Live-Hack-CVE/CVE-2023-0434 Improper Input Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev40. CVE project by @Sn0wAlice Create: 2023-01-22 14:13:04 +0000 UTC Push: 2023-01-22 14:13:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-24044 A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. CVE project by @Sn0wAlice Create: 2023-01-22 14:13:00 +0000 UTC Push: 2023-01-22 14:13:03 +0000 UTC |

Live-Hack-CVE/CVE-2023-23457 A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service. CVE project by @Sn0wAlice Create: 2023-01-22 14:12:56 +0000 UTC Push: 2023-01-22 14:12:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-23456 A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file. CVE project by @Sn0wAlice Create: 2023-01-22 14:12:53 +0000 UTC Push: 2023-01-22 14:12:55 +0000 UTC |

Live-Hack-CVE/CVE-2023-24056 In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes. CVE project by @Sn0wAlice Create: 2023-01-22 14:12:48 +0000 UTC Push: 2023-01-22 14:12:50 +0000 UTC |

Live-Hack-CVE/CVE-2023-24055 ** DISPUTED ** KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who has that l CVE project by @Sn0wAlice Create: 2023-01-22 14:12:45 +0000 UTC Push: 2023-01-22 14:12:47 +0000 UTC |

Live-Hack-CVE/CVE-2023-22617 A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS records for a misconfigured domain, because QName minimization is used in QM fallback mode. This is fixed in 4.8.1. CVE project by @Sn0wAlice Create: 2023-01-22 05:26:32 +0000 UTC Push: 2023-01-22 05:26:34 +0000 UTC |

Live-Hack-CVE/CVE-2023-0433 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225. CVE project by @Sn0wAlice Create: 2023-01-22 02:10:26 +0000 UTC Push: 2023-01-22 02:10:28 +0000 UTC |

Live-Hack-CVE/CVE-2023-22884 Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0. CVE project by @Sn0wAlice Create: 2023-01-21 23:56:15 +0000 UTC Push: 2023-01-21 23:56:17 +0000 UTC |

tin-z/CVE-2021-20294-POC Create: 2023-01-21 23:28:53 +0000 UTC Push: 2023-01-21 23:28:53 +0000 UTC |

n3m1dotsys/CVE-2023-22809-sudoedit-privesc A script to automate privilege escalation with CVE-2023-22809 vulnerability Create: 2023-01-21 23:19:23 +0000 UTC Push: 2023-01-21 23:19:23 +0000 UTC |

0xless/CVE-2022-44900-demo-lab Demo webapp vulnerable to CVE-2022-44900 Create: 2023-01-21 22:52:59 +0000 UTC Push: 2023-01-21 22:52:59 +0000 UTC |

Marsel-marsel/CVE-2022-45770 LPE exploit via windows driver Create: 2023-01-21 18:32:02 +0000 UTC Push: 2023-01-21 18:32:03 +0000 UTC |

Live-Hack-CVE/CVE-2023-24038 The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes. CVE project by @Sn0wAlice Create: 2023-01-21 15:10:05 +0000 UTC Push: 2023-01-21 15:10:08 +0000 UTC |

Live-Hack-CVE/CVE-2020-36655 Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file. CVE project by @Sn0wAlice Create: 2023-01-21 15:10:01 +0000 UTC Push: 2023-01-21 15:10:04 +0000 UTC |

Live-Hack-CVE/CVE-2023-24042 A race condition in LightFTP through 2.2 allows an attacker to achieve path traversal via a malformed FTP request. A handler thread can use an overwritten context->FileName. CVE project by @Sn0wAlice Create: 2023-01-21 15:09:58 +0000 UTC Push: 2023-01-21 15:10:00 +0000 UTC |

Live-Hack-CVE/CVE-2023-24040 ** UNSUPPORTED WHEN ASSIGNED ** dtprintinfo in Common Desktop Environment 1.6 has a bug in the parser of lpstat (an invoked external command) during listing of the names of available printers. This allows low-privileged local users to inject arbitrary printer names via the $HOME/.printers file. This injection allows th CVE project by @Sn0wAlice Create: 2023-01-21 15:09:55 +0000 UTC Push: 2023-01-21 15:09:57 +0000 UTC |

Live-Hack-CVE/CVE-2023-24039 ** UNSUPPORTED WHEN ASSIGNED ** A stack-based buffer overflow in ParseColors in libXm in Common Desktop Environment 1.6 can be exploited by local low-privileged users via the dtprintinfo setuid binary to escalate their privileges to root on Solaris 10 systems. NOTE: This vulnerability only affects products that are no CVE project by @Sn0wAlice Create: 2023-01-21 15:09:51 +0000 UTC Push: 2023-01-21 15:09:53 +0000 UTC |

Live-Hack-CVE/CVE-2021-43138 In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution. CVE project by @Sn0wAlice Create: 2023-01-21 15:09:48 +0000 UTC Push: 2023-01-21 15:09:50 +0000 UTC |

Live-Hack-CVE/CVE-2023-22742 libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the `certificate_check` field of libgit2's `git_remote_callbacks` structure - if CVE project by @Sn0wAlice Create: 2023-01-21 09:37:12 +0000 UTC Push: 2023-01-21 09:37:14 +0000 UTC |