Live-Hack-CVE/CVE-2022-34460 Prior Dell BIOS versions contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. CVE project by @Sn0wAlice Create: 2023-01-18 19:52:29 +0000 UTC Push: 2023-01-18 19:52:31 +0000 UTC |

Live-Hack-CVE/CVE-2022-34456 Dell EMC Metro node, Version(s) prior to 7.1, contain a Code Injection Vulnerability. An authenticated nonprivileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application. CVE project by @Sn0wAlice Create: 2023-01-18 19:52:25 +0000 UTC Push: 2023-01-18 19:52:28 +0000 UTC |

Live-Hack-CVE/CVE-2022-34401 Dell BIOS contains a stack based buffer overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter in order to gain arbitrary code execution in SMRAM. CVE project by @Sn0wAlice Create: 2023-01-18 19:52:21 +0000 UTC Push: 2023-01-18 19:52:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-34393 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. CVE project by @Sn0wAlice Create: 2023-01-18 19:52:17 +0000 UTC Push: 2023-01-18 19:52:19 +0000 UTC |

Live-Hack-CVE/CVE-2022-32490 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. CVE project by @Sn0wAlice Create: 2023-01-18 19:52:12 +0000 UTC Push: 2023-01-18 19:52:15 +0000 UTC |

Live-Hack-CVE/CVE-2010-10007 ** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in lierdakil click-reminder. It has been rated as critical. This issue affects the function db_query of the file src/backend/include/BaseAction.php. The manipulation leads to sql injection. The name of the patch is 41213b660e8eb01 CVE project by @Sn0wAlice Create: 2023-01-18 19:52:08 +0000 UTC Push: 2023-01-18 19:52:11 +0000 UTC |

Live-Hack-CVE/CVE-2022-34462 Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin privileges. CVE project by @Sn0wAlice Create: 2023-01-18 19:52:03 +0000 UTC Push: 2023-01-18 19:52:07 +0000 UTC |

Live-Hack-CVE/CVE-2022-34442 Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges. CVE project by @Sn0wAlice Create: 2023-01-18 19:51:59 +0000 UTC Push: 2023-01-18 19:52:02 +0000 UTC |

Live-Hack-CVE/CVE-2020-36654 A vulnerability classified as problematic has been found in GENI Portal. This affects the function no_invocation_id_error of the file portal/www/portal/sliceresource.php. The manipulation of the argument invocation_id/invocation_user leads to cross site scripting. It is possible to initiate the attack remotely. The nam CVE project by @Sn0wAlice Create: 2023-01-18 19:51:54 +0000 UTC Push: 2023-01-18 19:51:57 +0000 UTC |

Live-Hack-CVE/CVE-2020-36653 A vulnerability was found in GENI Portal. It has been rated as problematic. Affected by this issue is some unknown functionality of the file portal/www/portal/error-text.php. The manipulation of the argument error leads to cross site scripting. The attack may be launched remotely. The name of the patch is c2356cc412605 CVE project by @Sn0wAlice Create: 2023-01-18 19:51:50 +0000 UTC Push: 2023-01-18 19:51:53 +0000 UTC |

Live-Hack-CVE/CVE-2015-10068 A vulnerability classified as critical was found in danynab movify-j. This vulnerability affects the function getByMovieId of the file app/business/impl/ReviewServiceImpl.java. The manipulation of the argument movieId/username leads to sql injection. The name of the patch is c3085e01936a4d7eff1eda3093f25d56cc4d2ec5. It CVE project by @Sn0wAlice Create: 2023-01-18 19:51:46 +0000 UTC Push: 2023-01-18 19:51:49 +0000 UTC |

Live-Hack-CVE/CVE-2023-0122 A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmet_setup_auth(), allows an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4. CVE project by @Sn0wAlice Create: 2023-01-18 19:51:42 +0000 UTC Push: 2023-01-18 19:51:45 +0000 UTC |

jfrog/git-crasher-poc-cve-2022-23521 Create: 2023-01-18 18:27:34 +0000 UTC Push: 2023-01-18 18:27:35 +0000 UTC |

lanqingaa/CVE-2022-46463 Create: 2023-01-18 15:34:58 +0000 UTC Push: 2023-01-18 15:34:58 +0000 UTC |

Live-Hack-CVE/CVE-2022-47911 Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input module name to the backup services of the software. This could allow a remote attacker to access sensitive functions of the application and execute arbitrary system commands. CVE project by @Sn0wAlice Create: 2023-01-18 14:23:03 +0000 UTC Push: 2023-01-18 14:23:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-47395 Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site request forgery in its monitor services. An attacker could take advantage of this vulnerability to execute arbitrary maintenance operations and cause a denial-of-service condition. CVE project by @Sn0wAlice Create: 2023-01-18 14:22:59 +0000 UTC Push: 2023-01-18 14:23:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-46733 Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site scripting in its backup services. An attacker could take advantage of this vulnerability to execute arbitrary commands. CVE project by @Sn0wAlice Create: 2023-01-18 14:22:55 +0000 UTC Push: 2023-01-18 14:22:58 +0000 UTC |

Live-Hack-CVE/CVE-2022-45444 Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 contains hard-coded passwords for select users in the application’s database. This could allow a remote attacker to login to the database with unrestricted access. CVE project by @Sn0wAlice Create: 2023-01-18 14:22:50 +0000 UTC Push: 2023-01-18 14:22:53 +0000 UTC |

Live-Hack-CVE/CVE-2022-45127 Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site request forgery in its backup services. An attacker could take advantage of this vulnerability to execute arbitrary backup operations and cause a denial-of-service condition. CVE project by @Sn0wAlice Create: 2023-01-18 14:22:46 +0000 UTC Push: 2023-01-18 14:22:48 +0000 UTC |

Live-Hack-CVE/CVE-2022-43483 Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input module name to the monitor services of the software. This could allow a remote attacker to access sensitive functions of the application and execute arbitrary system commands. CVE project by @Sn0wAlice Create: 2023-01-18 14:22:43 +0000 UTC Push: 2023-01-18 14:22:45 +0000 UTC |