Live-Hack-CVE/CVE-2020-11081 osquery before version 4.4.0 enables a privilege escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables local escalation. This CVE project by @Sn0wAlice Create: 2023-01-21 06:18:18 +0000 UTC Push: 2023-01-21 06:18:20 +0000 UTC |

Live-Hack-CVE/CVE-2020-15890 LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled. CVE project by @Sn0wAlice Create: 2023-01-21 06:18:14 +0000 UTC Push: 2023-01-21 06:18:17 +0000 UTC |

Live-Hack-CVE/CVE-2023-0246 A vulnerability, which was classified as problematic, was found in earclink ESPCMS P8.21120101. Affected is an unknown function of the component Content Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VD CVE project by @Sn0wAlice Create: 2023-01-21 06:18:11 +0000 UTC Push: 2023-01-21 06:18:13 +0000 UTC |

Live-Hack-CVE/CVE-2023-0245 A vulnerability, which was classified as critical, has been found in SourceCodester Online Flight Booking Management System. This issue affects some unknown processing of the file add_contestant.php. The manipulation of the argument add_contestant leads to sql injection. The attack may be initiated remotely. The exploi CVE project by @Sn0wAlice Create: 2023-01-21 06:18:07 +0000 UTC Push: 2023-01-21 06:18:09 +0000 UTC |

Live-Hack-CVE/CVE-2019-20096 In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b. CVE project by @Sn0wAlice Create: 2023-01-21 06:18:03 +0000 UTC Push: 2023-01-21 06:18:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-0244 A vulnerability classified as critical was found in TuziCMS 2.0.6. This vulnerability affects the function delall of the file \App\Manage\Controller\KefuController.class.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public an CVE project by @Sn0wAlice Create: 2023-01-21 06:17:59 +0000 UTC Push: 2023-01-21 06:18:02 +0000 UTC |

Live-Hack-CVE/CVE-2019-20141 An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter. CVE project by @Sn0wAlice Create: 2023-01-21 06:17:54 +0000 UTC Push: 2023-01-21 06:17:57 +0000 UTC |

Live-Hack-CVE/CVE-2019-17621 The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. CVE project by @Sn0wAlice Create: 2023-01-21 06:17:50 +0000 UTC Push: 2023-01-21 06:17:53 +0000 UTC |

Live-Hack-CVE/CVE-2019-20176 In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c. CVE project by @Sn0wAlice Create: 2023-01-21 06:17:47 +0000 UTC Push: 2023-01-21 06:17:49 +0000 UTC |

Live-Hack-CVE/CVE-2020-15920 There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required. CVE project by @Sn0wAlice Create: 2023-01-21 06:17:43 +0000 UTC Push: 2023-01-21 06:17:46 +0000 UTC |

Live-Hack-CVE/CVE-2020-15860 Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic Error causing remote code execution. It allows an authenticated user to execute any application in the backend operating system through the web application, despite the affected application not being published. In addition, it was discovered that it CVE project by @Sn0wAlice Create: 2023-01-21 06:17:39 +0000 UTC Push: 2023-01-21 06:17:42 +0000 UTC |

Live-Hack-CVE/CVE-2019-20204 The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCript:/* at the beginning and a crafted SVG element. CVE project by @Sn0wAlice Create: 2023-01-21 06:17:36 +0000 UTC Push: 2023-01-21 06:17:38 +0000 UTC |

Live-Hack-CVE/CVE-2020-12778 Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack. CVE project by @Sn0wAlice Create: 2023-01-21 06:17:32 +0000 UTC Push: 2023-01-21 06:17:34 +0000 UTC |

Live-Hack-CVE/CVE-2020-12777 A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information. CVE project by @Sn0wAlice Create: 2023-01-21 06:17:28 +0000 UTC Push: 2023-01-21 06:17:30 +0000 UTC |

Live-Hack-CVE/CVE-2020-12781 Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery. CVE project by @Sn0wAlice Create: 2023-01-21 06:17:24 +0000 UTC Push: 2023-01-21 06:17:26 +0000 UTC |

Live-Hack-CVE/CVE-2019-20208 dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack-based buffer overflow. CVE project by @Sn0wAlice Create: 2023-01-21 06:17:19 +0000 UTC Push: 2023-01-21 06:17:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-24713 regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guara CVE project by @Sn0wAlice Create: 2023-01-21 04:04:38 +0000 UTC Push: 2023-01-21 04:04:40 +0000 UTC |

Live-Hack-CVE/CVE-2020-1106 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1101. CVE project by @Sn0wAlice Create: 2023-01-21 04:04:33 +0000 UTC Push: 2023-01-21 04:04:36 +0000 UTC |

Live-Hack-CVE/CVE-2023-23489 The Easy Digital Downloads WordPress Plugin, version < 3.1.0.4, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action. CVE project by @Sn0wAlice Create: 2023-01-21 04:04:29 +0000 UTC Push: 2023-01-21 04:04:32 +0000 UTC |

Live-Hack-CVE/CVE-2023-23488 The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route. CVE project by @Sn0wAlice Create: 2023-01-21 04:04:25 +0000 UTC Push: 2023-01-21 04:04:27 +0000 UTC |