Live-Hack-CVE/CVE-2022-29404 In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. CVE project by @Sn0wAlice Create: 2022-12-30 11:59:01 +0000 UTC Push: 2022-12-30 11:59:03 +0000 UTC |

Live-Hack-CVE/CVE-2022-21208 The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sendi CVE project by @Sn0wAlice Create: 2022-12-30 11:17:22 +0000 UTC Push: 2022-12-30 11:17:24 +0000 UTC |

Nexolanta/log4j2_CVE-2021-44228 Create: 2022-12-30 10:46:33 +0000 UTC Push: 2022-12-30 10:46:48 +0000 UTC |

Nexolanta/log4j2-CVE-2021-44228- Create: 2022-12-30 10:41:47 +0000 UTC Push: 2022-12-30 10:44:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-36715 Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/search.php. CVE project by @Sn0wAlice Create: 2022-12-30 10:35:22 +0000 UTC Push: 2022-12-30 10:35:24 +0000 UTC |

Live-Hack-CVE/CVE-2004-0686 Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors. CVE project by @Sn0wAlice Create: 2022-12-30 09:53:39 +0000 UTC Push: 2022-12-30 09:53:41 +0000 UTC |

Live-Hack-CVE/CVE-2021-23173 The affected product is vulnerable to an improper access control, which may allow an authenticated user to gain unauthorized access to sensitive data. CVE project by @Sn0wAlice Create: 2022-12-30 09:12:01 +0000 UTC Push: 2022-12-30 09:12:04 +0000 UTC |

Live-Hack-CVE/CVE-2022-36748 PicUploader v2.6.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /master/index.php. CVE project by @Sn0wAlice Create: 2022-12-30 08:30:22 +0000 UTC Push: 2022-12-30 08:30:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-23675 A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. CVE project by @Sn0wAlice Create: 2022-12-30 07:48:43 +0000 UTC Push: 2022-12-30 07:48:45 +0000 UTC |

Live-Hack-CVE/CVE-2022-2895 Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. These controls may allow two stack-based buffer overflow instances while processing a specific project file. CVE project by @Sn0wAlice Create: 2022-12-30 07:06:39 +0000 UTC Push: 2022-12-30 07:06:41 +0000 UTC |

Live-Hack-CVE/CVE-2022-2003 AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06 CVE project by @Sn0wAlice Create: 2022-12-30 06:24:55 +0000 UTC Push: 2022-12-30 06:24:57 +0000 UTC |

Live-Hack-CVE/CVE-2015-4866 Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. CVE project by @Sn0wAlice Create: 2022-12-30 05:43:18 +0000 UTC Push: 2022-12-30 05:43:20 +0000 UTC |

Live-Hack-CVE/CVE-2021-46378 DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download. CVE project by @Sn0wAlice Create: 2022-12-30 05:01:10 +0000 UTC Push: 2022-12-30 05:01:13 +0000 UTC |

Live-Hack-CVE/CVE-2020-9281 A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax). CVE project by @Sn0wAlice Create: 2022-12-30 04:19:48 +0000 UTC Push: 2022-12-30 04:19:50 +0000 UTC |

Live-Hack-CVE/CVE-2022-38274 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/comment/list. CVE project by @Sn0wAlice Create: 2022-12-30 03:37:55 +0000 UTC Push: 2022-12-30 03:37:58 +0000 UTC |

Live-Hack-CVE/CVE-2022-37796 In Simple Online Book Store System 1.0 in /admin_book.php the Title, Author, and Description parameters are vulnerable to Cross Site Scripting(XSS). CVE project by @Sn0wAlice Create: 2022-12-30 02:56:04 +0000 UTC Push: 2022-12-30 02:56:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-35832 Windows Event Tracing Denial of Service Vulnerability. CVE project by @Sn0wAlice Create: 2022-12-30 02:14:36 +0000 UTC Push: 2022-12-30 02:14:38 +0000 UTC |

Live-Hack-CVE/CVE-2022-40663 This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TI CVE project by @Sn0wAlice Create: 2022-12-30 01:33:20 +0000 UTC Push: 2022-12-30 01:33:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-25688 Memory corruption in video due to buffer overflow while parsing ps video clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables CVE project by @Sn0wAlice Create: 2022-12-30 00:51:22 +0000 UTC Push: 2022-12-30 00:51:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-30675 Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a vict CVE project by @Sn0wAlice Create: 2022-12-30 00:09:21 +0000 UTC Push: 2022-12-30 00:09:23 +0000 UTC |