Live-Hack-CVE/CVE-2015-10013 A vulnerability was found in WebDevStudios taxonomy-switcher Plugin up to 1.0.3. It has been classified as problematic. Affected is the function taxonomy_switcher_init of the file taxonomy-switcher.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1. CVE project by @Sn0wAlice Create: 2023-01-05 19:31:34 +0000 UTC Push: 2023-01-05 19:31:37 +0000 UTC |

Live-Hack-CVE/CVE-2022-45434 Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could exploit the victim server to launch ICMP request attack to the des CVE project by @Sn0wAlice Create: 2023-01-05 15:12:58 +0000 UTC Push: 2023-01-05 15:13:00 +0000 UTC |

Live-Hack-CVE/CVE-2022-45425 Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability. CVE project by @Sn0wAlice Create: 2023-01-05 15:12:53 +0000 UTC Push: 2023-01-05 15:12:56 +0000 UTC |

Live-Hack-CVE/CVE-2022-45430 Some Dahua software products have a vulnerability of unauthenticated enable or disable SSHD service. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could enable or disable the SSHD service. CVE project by @Sn0wAlice Create: 2023-01-05 15:12:49 +0000 UTC Push: 2023-01-05 15:12:52 +0000 UTC |

Live-Hack-CVE/CVE-2022-45432 Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated search for devices in range of IPs from remote DSS Server. CVE project by @Sn0wAlice Create: 2023-01-05 15:12:45 +0000 UTC Push: 2023-01-05 15:12:48 +0000 UTC |

Live-Hack-CVE/CVE-2022-45431 Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server. CVE project by @Sn0wAlice Create: 2023-01-05 15:12:41 +0000 UTC Push: 2023-01-05 15:12:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-45427 Some Dahua software products have a vulnerability of unrestricted upload of file. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can upload arbitrary files. CVE project by @Sn0wAlice Create: 2023-01-05 15:12:37 +0000 UTC Push: 2023-01-05 15:12:39 +0000 UTC |

Live-Hack-CVE/CVE-2022-45428 Some Dahua software products have a vulnerability of sensitive information leakage. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can obtain the debugging information. CVE project by @Sn0wAlice Create: 2023-01-05 15:12:33 +0000 UTC Push: 2023-01-05 15:12:36 +0000 UTC |

Live-Hack-CVE/CVE-2022-45424 Some Dahua software products have a vulnerability of unauthenticated request of AES crypto key. An attacker can obtain the AES crypto key by sending a specific crafted packet to the vulnerable interface. CVE project by @Sn0wAlice Create: 2023-01-05 15:12:29 +0000 UTC Push: 2023-01-05 15:12:30 +0000 UTC |

Live-Hack-CVE/CVE-2022-45433 Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could get the traceroute results. CVE project by @Sn0wAlice Create: 2023-01-05 15:12:24 +0000 UTC Push: 2023-01-05 15:12:27 +0000 UTC |

Live-Hack-CVE/CVE-2022-45429 Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An Attacker can access internal resources by concatenating links (URL) that conform to specific rules. CVE project by @Sn0wAlice Create: 2023-01-05 15:12:20 +0000 UTC Push: 2023-01-05 15:12:23 +0000 UTC |

Live-Hack-CVE/CVE-2022-2583 A race condition can cause incorrect HTTP request routing. CVE project by @Sn0wAlice Create: 2023-01-05 15:12:15 +0000 UTC Push: 2023-01-05 15:12:18 +0000 UTC |

Live-Hack-CVE/CVE-2022-2582 The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it. CVE project by @Sn0wAlice Create: 2023-01-05 15:12:11 +0000 UTC Push: 2023-01-05 15:12:14 +0000 UTC |

Live-Hack-CVE/CVE-2021-4238 Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions. CVE project by @Sn0wAlice Create: 2023-01-05 15:12:07 +0000 UTC Push: 2023-01-05 15:12:10 +0000 UTC |

Live-Hack-CVE/CVE-2022-46178 MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.1 allow users to upload a file, but do not validate the file name, which may lead to upload file to any path. The vulnerability has been fixed in v2.5 CVE project by @Sn0wAlice Create: 2023-01-05 15:12:02 +0000 UTC Push: 2023-01-05 15:12:05 +0000 UTC |

Live-Hack-CVE/CVE-2022-44137 SourceCodester Sanitization Management System 1.0 is vulnerable to SQL Injection. CVE project by @Sn0wAlice Create: 2023-01-05 15:11:57 +0000 UTC Push: 2023-01-05 15:12:00 +0000 UTC |

Live-Hack-CVE/CVE-2022-45423 Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface (the credentials cannot be directly exploited). CVE project by @Sn0wAlice Create: 2023-01-05 15:11:51 +0000 UTC Push: 2023-01-05 15:11:55 +0000 UTC |

Live-Hack-CVE/CVE-2022-45778 https://www.hillstonenet.com.cn/ Hillstone Firewall SG-6000 <= 5.0.4.0 is vulnerable to Incorrect Access Control. There is a permission bypass vulnerability in the Hillstone WEB application firewall. An attacker can enter the background of the firewall with super administrator privileges through a configuration error i CVE project by @Sn0wAlice Create: 2023-01-05 15:11:47 +0000 UTC Push: 2023-01-05 15:11:50 +0000 UTC |

Live-Hack-CVE/CVE-2021-4236 Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not explicitly use WebSockets CVE project by @Sn0wAlice Create: 2023-01-05 15:11:42 +0000 UTC Push: 2023-01-05 15:11:46 +0000 UTC |

Live-Hack-CVE/CVE-2022-23544 MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in `IssueProxyResourceService::getMdI CVE project by @Sn0wAlice Create: 2023-01-05 15:11:33 +0000 UTC Push: 2023-01-05 15:11:36 +0000 UTC |