unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
增加标签
Tags (allow clear + 0 threshold)
Choose a tag...
Please select a valid tag.
Live-Hack-CVE/CVE-2017-16328
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authentica CVE project by @Sn0wAlice
Create: 2023-01-21 01:55:26 +0000 UTC Push: 2023-01-21 01:55:28 +0000 UTC |
Live-Hack-CVE/CVE-2019-20043
In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such rights, but this allowed them to bypass CVE project by @Sn0wAlice
Create: 2023-01-21 01:55:22 +0000 UTC Push: 2023-01-21 01:55:25 +0000 UTC |
Live-Hack-CVE/CVE-2019-9892
An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files on the OT CVE project by @Sn0wAlice
Create: 2023-01-21 01:55:19 +0000 UTC Push: 2023-01-21 01:55:21 +0000 UTC |
Live-Hack-CVE/CVE-2019-12497
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. In the customer or external frontend, personal information of agents (e.g., Name and mail address) can be disclosed in external notes. CVE project by @Sn0wAlice
Create: 2023-01-21 01:55:15 +0000 UTC Push: 2023-01-21 01:55:17 +0000 UTC |
Live-Hack-CVE/CVE-2019-12248
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.7, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. An attacker could send a malicious email to an OTRS system. If a logged-in agent user quotes it, the email could cause the browser to load external image CVE project by @Sn0wAlice
Create: 2023-01-21 01:55:10 +0000 UTC Push: 2023-01-21 01:55:13 +0000 UTC |
Live-Hack-CVE/CVE-2019-14496
LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00 has a stack-based buffer overflow. CVE project by @Sn0wAlice
Create: 2023-01-21 01:55:07 +0000 UTC Push: 2023-01-21 01:55:09 +0000 UTC |
Live-Hack-CVE/CVE-2019-19781
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal. CVE project by @Sn0wAlice
Create: 2023-01-21 01:55:02 +0000 UTC Push: 2023-01-21 01:55:05 +0000 UTC |
Live-Hack-CVE/CVE-2019-20051
A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95. The vulnerability causes an application crash, which leads to denial of service. CVE project by @Sn0wAlice
Create: 2023-01-21 01:54:58 +0000 UTC Push: 2023-01-21 01:55:00 +0000 UTC |
Live-Hack-CVE/CVE-2019-14497
ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTracker 1.02.00 has a heap-based buffer overflow. CVE project by @Sn0wAlice
Create: 2023-01-21 01:54:54 +0000 UTC Push: 2023-01-21 01:54:56 +0000 UTC |
Live-Hack-CVE/CVE-2019-12746
An issue was discovered in Open Ticket Request System (OTRS) Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. A user logged into OTRS as an agent might unknowingly disclose their session ID by sharing the link of an embedded ticket article with third parties. This identifier can be then be potentially a CVE project by @Sn0wAlice
Create: 2023-01-21 01:54:50 +0000 UTC Push: 2023-01-21 01:54:53 +0000 UTC |
Live-Hack-CVE/CVE-2019-13458
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. An attacker who is logged into OTRS as an agent user with appropriate permissions can leverage OTRS notification tags in templates in order to disclose hashed user passw CVE project by @Sn0wAlice
Create: 2023-01-21 01:54:46 +0000 UTC Push: 2023-01-21 01:54:49 +0000 UTC |
Live-Hack-CVE/CVE-2019-16303
A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness (apache.commons.lang3 RandomStringUtils). This allows an attacker (if able to obtain their own password reset URL) to compute the value for all other password resets for CVE project by @Sn0wAlice
Create: 2023-01-21 01:54:41 +0000 UTC Push: 2023-01-21 01:54:44 +0000 UTC |
Live-Hack-CVE/CVE-2019-13361
Smanos W100 1.0.0 devices have Insecure Permissions, exploitable by an attacker on the same Wi-Fi network. CVE project by @Sn0wAlice
Create: 2023-01-21 01:54:37 +0000 UTC Push: 2023-01-21 01:54:40 +0000 UTC |
Live-Hack-CVE/CVE-2019-15715
MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution. CVE project by @Sn0wAlice
Create: 2023-01-21 01:54:33 +0000 UTC Push: 2023-01-21 01:54:36 +0000 UTC |
Live-Hack-CVE/CVE-2019-15587
In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. CVE project by @Sn0wAlice
Create: 2023-01-21 01:54:28 +0000 UTC Push: 2023-01-21 01:54:31 +0000 UTC |
Live-Hack-CVE/CVE-2020-5306
Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content. CVE project by @Sn0wAlice
Create: 2023-01-21 01:54:24 +0000 UTC Push: 2023-01-21 01:54:27 +0000 UTC |
Live-Hack-CVE/CVE-2019-12416
we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. This is only active if a developer selected the ClientSideWindowStrategy which is not the default. CVE project by @Sn0wAlice
Create: 2023-01-21 01:54:20 +0000 UTC Push: 2023-01-21 01:54:23 +0000 UTC |
grimlockx/CVE-2019-9978-2
Create: 2023-01-21 00:29:18 +0000 UTC Push: 2023-01-21 00:29:54 +0000 UTC |
Live-Hack-CVE/CVE-2022-20967
A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface. This vulnerability is due to improper validation of input to an application CVE project by @Sn0wAlice
Create: 2023-01-20 23:43:08 +0000 UTC Push: 2023-01-20 23:43:11 +0000 UTC |
Live-Hack-CVE/CVE-2017-16332
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authentica CVE project by @Sn0wAlice
Create: 2023-01-20 23:42:59 +0000 UTC Push: 2023-01-20 23:43:02 +0000 UTC |
Previous
502
503
504
505
506
507
508
509
Next