Live-Hack-CVE/CVE-2023-0290 Rapid7 Velociraptor did not properly sanitize the client ID parameter to the CreateCollection API, allowing a directory traversal in where the collection task could be written. It was possible to provide a client id of "../clients/server" to schedule the collection for the server (as a server artifact), but only requir CVE project by @Sn0wAlice Create: 2023-01-19 07:57:48 +0000 UTC Push: 2023-01-19 07:57:50 +0000 UTC |

Live-Hack-CVE/CVE-2023-0164 OrangeScrum version 2.0.11 allows an authenticated external attacker to execute arbitrary commands on the server. This is possible because the application injects an attacker-controlled parameter into a system function. CVE project by @Sn0wAlice Create: 2023-01-19 07:57:44 +0000 UTC Push: 2023-01-19 07:57:46 +0000 UTC |

Live-Hack-CVE/CVE-2022-4235 RushBet version 2022.23.1-b490616d allows a remote attacker to steal customer accounts via use of a malicious application. This is possible because the application exposes an activity and does not properly validate the data it receives. CVE project by @Sn0wAlice Create: 2023-01-19 07:57:39 +0000 UTC Push: 2023-01-19 07:57:42 +0000 UTC |

Live-Hack-CVE/CVE-2022-45927 An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code. CVE project by @Sn0wAlice Create: 2023-01-19 07:57:36 +0000 UTC Push: 2023-01-19 07:57:38 +0000 UTC |

Live-Hack-CVE/CVE-2022-45923 An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Common Gateway Interface (CGI) program cs.exe allows an attacker to increase/decrease an arbitrary memory address by 1 and trigger a call to a method of a vftable with a vftable pointer value chosen by the attacker. CVE project by @Sn0wAlice Create: 2023-01-19 07:57:32 +0000 UTC Push: 2023-01-19 07:57:35 +0000 UTC |

Live-Hack-CVE/CVE-2023-21606 Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim CVE project by @Sn0wAlice Create: 2023-01-19 05:45:07 +0000 UTC Push: 2023-01-19 05:45:09 +0000 UTC |

Live-Hack-CVE/CVE-2023-21605 Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a CVE project by @Sn0wAlice Create: 2023-01-19 05:45:02 +0000 UTC Push: 2023-01-19 05:45:05 +0000 UTC |

Live-Hack-CVE/CVE-2023-0040 Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted data into HTTP header fi CVE project by @Sn0wAlice Create: 2023-01-19 05:44:58 +0000 UTC Push: 2023-01-19 05:45:01 +0000 UTC |

Live-Hack-CVE/CVE-2023-21747 Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774. CVE project by @Sn0wAlice Create: 2023-01-19 05:44:53 +0000 UTC Push: 2023-01-19 05:44:55 +0000 UTC |

Live-Hack-CVE/CVE-2023-21746 Windows NTLM Elevation of Privilege Vulnerability. CVE project by @Sn0wAlice Create: 2023-01-19 05:44:49 +0000 UTC Push: 2023-01-19 05:44:51 +0000 UTC |

Live-Hack-CVE/CVE-2023-21749 Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21748, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774. CVE project by @Sn0wAlice Create: 2023-01-19 05:44:44 +0000 UTC Push: 2023-01-19 05:44:47 +0000 UTC |

Live-Hack-CVE/CVE-2023-21750 Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774. CVE project by @Sn0wAlice Create: 2023-01-19 05:44:40 +0000 UTC Push: 2023-01-19 05:44:43 +0000 UTC |

Live-Hack-CVE/CVE-2023-21748 Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21749, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774. CVE project by @Sn0wAlice Create: 2023-01-19 05:44:36 +0000 UTC Push: 2023-01-19 05:44:39 +0000 UTC |

Live-Hack-CVE/CVE-2023-21754 Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774. CVE project by @Sn0wAlice Create: 2023-01-19 05:44:32 +0000 UTC Push: 2023-01-19 05:44:35 +0000 UTC |

Live-Hack-CVE/CVE-2021-46779 Insufficient input validation in SVC_ECC_PRIMITIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential loss of integrity and availability. CVE project by @Sn0wAlice Create: 2023-01-19 05:44:26 +0000 UTC Push: 2023-01-19 05:44:28 +0000 UTC |

Live-Hack-CVE/CVE-2022-48252 The jokob-sk/Pi.Alert fork (before 22.12.20) of Pi.Alert allows Remote Code Execution via nmap_scan.php (scan parameter) OS Command Injection. CVE project by @Sn0wAlice Create: 2023-01-19 05:44:22 +0000 UTC Push: 2023-01-19 05:44:24 +0000 UTC |

Live-Hack-CVE/CVE-2023-21773 Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21774. CVE project by @Sn0wAlice Create: 2023-01-19 03:35:14 +0000 UTC Push: 2023-01-19 03:35:18 +0000 UTC |

Live-Hack-CVE/CVE-2022-42271 NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution CVE project by @Sn0wAlice Create: 2023-01-19 03:35:10 +0000 UTC Push: 2023-01-19 03:35:13 +0000 UTC |

Live-Hack-CVE/CVE-2015-10037 A vulnerability, which was classified as critical, was found in ACI_Escola. This affects an unknown part. The manipulation leads to sql injection. The name of the patch is 34eed1f7b9295d1424912f79989d8aba5de41e9f. It is recommended to apply a patch to fix this issue. The identifier VDB-217965 was assigned to this vulne CVE project by @Sn0wAlice Create: 2023-01-19 03:35:05 +0000 UTC Push: 2023-01-19 03:35:09 +0000 UTC |

Live-Hack-CVE/CVE-2015-10036 A vulnerability was found in kylebebak dronfelipe. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The name of the patch is 87405b74fe651892d79d0dff62ed17a7eaef6a60. It is recommended to apply a patch to fix this issue. The associate CVE project by @Sn0wAlice Create: 2023-01-19 03:35:01 +0000 UTC Push: 2023-01-19 03:35:03 +0000 UTC |