Live-Hack-CVE/CVE-2017-17806 The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel CVE project by @Sn0wAlice Create: 2023-01-20 01:40:16 +0000 UTC Push: 2023-01-20 01:40:19 +0000 UTC |

Live-Hack-CVE/CVE-2017-17853 kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations. CVE project by @Sn0wAlice Create: 2023-01-20 01:40:12 +0000 UTC Push: 2023-01-20 01:40:15 +0000 UTC |

Live-Hack-CVE/CVE-2015-8787 The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c in the Linux kernel before 4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by sending certain IPv4 packets to an incompletely configured interface, a relate CVE project by @Sn0wAlice Create: 2023-01-20 01:40:08 +0000 UTC Push: 2023-01-20 01:40:10 +0000 UTC |

Live-Hack-CVE/CVE-2010-3709 The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive. CVE project by @Sn0wAlice Create: 2023-01-20 01:40:03 +0000 UTC Push: 2023-01-20 01:40:05 +0000 UTC |

Live-Hack-CVE/CVE-2012-4388 The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction betw CVE project by @Sn0wAlice Create: 2023-01-20 01:39:59 +0000 UTC Push: 2023-01-20 01:40:01 +0000 UTC |

Live-Hack-CVE/CVE-2014-3981 acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. CVE project by @Sn0wAlice Create: 2023-01-20 01:39:55 +0000 UTC Push: 2023-01-20 01:39:57 +0000 UTC |

Live-Hack-CVE/CVE-2014-3538 file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-20 CVE project by @Sn0wAlice Create: 2023-01-20 01:39:50 +0000 UTC Push: 2023-01-20 01:39:53 +0000 UTC |

Live-Hack-CVE/CVE-2014-4698 Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments. CVE project by @Sn0wAlice Create: 2023-01-20 01:39:46 +0000 UTC Push: 2023-01-20 01:39:49 +0000 UTC |

Live-Hack-CVE/CVE-2009-2687 The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353. CVE project by @Sn0wAlice Create: 2023-01-20 01:39:42 +0000 UTC Push: 2023-01-20 01:39:45 +0000 UTC |

Live-Hack-CVE/CVE-2015-2326 The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/". CVE project by @Sn0wAlice Create: 2023-01-20 01:39:38 +0000 UTC Push: 2023-01-20 01:39:41 +0000 UTC |

Live-Hack-CVE/CVE-2010-2531 The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion. CVE project by @Sn0wAlice Create: 2023-01-20 01:39:34 +0000 UTC Push: 2023-01-20 01:39:37 +0000 UTC |

Live-Hack-CVE/CVE-2011-1471 Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls. CVE project by @Sn0wAlice Create: 2023-01-20 01:39:30 +0000 UTC Push: 2023-01-20 01:39:33 +0000 UTC |

Live-Hack-CVE/CVE-2022-47105 Jeecg-boot v3.4.4 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData. CVE project by @Sn0wAlice Create: 2023-01-20 01:39:24 +0000 UTC Push: 2023-01-20 01:39:26 +0000 UTC |

Live-Hack-CVE/CVE-2023-0404 The Events Made Easy plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions related to AJAX actions in versions up to, and including, 2.3.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those functi CVE project by @Sn0wAlice Create: 2023-01-20 01:39:20 +0000 UTC Push: 2023-01-20 01:39:22 +0000 UTC |

Live-Hack-CVE/CVE-2023-0403 The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.0. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers to delete post meta information and reset network access tokens, CVE project by @Sn0wAlice Create: 2023-01-20 01:39:15 +0000 UTC Push: 2023-01-20 01:39:18 +0000 UTC |

Live-Hack-CVE/CVE-2023-0402 The Social Warfare plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several AJAX actions in versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete post meta information and reset netw CVE project by @Sn0wAlice Create: 2023-01-20 01:39:11 +0000 UTC Push: 2023-01-20 01:39:13 +0000 UTC |

Live-Hack-CVE/CVE-2020-36649 A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Affected is an unknown function of the file papaparse.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 5.2.0 is able to address this issue. The name of the patch is 235a12758cd77 CVE project by @Sn0wAlice Create: 2023-01-20 00:30:27 +0000 UTC Push: 2023-01-20 00:30:30 +0000 UTC |

Live-Hack-CVE/CVE-2018-25074 A vulnerability was found in Prestaul skeemas and classified as problematic. This issue affects some unknown processing of the file validators/base.js. The manipulation of the argument uri leads to inefficient regular expression complexity. The name of the patch is 65e94eda62dc8dc148ab3e59aa2ccc086ac448fd. It is recomm CVE project by @Sn0wAlice Create: 2023-01-20 00:30:22 +0000 UTC Push: 2023-01-20 00:30:26 +0000 UTC |

Live-Hack-CVE/CVE-2017-20168 A vulnerability was found in jfm-so piWallet. It has been rated as critical. Affected by this issue is some unknown functionality of the file api.php. The manipulation of the argument key leads to sql injection. The name of the patch is b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb. It is recommended to apply a patch to fix CVE project by @Sn0wAlice Create: 2023-01-20 00:30:18 +0000 UTC Push: 2023-01-20 00:30:21 +0000 UTC |

Live-Hack-CVE/CVE-2021-37774 An issue was discovered in function httpProcDataSrv in TL-WDR7660 2.0.30 that allows attackers to execute arbitrary code. CVE project by @Sn0wAlice Create: 2023-01-20 00:30:01 +0000 UTC Push: 2023-01-20 00:30:04 +0000 UTC |