Live-Hack-CVE/CVE-2023-22734 Shopware is an open source commerce platform based on Symfony Framework and Vue js. The newsletter double opt-in validation was not checked properly, and it was possible to skip the complete double opt in process. As a result operators may have inconsistencies in their newsletter systems. This problem has been fixed wi CVE project by @Sn0wAlice Create: 2023-01-18 07:39:46 +0000 UTC Push: 2023-01-18 07:39:48 +0000 UTC |

Live-Hack-CVE/CVE-2023-22733 Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions the log module would write out all kind of sent mails. An attacker with access to either the local system logs or a centralized logging store may have access to other users accounts. This issue has been addressed in CVE project by @Sn0wAlice Create: 2023-01-18 07:39:42 +0000 UTC Push: 2023-01-18 07:39:44 +0000 UTC |

Live-Hack-CVE/CVE-2023-22732 Shopware is an open source commerce platform based on Symfony Framework and Vue js. The Administration session expiration was set to one week, when an attacker has stolen the session cookie they could use it for a long period of time. In version 6.4.18.1 an automatic logout into the Administration session has been adde CVE project by @Sn0wAlice Create: 2023-01-18 07:39:37 +0000 UTC Push: 2023-01-18 07:39:40 +0000 UTC |

Live-Hack-CVE/CVE-2023-22731 Shopware is an open source commerce platform based on Symfony Framework and Vue js. In a Twig environment **without the Sandbox extension**, it is possible to refer to PHP functions in twig filters like `map`, `filter`, `sort`. This allows a template to call any global PHP function and thus execute arbitrary code. The CVE project by @Sn0wAlice Create: 2023-01-18 07:39:33 +0000 UTC Push: 2023-01-18 07:39:36 +0000 UTC |

Live-Hack-CVE/CVE-2023-22730 Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions It was possible to put the same line item multiple times in the cart using the AP. The Cart Validators checked the line item's individuality and the user was able to bypass quantity limits in sales. This problem has CVE project by @Sn0wAlice Create: 2023-01-18 07:39:29 +0000 UTC Push: 2023-01-18 07:39:32 +0000 UTC |

Live-Hack-CVE/CVE-2022-41953 Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it, among other things runn CVE project by @Sn0wAlice Create: 2023-01-18 07:39:24 +0000 UTC Push: 2023-01-18 07:39:27 +0000 UTC |

Live-Hack-CVE/CVE-2021-32837 mechanize, a library for automatically interacting with HTTP web servers, contains a regular expression that is vulnerable to regular expression denial of service (ReDoS) prior to version 0.4.6. If a web server responds in a malicious way, then mechanize could crash. Version 0.4.6 has a patch for the issue. CVE project by @Sn0wAlice Create: 2023-01-18 07:39:20 +0000 UTC Push: 2023-01-18 07:39:23 +0000 UTC |

horizon3ai/CVE-2022-47966 POC for CVE-2022-47966 affecting multiple ManageEngine products Create: 2023-01-18 05:26:28 +0000 UTC Push: 2023-01-19 21:10:07 +0000 UTC |

Live-Hack-CVE/CVE-2006-20001 A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. CVE project by @Sn0wAlice Create: 2023-01-18 05:26:19 +0000 UTC Push: 2023-01-18 05:26:22 +0000 UTC |

Live-Hack-CVE/CVE-2023-23749 The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. An attacker can manipulate this paramter to dump arbitrary contents form the LDAP Database. CVE project by @Sn0wAlice Create: 2023-01-18 05:26:15 +0000 UTC Push: 2023-01-18 05:26:18 +0000 UTC |

Live-Hack-CVE/CVE-2023-22624 Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks. CVE project by @Sn0wAlice Create: 2023-01-18 05:26:10 +0000 UTC Push: 2023-01-18 05:26:14 +0000 UTC |

Live-Hack-CVE/CVE-2022-4891 A vulnerability has been found in Sisimai up to 4.25.14p11 and classified as problematic. This vulnerability affects the function to_plain of the file lib/sisimai/string.rb. The manipulation leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be used. Upgrading to ve CVE project by @Sn0wAlice Create: 2023-01-18 05:26:06 +0000 UTC Push: 2023-01-18 05:26:09 +0000 UTC |

Live-Hack-CVE/CVE-2022-37436 Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client. CVE project by @Sn0wAlice Create: 2023-01-18 05:26:01 +0000 UTC Push: 2023-01-18 05:26:05 +0000 UTC |

Live-Hack-CVE/CVE-2022-36760 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions. CVE project by @Sn0wAlice Create: 2023-01-18 05:25:57 +0000 UTC Push: 2023-01-18 05:25:59 +0000 UTC |

Live-Hack-CVE/CVE-2023-21680 Windows Win32k Elevation of Privilege Vulnerability. CVE project by @Sn0wAlice Create: 2023-01-18 05:25:53 +0000 UTC Push: 2023-01-18 05:25:56 +0000 UTC |

Live-Hack-CVE/CVE-2023-21681 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. CVE project by @Sn0wAlice Create: 2023-01-18 05:25:48 +0000 UTC Push: 2023-01-18 05:25:51 +0000 UTC |

Live-Hack-CVE/CVE-2022-0614 Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2. CVE project by @Sn0wAlice Create: 2023-01-18 05:25:43 +0000 UTC Push: 2023-01-18 05:25:47 +0000 UTC |

Live-Hack-CVE/CVE-2022-1201 NULL Pointer Dereference in mrb_vm_exec with super in GitHub repository mruby/mruby prior to 3.2. This vulnerability is capable of making the mruby interpreter crash, thus affecting the availability of the system. CVE project by @Sn0wAlice Create: 2023-01-18 05:25:39 +0000 UTC Push: 2023-01-18 05:25:42 +0000 UTC |

Live-Hack-CVE/CVE-2022-1427 Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3.2. # Impact: Possible arbitrary code execution if being exploited. CVE project by @Sn0wAlice Create: 2023-01-18 05:25:34 +0000 UTC Push: 2023-01-18 05:25:38 +0000 UTC |

bryanster/ioc-cve-2022-42475 Create: 2023-01-18 04:11:04 +0000 UTC Push: 2023-01-18 04:11:06 +0000 UTC |