Live-Hack-CVE/CVE-2023-0406 Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. CVE project by @Sn0wAlice Create: 2023-01-20 03:51:45 +0000 UTC Push: 2023-01-20 03:51:46 +0000 UTC |

Live-Hack-CVE/CVE-2022-47745 ZenTao 16.4 to 18.0.beta1 is vulnerable to SQL injection. After logging in with any user, you can complete SQL injection by constructing a special request and sending it to function importNotice. CVE project by @Sn0wAlice Create: 2023-01-20 03:51:41 +0000 UTC Push: 2023-01-20 03:51:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-47740 Seltmann GmbH Content Management System 6 is vulnerable to SQL Injection via /index.php. CVE project by @Sn0wAlice Create: 2023-01-20 03:51:37 +0000 UTC Push: 2023-01-20 03:51:40 +0000 UTC |

Live-Hack-CVE/CVE-2022-47197 An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can sen CVE project by @Sn0wAlice Create: 2023-01-20 03:51:33 +0000 UTC Push: 2023-01-20 03:51:36 +0000 UTC |

Live-Hack-CVE/CVE-2022-47196 An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can sen CVE project by @Sn0wAlice Create: 2023-01-20 03:51:29 +0000 UTC Push: 2023-01-20 03:51:32 +0000 UTC |

Live-Hack-CVE/CVE-2022-47195 An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can sen CVE project by @Sn0wAlice Create: 2023-01-20 03:51:25 +0000 UTC Push: 2023-01-20 03:51:28 +0000 UTC |

Live-Hack-CVE/CVE-2022-47194 An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can sen CVE project by @Sn0wAlice Create: 2023-01-20 03:51:21 +0000 UTC Push: 2023-01-20 03:51:24 +0000 UTC |

Live-Hack-CVE/CVE-2020-25714 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none. CVE project by @Sn0wAlice Create: 2023-01-20 03:51:17 +0000 UTC Push: 2023-01-20 03:51:20 +0000 UTC |

Live-Hack-CVE/CVE-2020-25679 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none. CVE project by @Sn0wAlice Create: 2023-01-20 03:51:13 +0000 UTC Push: 2023-01-20 03:51:16 +0000 UTC |

Live-Hack-CVE/CVE-2020-1715 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none. CVE project by @Sn0wAlice Create: 2023-01-20 03:51:10 +0000 UTC Push: 2023-01-20 03:51:12 +0000 UTC |

Live-Hack-CVE/CVE-2020-10765 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none. CVE project by @Sn0wAlice Create: 2023-01-20 03:51:06 +0000 UTC Push: 2023-01-20 03:51:08 +0000 UTC |

Live-Hack-CVE/CVE-2020-10764 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none. CVE project by @Sn0wAlice Create: 2023-01-20 03:51:02 +0000 UTC Push: 2023-01-20 03:51:04 +0000 UTC |

Live-Hack-CVE/CVE-2020-10694 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none. CVE project by @Sn0wAlice Create: 2023-01-20 03:50:58 +0000 UTC Push: 2023-01-20 03:51:01 +0000 UTC |

Live-Hack-CVE/CVE-2020-10692 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none. CVE project by @Sn0wAlice Create: 2023-01-20 03:50:54 +0000 UTC Push: 2023-01-20 03:50:57 +0000 UTC |

Live-Hack-CVE/CVE-2022-4543 A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems. CVE project by @Sn0wAlice Create: 2023-01-20 03:50:50 +0000 UTC Push: 2023-01-20 03:50:53 +0000 UTC |

Live-Hack-CVE/CVE-2018-20961 In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact. CVE project by @Sn0wAlice Create: 2023-01-20 01:40:41 +0000 UTC Push: 2023-01-20 01:40:44 +0000 UTC |

Live-Hack-CVE/CVE-2019-15504 drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir). CVE project by @Sn0wAlice Create: 2023-01-20 01:40:36 +0000 UTC Push: 2023-01-20 01:40:40 +0000 UTC |

Live-Hack-CVE/CVE-2014-2523 net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error f CVE project by @Sn0wAlice Create: 2023-01-20 01:40:32 +0000 UTC Push: 2023-01-20 01:40:35 +0000 UTC |

Live-Hack-CVE/CVE-2006-7204 The imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read arbitrary files or list arbitrary directory contents. CVE project by @Sn0wAlice Create: 2023-01-20 01:40:24 +0000 UTC Push: 2023-01-20 01:40:26 +0000 UTC |

Live-Hack-CVE/CVE-2017-18017 The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. CVE project by @Sn0wAlice Create: 2023-01-20 01:40:20 +0000 UTC Push: 2023-01-20 01:40:22 +0000 UTC |