Live-Hack-CVE/CVE-2017-16334 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authentica CVE project by @Sn0wAlice Create: 2023-01-20 23:42:51 +0000 UTC Push: 2023-01-20 23:42:54 +0000 UTC |

Live-Hack-CVE/CVE-2022-0742 Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc. CVE project by @Sn0wAlice Create: 2023-01-20 23:42:46 +0000 UTC Push: 2023-01-20 23:42:49 +0000 UTC |

Live-Hack-CVE/CVE-2012-6689 The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux kernel before 3.5.5 does not validate the dst_pid field, which allows local users to have an unspecified impact by spoofing Netlink messages. CVE project by @Sn0wAlice Create: 2023-01-20 23:42:41 +0000 UTC Push: 2023-01-20 23:42:44 +0000 UTC |

Live-Hack-CVE/CVE-2019-18813 A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka CID-9bbfceea12a8. CVE project by @Sn0wAlice Create: 2023-01-20 23:42:38 +0000 UTC Push: 2023-01-20 23:42:40 +0000 UTC |

Live-Hack-CVE/CVE-2017-16335 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authentica CVE project by @Sn0wAlice Create: 2023-01-20 23:42:34 +0000 UTC Push: 2023-01-20 23:42:36 +0000 UTC |

Live-Hack-CVE/CVE-2017-7615 MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php. CVE project by @Sn0wAlice Create: 2023-01-20 23:42:23 +0000 UTC Push: 2023-01-20 23:42:26 +0000 UTC |

Live-Hack-CVE/CVE-2021-37500 Directory traversal vulnerability in Reprise License Manager (RLM) web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file the on the server. CVE project by @Sn0wAlice Create: 2023-01-20 21:31:06 +0000 UTC Push: 2023-01-20 21:31:09 +0000 UTC |

Live-Hack-CVE/CVE-2021-37499 CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers. CVE project by @Sn0wAlice Create: 2023-01-20 21:31:02 +0000 UTC Push: 2023-01-20 21:31:04 +0000 UTC |

Live-Hack-CVE/CVE-2021-37498 An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function. CVE project by @Sn0wAlice Create: 2023-01-20 21:30:58 +0000 UTC Push: 2023-01-20 21:31:00 +0000 UTC |

rahulpatwari/CVE-2023-23163 Create: 2023-01-20 19:32:19 +0000 UTC Push: 2023-01-20 19:32:20 +0000 UTC |

rahulpatwari/-CVE-2023-23162 Create: 2023-01-20 19:29:54 +0000 UTC Push: 2023-01-20 19:30:35 +0000 UTC |

rahulpatwari/CVE-2023-23162 Create: 2023-01-20 19:29:54 +0000 UTC Push: 2023-01-20 19:30:35 +0000 UTC |

rahulpatwari/CVE-2023-23161 Create: 2023-01-20 19:28:30 +0000 UTC Push: 2023-01-20 19:29:07 +0000 UTC |

Live-Hack-CVE/CVE-2022-4616 The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to command injection through the network diagnosis page. This vulnerability could allow a remote unauthenticated user to add files, delete files, and change file permissions. CVE project by @Sn0wAlice Create: 2023-01-20 19:18:46 +0000 UTC Push: 2023-01-20 19:18:49 +0000 UTC |

Live-Hack-CVE/CVE-2022-39186 EXFO - BV-10 Performance Endpoint Unit misconfiguration. System configuration file has misconfigured permissions CVE project by @Sn0wAlice Create: 2023-01-20 19:18:42 +0000 UTC Push: 2023-01-20 19:18:45 +0000 UTC |

Live-Hack-CVE/CVE-2022-3592 A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the ' CVE project by @Sn0wAlice Create: 2023-01-20 19:18:35 +0000 UTC Push: 2023-01-20 19:18:38 +0000 UTC |

Live-Hack-CVE/CVE-2023-0227 Insufficient Session Expiration in GitHub repository pyload/pyload prior to 0.5.0b3.dev36. CVE project by @Sn0wAlice Create: 2023-01-20 19:18:31 +0000 UTC Push: 2023-01-20 19:18:34 +0000 UTC |

Live-Hack-CVE/CVE-2022-3437 A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small p CVE project by @Sn0wAlice Create: 2023-01-20 19:18:27 +0000 UTC Push: 2023-01-20 19:18:30 +0000 UTC |

Live-Hack-CVE/CVE-2023-23691 Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability to force a victim's browser to desynchronize its connection with the website, typically leading to XSS and DoS. CVE project by @Sn0wAlice Create: 2023-01-20 19:18:23 +0000 UTC Push: 2023-01-20 19:18:25 +0000 UTC |

Live-Hack-CVE/CVE-2023-23596 jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. When creating an access list, the backend builds an htpasswd file with crafted username and/or password input that is concatenated without any validation, and is directly passed to the exec command, potentially allowing an authenticated attacker to ex CVE project by @Sn0wAlice Create: 2023-01-20 19:18:19 +0000 UTC Push: 2023-01-20 19:18:21 +0000 UTC |