Live-Hack-CVE/CVE-2019-9579 An issue was discovered in Illumos in Nexenta NexentaStor 4.0.5 and 5.1.2, and other products. The SMB server allows an attacker to have unintended access, e.g., an attacker with WRITE_XATTR can change permissions. This occurs because of a combination of three factors: ZFS extended attributes are used to implement NT n CVE project by @Sn0wAlice Create: 2022-12-27 16:35:20 +0000 UTC Push: 2022-12-27 16:35:22 +0000 UTC |

Live-Hack-CVE/CVE-2019-9011 In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), an attacker can identify valid usernames. CVE project by @Sn0wAlice Create: 2022-12-27 16:35:17 +0000 UTC Push: 2022-12-27 16:35:19 +0000 UTC |

Live-Hack-CVE/CVE-2019-19705 Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 Carbon 20A7, 20A8, 20BS, and 20BT before 6.0.8882.1 and 20KH and 20KG before 6.0.8907.1 (and on many other Lenovo and non-Lenovo products), mishandles DLL preloading. CVE project by @Sn0wAlice Create: 2022-12-27 16:35:13 +0000 UTC Push: 2022-12-27 16:35:16 +0000 UTC |

Live-Hack-CVE/CVE-2019-18177 In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update. CVE project by @Sn0wAlice Create: 2022-12-27 16:35:10 +0000 UTC Push: 2022-12-27 16:35:12 +0000 UTC |

Live-Hack-CVE/CVE-2019-14802 HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintended environment variables to the rendering task during template rendering, aka GHSA-6hv3-7c34-4hx8. This applies to nomad/client/allocrunner/taskrunner/template. CVE project by @Sn0wAlice Create: 2022-12-27 16:35:06 +0000 UTC Push: 2022-12-27 16:35:09 +0000 UTC |

Live-Hack-CVE/CVE-2019-13988 Sierra Wireless MGOS before 3.15.2 and 4.x before 4.3 allows attackers to read log files via a Direct Request (aka Forced Browsing). CVE project by @Sn0wAlice Create: 2022-12-27 16:35:03 +0000 UTC Push: 2022-12-27 16:35:05 +0000 UTC |

Live-Hack-CVE/CVE-2022-36664 Password Manager for IIS 2.0 has a cross-site scripting (XSS) vulnerability via the /isapi/PasswordManager.dll ResultURL parameter. CVE project by @Sn0wAlice Create: 2022-12-27 16:34:58 +0000 UTC Push: 2022-12-27 16:35:01 +0000 UTC |

Live-Hack-CVE/CVE-2020-28191 The console in Togglz before 2.9.4 allows CSRF. CVE project by @Sn0wAlice Create: 2022-12-27 16:34:55 +0000 UTC Push: 2022-12-27 16:34:57 +0000 UTC |

Live-Hack-CVE/CVE-2020-24600 Shilpi CAPExWeb 1.1 allows SQL injection via a servlet/capexweb.cap_sendMail GET request. CVE project by @Sn0wAlice Create: 2022-12-27 16:34:51 +0000 UTC Push: 2022-12-27 16:34:54 +0000 UTC |

Live-Hack-CVE/CVE-2019-19030 Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal (via the HTTP status code) whether a resource exists. CVE project by @Sn0wAlice Create: 2022-12-27 16:34:49 +0000 UTC Push: 2022-12-27 16:34:49 +0000 UTC |

Live-Hack-CVE/CVE-2019-11851 The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x through 4.9.x before 4.9.5, and 4.10.x through 4.13.x before 4.14.0 allows remote attackers to execute arbitrary code via a buffer overflow. CVE project by @Sn0wAlice Create: 2022-12-27 16:34:42 +0000 UTC Push: 2022-12-27 16:34:44 +0000 UTC |

Live-Hack-CVE/CVE-2018-16135 The Opera Mini application 47.1.2249.129326 for Android allows remote attackers to spoof the Location Permission dialog via a crafted web site. CVE project by @Sn0wAlice Create: 2022-12-27 16:34:38 +0000 UTC Push: 2022-12-27 16:34:40 +0000 UTC |

Live-Hack-CVE/CVE-2020-10650 A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and org.quartz.utils.JNDIConnectionProvider CVE project by @Sn0wAlice Create: 2022-12-27 16:34:07 +0000 UTC Push: 2022-12-27 16:34:09 +0000 UTC |

Live-Hack-CVE/CVE-2022-46764 A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution. CVE project by @Sn0wAlice Create: 2022-12-27 16:33:34 +0000 UTC Push: 2022-12-27 16:33:37 +0000 UTC |

Live-Hack-CVE/CVE-2022-46763 A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 allows a low-privileged database user to execute arbitrary SQL commands as the database administrator, resulting in execution of arbitrary code. By @Sn0wAlice Create: 2022-12-27 16:11:44 +0000 UTC Push: 2022-12-27 16:11:46 +0000 UTC |

ohnonoyesyes/CVE-2022-43571 Create: 2022-12-27 16:00:44 +0000 UTC Push: 2022-12-27 16:00:45 +0000 UTC |

bdunlap9/CVE-2007-2447_python Exploit i used in HTB Create: 2022-12-27 13:18:44 +0000 UTC Push: 2022-12-27 13:18:44 +0000 UTC |

Live-Hack-CVE/CVE-2019-12257 This repository contains a collection of data files on known Common Vulnerabilities and Exposures (CVEs). Each file is in JSON format and contains detailed information about the vulnerability, such as its reference number, description, impact, and resolution. CVE: CVE-2019-12257 Made by Sn0wAlice. ❤️ Create: 2022-12-27 01:48:53 +0000 UTC Push: 2022-12-27 01:48:55 +0000 UTC |

Live-Hack-CVE/CVE-2018-0732 This repository contains a collection of data files on known Common Vulnerabilities and Exposures (CVEs). Each file is in JSON format and contains detailed information about the vulnerability, such as its reference number, description, impact, and resolution. CVE: CVE-2018-0732 Made by Sn0wAlice. ❤️ Create: 2022-12-27 01:48:49 +0000 UTC Push: 2022-12-27 01:48:51 +0000 UTC |

Live-Hack-CVE/CVE-2019-12256 This repository contains a collection of data files on known Common Vulnerabilities and Exposures (CVEs). Each file is in JSON format and contains detailed information about the vulnerability, such as its reference number, description, impact, and resolution. CVE: CVE-2019-12256 Made by Sn0wAlice. ❤️ Create: 2022-12-27 01:48:46 +0000 UTC Push: 2022-12-27 01:48:48 +0000 UTC |