Live-Hack-CVE/CVE-2022-45926 An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint notify.localizeEmailTemplate allows a low-privilege user to evaluate webreports. CVE project by @Sn0wAlice Create: 2023-01-19 10:09:35 +0000 UTC Push: 2023-01-19 10:09:38 +0000 UTC |

Live-Hack-CVE/CVE-2022-45925 An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remote_adde and server_name, which is an informati CVE project by @Sn0wAlice Create: 2023-01-19 10:09:31 +0000 UTC Push: 2023-01-19 10:09:33 +0000 UTC |

Live-Hack-CVE/CVE-2022-45924 An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint itemtemplate.createtemplate2 allows a low-privilege user to delete arbitrary files on the server's local filesystem. CVE project by @Sn0wAlice Create: 2023-01-19 10:09:27 +0000 UTC Push: 2023-01-19 10:09:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-45922 An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie, without knowing the password. CVE project by @Sn0wAlice Create: 2023-01-19 10:09:23 +0000 UTC Push: 2023-01-19 10:09:26 +0000 UTC |

Live-Hack-CVE/CVE-2021-43113 iTextPDF in iText 7 and up to 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java. CVE project by @Sn0wAlice Create: 2023-01-19 10:09:17 +0000 UTC Push: 2023-01-19 10:09:20 +0000 UTC |

Live-Hack-CVE/CVE-2023-22809 In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 CVE project by @Sn0wAlice Create: 2023-01-19 10:09:12 +0000 UTC Push: 2023-01-19 10:09:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-3085 Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to a stack-based buffer overflow which may allow an attacker to execute arbitrary code. CVE project by @Sn0wAlice Create: 2023-01-19 10:09:08 +0000 UTC Push: 2023-01-19 10:09:11 +0000 UTC |

Live-Hack-CVE/CVE-2017-16274 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authentica CVE project by @Sn0wAlice Create: 2023-01-19 10:09:03 +0000 UTC Push: 2023-01-19 10:09:06 +0000 UTC |

Live-Hack-CVE/CVE-2010-10009 A vulnerability was found in frioux ptome. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is 26829bba67858ca0bd4ce49ad50e7ce653914276. It is recommended to apply a patch to fix this issue. The associated identifier of this vulner CVE project by @Sn0wAlice Create: 2023-01-19 07:58:41 +0000 UTC Push: 2023-01-19 07:58:43 +0000 UTC |

Live-Hack-CVE/CVE-2023-21776 Windows Kernel Information Disclosure Vulnerability. CVE project by @Sn0wAlice Create: 2023-01-19 07:58:37 +0000 UTC Push: 2023-01-19 07:58:40 +0000 UTC |

Live-Hack-CVE/CVE-2007-6601 The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278. CVE project by @Sn0wAlice Create: 2023-01-19 07:58:33 +0000 UTC Push: 2023-01-19 07:58:36 +0000 UTC |

Live-Hack-CVE/CVE-2018-6557 The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. A local attacker could use this issue to cause a denial of service, or possibly escalate privileges if kernel symlink restrictions were disabled. CVE project by @Sn0wAlice Create: 2023-01-19 07:58:26 +0000 UTC Push: 2023-01-19 07:58:28 +0000 UTC |

Live-Hack-CVE/CVE-2021-26409 Insufficient bounds checking in SEV-ES may allow an attacker to corrupt Reverse Map table (RMP) memory, potentially resulting in a loss of SNP (Secure Nested Paging) memory integrity. CVE project by @Sn0wAlice Create: 2023-01-19 07:58:21 +0000 UTC Push: 2023-01-19 07:58:24 +0000 UTC |

Live-Hack-CVE/CVE-2023-21774 Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773. CVE project by @Sn0wAlice Create: 2023-01-19 07:58:15 +0000 UTC Push: 2023-01-19 07:58:18 +0000 UTC |

Live-Hack-CVE/CVE-2023-22945 In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties. CVE project by @Sn0wAlice Create: 2023-01-19 07:58:11 +0000 UTC Push: 2023-01-19 07:58:14 +0000 UTC |

Live-Hack-CVE/CVE-2022-43389 A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device. CVE project by @Sn0wAlice Create: 2023-01-19 07:58:07 +0000 UTC Push: 2023-01-19 07:58:10 +0000 UTC |

Live-Hack-CVE/CVE-2021-26407 A randomly generated Initialization Vector (IV) may lead to a collision of IVs with the same key potentially resulting in information disclosure. CVE project by @Sn0wAlice Create: 2023-01-19 07:58:03 +0000 UTC Push: 2023-01-19 07:58:05 +0000 UTC |

Live-Hack-CVE/CVE-2021-26404 Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure. CVE project by @Sn0wAlice Create: 2023-01-19 07:57:59 +0000 UTC Push: 2023-01-19 07:58:01 +0000 UTC |

Live-Hack-CVE/CVE-2023-21739 Windows Bluetooth Driver Elevation of Privilege Vulnerability. CVE project by @Sn0wAlice Create: 2023-01-19 07:57:56 +0000 UTC Push: 2023-01-19 07:57:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-0290 Rapid7 Velociraptor did not properly sanitize the client ID parameter to the CreateCollection API, allowing a directory traversal in where the collection task could be written. It was possible to provide a client id of "../clients/server" to schedule the collection for the server (as a server artifact), but only requir CVE project by @Sn0wAlice Create: 2023-01-19 07:57:48 +0000 UTC Push: 2023-01-19 07:57:50 +0000 UTC |