unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
增加标签
Tags (allow clear + 0 threshold)
Choose a tag...
Please select a valid tag.
Live-Hack-CVE/CVE-2022-41025
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer ove CVE project by @Sn0wAlice
Create: 2023-02-03 03:29:30 +0000 UTC Push: 2023-02-03 03:29:32 +0000 UTC |
Live-Hack-CVE/CVE-2022-41024
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer ove CVE project by @Sn0wAlice
Create: 2023-02-03 03:29:26 +0000 UTC Push: 2023-02-03 03:29:29 +0000 UTC |
Live-Hack-CVE/CVE-2022-41023
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer ove CVE project by @Sn0wAlice
Create: 2023-02-03 03:29:22 +0000 UTC Push: 2023-02-03 03:29:24 +0000 UTC |
Live-Hack-CVE/CVE-2022-41022
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer ove CVE project by @Sn0wAlice
Create: 2023-02-03 03:29:18 +0000 UTC Push: 2023-02-03 03:29:21 +0000 UTC |
Live-Hack-CVE/CVE-2022-41021
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer ove CVE project by @Sn0wAlice
Create: 2023-02-03 03:29:13 +0000 UTC Push: 2023-02-03 03:29:15 +0000 UTC |
Live-Hack-CVE/CVE-2022-41020
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer ove CVE project by @Sn0wAlice
Create: 2023-02-03 03:29:09 +0000 UTC Push: 2023-02-03 03:29:12 +0000 UTC |
Live-Hack-CVE/CVE-2017-9614
** DISPUTED ** The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file. NOTE: Maintainer asserts the issue is due to a bug in downstream code ca CVE project by @Sn0wAlice
Create: 2023-02-03 03:28:59 +0000 UTC Push: 2023-02-03 03:29:02 +0000 UTC |
Live-Hack-CVE/CVE-2019-10153
A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM i CVE project by @Sn0wAlice
Create: 2023-02-03 03:28:50 +0000 UTC Push: 2023-02-03 03:28:53 +0000 UTC |
Live-Hack-CVE/CVE-2022-1289
A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce. CVE project by @Sn0wAlice
Create: 2023-02-03 03:28:46 +0000 UTC Push: 2023-02-03 03:28:49 +0000 UTC |
Live-Hack-CVE/CVE-2023-23128
** DISPUTED ** Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product functionality, and that there is no risk from this behavior. The vulnerability report is thus not valid. CVE project by @Sn0wAlice
Create: 2023-02-03 02:23:35 +0000 UTC Push: 2023-02-03 02:23:37 +0000 UTC |
Live-Hack-CVE/CVE-2023-23127
** DISPUTED ** In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS. NOTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS) during troubleshooting. CVE project by @Sn0wAlice
Create: 2023-02-03 02:23:31 +0000 UTC Push: 2023-02-03 02:23:33 +0000 UTC |
Live-Hack-CVE/CVE-2023-0651
A vulnerability was found in FastCMS 0.1.0. It has been classified as critical. Affected is an unknown function of the component Template Management. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-220038 is t CVE project by @Sn0wAlice
Create: 2023-02-03 02:23:27 +0000 UTC Push: 2023-02-03 02:23:29 +0000 UTC |
Live-Hack-CVE/CVE-2023-0650
A vulnerability was found in YAFNET up to 3.1.11 and classified as problematic. This issue affects some unknown processing of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to CVE project by @Sn0wAlice
Create: 2023-02-03 02:23:24 +0000 UTC Push: 2023-02-03 02:23:26 +0000 UTC |
Live-Hack-CVE/CVE-2023-24445
Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins. CVE project by @Sn0wAlice
Create: 2023-02-03 02:23:20 +0000 UTC Push: 2023-02-03 02:23:22 +0000 UTC |
Live-Hack-CVE/CVE-2018-25078
man-db before 2.8.5 on Gentoo allows local users (with access to the man user account) to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. (Also, the owner can strip the setuid and setgid bits.) CVE project by @Sn0wAlice
Create: 2023-02-03 02:23:16 +0000 UTC Push: 2023-02-03 02:23:18 +0000 UTC |
Live-Hack-CVE/CVE-2023-24494
A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session. CVE project by @Sn0wAlice
Create: 2023-02-03 02:23:10 +0000 UTC Push: 2023-02-03 02:23:12 +0000 UTC |
Live-Hack-CVE/CVE-2023-24493
A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could leverage the reporting system to export reports containing formulas, which would then require a victim to approve and execute on a host. CVE project by @Sn0wAlice
Create: 2023-02-03 02:23:06 +0000 UTC Push: 2023-02-03 02:23:09 +0000 UTC |
Live-Hack-CVE/CVE-2023-24459
A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. CVE project by @Sn0wAlice
Create: 2023-02-03 02:23:03 +0000 UTC Push: 2023-02-03 02:23:05 +0000 UTC |
Live-Hack-CVE/CVE-2023-24458
A cross-site request forgery (CSRF) vulnerability in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified URL. CVE project by @Sn0wAlice
Create: 2023-02-03 02:22:59 +0000 UTC Push: 2023-02-03 02:23:01 +0000 UTC |
Live-Hack-CVE/CVE-2023-24457
A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account. CVE project by @Sn0wAlice
Create: 2023-02-03 02:22:55 +0000 UTC Push: 2023-02-03 02:22:58 +0000 UTC |
Previous
446
447
448
449
450
451
452
453
Next