Live-Hack-CVE/CVE-2019-15016 An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database. CVE project by @Sn0wAlice Create: 2023-02-04 09:28:05 +0000 UTC Push: 2023-02-04 09:28:07 +0000 UTC |

Live-Hack-CVE/CVE-2019-15017 The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials. CVE project by @Sn0wAlice Create: 2023-02-04 09:28:02 +0000 UTC Push: 2023-02-04 09:28:04 +0000 UTC |

Live-Hack-CVE/CVE-2019-16972 In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. CVE project by @Sn0wAlice Create: 2023-02-04 08:21:33 +0000 UTC Push: 2023-02-04 08:21:35 +0000 UTC |

Live-Hack-CVE/CVE-2019-16968 An issue was discovered in FusionPBX up to 4.5.7. In the file app\conference_controls\conference_control_details.php, an unsanitized id variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. CVE project by @Sn0wAlice Create: 2023-02-04 08:21:29 +0000 UTC Push: 2023-02-04 08:21:31 +0000 UTC |

Live-Hack-CVE/CVE-2019-16965 resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data. CVE project by @Sn0wAlice Create: 2023-02-04 08:21:26 +0000 UTC Push: 2023-02-04 08:21:28 +0000 UTC |

Live-Hack-CVE/CVE-2019-17671 In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled. CVE project by @Sn0wAlice Create: 2023-02-04 08:21:22 +0000 UTC Push: 2023-02-04 08:21:25 +0000 UTC |

Live-Hack-CVE/CVE-2019-17672 WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements. CVE project by @Sn0wAlice Create: 2023-02-04 08:21:18 +0000 UTC Push: 2023-02-04 08:21:20 +0000 UTC |

Live-Hack-CVE/CVE-2019-17675 WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF. CVE project by @Sn0wAlice Create: 2023-02-04 08:21:14 +0000 UTC Push: 2023-02-04 08:21:17 +0000 UTC |

Live-Hack-CVE/CVE-2019-17674 WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer. CVE project by @Sn0wAlice Create: 2023-02-04 08:21:11 +0000 UTC Push: 2023-02-04 08:21:13 +0000 UTC |

Live-Hack-CVE/CVE-2019-2924 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Suc CVE project by @Sn0wAlice Create: 2023-02-04 08:21:05 +0000 UTC Push: 2023-02-04 08:21:07 +0000 UTC |

Live-Hack-CVE/CVE-2019-2920 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). Supported versions that are affected are 5.3.13 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successfu CVE project by @Sn0wAlice Create: 2023-02-04 08:21:01 +0000 UTC Push: 2023-02-04 08:21:03 +0000 UTC |

Live-Hack-CVE/CVE-2019-2922 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Suc CVE project by @Sn0wAlice Create: 2023-02-04 08:20:57 +0000 UTC Push: 2023-02-04 08:21:00 +0000 UTC |

Live-Hack-CVE/CVE-2019-2923 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Suc CVE project by @Sn0wAlice Create: 2023-02-04 08:20:54 +0000 UTC Push: 2023-02-04 08:20:56 +0000 UTC |

Live-Hack-CVE/CVE-2019-16095 Symonics libmysofa 0.7 has an invalid read in getDimension in hrtf/reader.c. CVE project by @Sn0wAlice Create: 2023-02-04 08:20:51 +0000 UTC Push: 2023-02-04 08:20:53 +0000 UTC |

Live-Hack-CVE/CVE-2019-16094 Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. CVE project by @Sn0wAlice Create: 2023-02-04 08:20:47 +0000 UTC Push: 2023-02-04 08:20:50 +0000 UTC |

Live-Hack-CVE/CVE-2019-16093 Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. CVE project by @Sn0wAlice Create: 2023-02-04 08:20:44 +0000 UTC Push: 2023-02-04 08:20:46 +0000 UTC |

Live-Hack-CVE/CVE-2019-16092 Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hrtf/reader.c. CVE project by @Sn0wAlice Create: 2023-02-04 08:20:41 +0000 UTC Push: 2023-02-04 08:20:43 +0000 UTC |

Live-Hack-CVE/CVE-2019-16091 Symonics libmysofa 0.7 has an out-of-bounds read in directblockRead in hdf/fractalhead.c. CVE project by @Sn0wAlice Create: 2023-02-04 08:20:37 +0000 UTC Push: 2023-02-04 08:20:39 +0000 UTC |

Live-Hack-CVE/CVE-2023-23615 Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments by deleting all embedda CVE project by @Sn0wAlice Create: 2023-02-04 08:20:33 +0000 UTC Push: 2023-02-04 08:20:35 +0000 UTC |

Live-Hack-CVE/CVE-2023-23082 A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument. CVE project by @Sn0wAlice Create: 2023-02-04 08:20:30 +0000 UTC Push: 2023-02-04 08:20:32 +0000 UTC |