generate or locally alter file contents and bypass code-signing controls. This can be used to execute code as a trusted application provi CVE project by @Sn0wAlice Create: 2023-02-14 05:27:28 +0000 UTC Push: 2023-02-14 05:27:30 +0000 UTC |

Live-Hack-CVE/CVE-2023-25717 Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring. CVE project by @Sn0wAlice Create: 2023-02-14 05:27:24 +0000 UTC Push: 2023-02-14 05:27:27 +0000 UTC |

Live-Hack-CVE/CVE-2023-24188 ureport v2.2.9 was discovered to contain an arbitrary file deletion vulnerability. CVE project by @Sn0wAlice Create: 2023-02-14 05:27:20 +0000 UTC Push: 2023-02-14 05:27:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-48110 CKSource CKEditor5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Full Featured CKEditor5 widget. CVE project by @Sn0wAlice Create: 2023-02-14 05:27:16 +0000 UTC Push: 2023-02-14 05:27:19 +0000 UTC |

Live-Hack-CVE/CVE-2022-45285 Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9.1 is vulnerable to Cross Site Scripting (XSS). CVE project by @Sn0wAlice Create: 2023-02-14 05:27:12 +0000 UTC Push: 2023-02-14 05:27:15 +0000 UTC |

Live-Hack-CVE/CVE-2023-24619 Redpanda before 22.3.12 discloses cleartext AWS credentials. The import functionality in the rpk binary logs an AWS Access Key ID and Secret in cleartext to standard output, allowing a local user to view the key in the console, or in Kubernetes logs if stdout output is collected. The fixed versions are 22.3.12, 22.2.10 CVE project by @Sn0wAlice Create: 2023-02-14 05:27:09 +0000 UTC Push: 2023-02-14 05:27:11 +0000 UTC |

Live-Hack-CVE/CVE-2023-25159 Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a document collaboration app for the same platform. Nextcloud Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, Nextcloud Enterprise Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, CVE project by @Sn0wAlice Create: 2023-02-14 03:17:24 +0000 UTC Push: 2023-02-14 03:17:26 +0000 UTC |

Live-Hack-CVE/CVE-2023-24804 The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Prior to version 3.0, the app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. The bypasses may lead to information disclosure when uploading the app’s internal files, and to arbitrary f CVE project by @Sn0wAlice Create: 2023-02-14 03:17:19 +0000 UTC Push: 2023-02-14 03:17:22 +0000 UTC |

Live-Hack-CVE/CVE-2023-23948 The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Version 2.21.1 of the ownCloud Android app is vulnerable to SQL injection in `FileContentProvider.kt`. This issue can lead to information disclosure. Two databases, `filelist` and `owncloud_database`, are affected. In version 3 CVE project by @Sn0wAlice Create: 2023-02-14 03:17:16 +0000 UTC Push: 2023-02-14 03:17:18 +0000 UTC |

Live-Hack-CVE/CVE-2023-0810 Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.11. CVE project by @Sn0wAlice Create: 2023-02-14 03:17:12 +0000 UTC Push: 2023-02-14 03:17:14 +0000 UTC |

Live-Hack-CVE/CVE-2022-48077 Genymotion Desktop v3.3.2 was discovered to contain a DLL hijacking vulnerability that allows attackers to escalate privileges and execute arbitrary code via a crafted DLL. CVE project by @Sn0wAlice Create: 2023-02-14 03:17:08 +0000 UTC Push: 2023-02-14 03:17:10 +0000 UTC |

Live-Hack-CVE/CVE-2022-41134 Cross-Site Request Forgery (CSRF) in OptinlyHQ Optinly – Exit Intent, Newsletter Popups, Gamification & Opt-in Forms plugin <= 1.0.15 versions. CVE project by @Sn0wAlice Create: 2023-02-14 03:17:04 +0000 UTC Push: 2023-02-14 03:17:07 +0000 UTC |

Live-Hack-CVE/CVE-2022-3089 Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file transfer protocol (FTP) serv CVE project by @Sn0wAlice Create: 2023-02-14 03:17:00 +0000 UTC Push: 2023-02-14 03:17:03 +0000 UTC |

Live-Hack-CVE/CVE-2021-37375 ** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek VidiU / VidiU Mini firmware version 3.0.8 and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be recei CVE project by @Sn0wAlice Create: 2023-02-14 03:16:53 +0000 UTC Push: 2023-02-14 03:16:56 +0000 UTC |

Live-Hack-CVE/CVE-2021-37379 ** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Sphere all firmware versions allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates CVE project by @Sn0wAlice Create: 2023-02-14 03:16:48 +0000 UTC Push: 2023-02-14 03:16:50 +0000 UTC |

Live-Hack-CVE/CVE-2023-23553 Control By Web X-400 devices are vulnerable to a cross-site scripting attack, which could result in private and session information being transferred to the attacker. CVE project by @Sn0wAlice Create: 2023-02-14 03:16:43 +0000 UTC Push: 2023-02-14 03:16:46 +0000 UTC |

Live-Hack-CVE/CVE-2023-23551 Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arbitrary code. CVE project by @Sn0wAlice Create: 2023-02-14 03:16:40 +0000 UTC Push: 2023-02-14 03:16:42 +0000 UTC |

Live-Hack-CVE/CVE-2023-22854 The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information. CVE project by @Sn0wAlice Create: 2023-02-14 03:16:36 +0000 UTC Push: 2023-02-14 03:16:38 +0000 UTC |

Live-Hack-CVE/CVE-2021-37376 ** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Bond, Bond 2 and Bond Pro firmware version 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not b CVE project by @Sn0wAlice Create: 2023-02-14 03:16:32 +0000 UTC Push: 2023-02-14 03:16:34 +0000 UTC |

Live-Hack-CVE/CVE-2021-37377 ** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Brik firmware version 7.2.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmw CVE project by @Sn0wAlice Create: 2023-02-14 03:16:28 +0000 UTC Push: 2023-02-14 03:16:30 +0000 UTC |