unSafe.sh - 不安全

Live-Hack-CVE/CVE-2022-42492 Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's D CVE project by @Sn0wAlice
Create: 2023-02-07 03:42:57 +0800 CST Push: 2023-02-07 03:42:59 +0800 CST |

Live-Hack-CVE/CVE-2022-42490 Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's D CVE project by @Sn0wAlice
Create: 2023-02-07 03:42:54 +0800 CST Push: 2023-02-07 03:42:56 +0800 CST |

Live-Hack-CVE/CVE-2022-41991 A heap-based buffer overflow vulnerability exists in the m2m DELETE_FILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger this vulnerability. CVE project by @Sn0wAlice
Create: 2023-02-07 03:42:50 +0800 CST Push: 2023-02-07 03:42:52 +0800 CST |

Live-Hack-CVE/CVE-2023-23614 Pi-hole®'s Web interface (based off of AdminLTE) provides a central location to manage your Pi-hole. Versions 4.0 and above, prior to 5.18.3 are vulnerable to Insufficient Session Expiration. Improper use of admin WEBPASSWORD hash as "Remember me for 7 days" cookie value makes it possible for an attacker to "pass the h CVE project by @Sn0wAlice
Create: 2023-02-07 03:42:46 +0800 CST Push: 2023-02-07 03:42:49 +0800 CST |

Live-Hack-CVE/CVE-2022-41019 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer ove CVE project by @Sn0wAlice
Create: 2023-02-07 03:42:42 +0800 CST Push: 2023-02-07 03:42:45 +0800 CST |

Live-Hack-CVE/CVE-2022-42491 Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's M CVE project by @Sn0wAlice
Create: 2023-02-07 03:42:39 +0800 CST Push: 2023-02-07 03:42:41 +0800 CST |

Live-Hack-CVE/CVE-2022-41154 A directory traversal vulnerability exists in the m2m DELETE_FILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary file deletion. An attacker can send a network request to trigger this vulnerability. CVE project by @Sn0wAlice
Create: 2023-02-07 03:42:35 +0800 CST Push: 2023-02-07 03:42:37 +0800 CST |

Live-Hack-CVE/CVE-2022-41030 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer ove CVE project by @Sn0wAlice
Create: 2023-02-07 03:42:32 +0800 CST Push: 2023-02-07 03:42:34 +0800 CST |

Live-Hack-CVE/CVE-2022-4335 A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect to a local host. CVE project by @Sn0wAlice
Create: 2023-02-07 03:42:21 +0800 CST Push: 2023-02-07 03:42:24 +0800 CST |

Live-Hack-CVE/CVE-2023-0356 SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encryption for credentials on HTTP connections, which could result in threat actors obtaining sensitive information. CVE project by @Sn0wAlice
Create: 2023-02-07 03:42:18 +0800 CST Push: 2023-02-07 03:42:20 +0800 CST |

Live-Hack-CVE/CVE-2023-22240 Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim CVE project by @Sn0wAlice
Create: 2023-02-07 03:42:14 +0800 CST Push: 2023-02-07 03:42:16 +0800 CST |

Live-Hack-CVE/CVE-2023-22241 Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim CVE project by @Sn0wAlice
Create: 2023-02-07 03:42:10 +0800 CST Push: 2023-02-07 03:42:12 +0800 CST |

Live-Hack-CVE/CVE-2023-22242 Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim CVE project by @Sn0wAlice
Create: 2023-02-07 03:42:07 +0800 CST Push: 2023-02-07 03:42:09 +0800 CST |

Live-Hack-CVE/CVE-2023-24495 A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly. CVE project by @Sn0wAlice
Create: 2023-02-07 03:42:03 +0800 CST Push: 2023-02-07 03:42:05 +0800 CST |

Live-Hack-CVE/CVE-2021-41143 OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the server. Versions 19.4.22 and 20.0.19 contain a patch for this issue. CVE project by @Sn0wAlice
Create: 2023-02-07 03:41:59 +0800 CST Push: 2023-02-07 03:42:02 +0800 CST |

Live-Hack-CVE/CVE-2021-41144 OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue. CVE project by @Sn0wAlice
Create: 2023-02-07 03:41:55 +0800 CST Push: 2023-02-07 03:41:57 +0800 CST |

Live-Hack-CVE/CVE-2021-41231 OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile. Versions 19.4.22 and 20.0.19 contain a patch for this issue. CVE project by @Sn0wAlice
Create: 2023-02-07 03:41:50 +0800 CST Push: 2023-02-07 03:41:52 +0800 CST |

Live-Hack-CVE/CVE-2023-24276 TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the country parameter at setting/delStaticDhcpRules. CVE project by @Sn0wAlice
Create: 2023-02-07 01:31:37 +0800 CST Push: 2023-02-07 01:31:39 +0800 CST |

Live-Hack-CVE/CVE-2023-24202 Raffle Draw System v1.0 was discovered to contain a local file inclusion vulnerability via the page parameter in index.php. CVE project by @Sn0wAlice
Create: 2023-02-07 01:31:33 +0800 CST Push: 2023-02-07 01:31:36 +0800 CST |

Live-Hack-CVE/CVE-2023-24201 Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at get_ticket.php. CVE project by @Sn0wAlice
Create: 2023-02-07 01:31:29 +0800 CST Push: 2023-02-07 01:31:32 +0800 CST |