unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Search
Rss
黑夜模式
增加标签
Tags (allow clear + 0 threshold)
Choose a tag...
Please select a valid tag.
Live-Hack-CVE/CVE-2010-3709
The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive. CVE project by @Sn0wAlice
Create: 2023-01-20 01:40:03 +0000 UTC Push: 2023-01-20 01:40:05 +0000 UTC |
Live-Hack-CVE/CVE-2012-4388
The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction betw CVE project by @Sn0wAlice
Create: 2023-01-20 01:39:59 +0000 UTC Push: 2023-01-20 01:40:01 +0000 UTC |
Live-Hack-CVE/CVE-2014-3981
acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. CVE project by @Sn0wAlice
Create: 2023-01-20 01:39:55 +0000 UTC Push: 2023-01-20 01:39:57 +0000 UTC |
Live-Hack-CVE/CVE-2014-3538
file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-20 CVE project by @Sn0wAlice
Create: 2023-01-20 01:39:50 +0000 UTC Push: 2023-01-20 01:39:53 +0000 UTC |
Live-Hack-CVE/CVE-2014-4698
Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments. CVE project by @Sn0wAlice
Create: 2023-01-20 01:39:46 +0000 UTC Push: 2023-01-20 01:39:49 +0000 UTC |
Live-Hack-CVE/CVE-2009-2687
The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353. CVE project by @Sn0wAlice
Create: 2023-01-20 01:39:42 +0000 UTC Push: 2023-01-20 01:39:45 +0000 UTC |
Live-Hack-CVE/CVE-2015-2326
The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/". CVE project by @Sn0wAlice
Create: 2023-01-20 01:39:38 +0000 UTC Push: 2023-01-20 01:39:41 +0000 UTC |
Live-Hack-CVE/CVE-2010-2531
The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion. CVE project by @Sn0wAlice
Create: 2023-01-20 01:39:34 +0000 UTC Push: 2023-01-20 01:39:37 +0000 UTC |
Live-Hack-CVE/CVE-2011-1471
Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls. CVE project by @Sn0wAlice
Create: 2023-01-20 01:39:30 +0000 UTC Push: 2023-01-20 01:39:33 +0000 UTC |
Live-Hack-CVE/CVE-2022-47105
Jeecg-boot v3.4.4 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData. CVE project by @Sn0wAlice
Create: 2023-01-20 01:39:24 +0000 UTC Push: 2023-01-20 01:39:26 +0000 UTC |
Live-Hack-CVE/CVE-2023-0404
The Events Made Easy plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions related to AJAX actions in versions up to, and including, 2.3.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those functi CVE project by @Sn0wAlice
Create: 2023-01-20 01:39:20 +0000 UTC Push: 2023-01-20 01:39:22 +0000 UTC |
Live-Hack-CVE/CVE-2023-0403
The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.0. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers to delete post meta information and reset network access tokens, CVE project by @Sn0wAlice
Create: 2023-01-20 01:39:15 +0000 UTC Push: 2023-01-20 01:39:18 +0000 UTC |
Live-Hack-CVE/CVE-2023-0402
The Social Warfare plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several AJAX actions in versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete post meta information and reset netw CVE project by @Sn0wAlice
Create: 2023-01-20 01:39:11 +0000 UTC Push: 2023-01-20 01:39:13 +0000 UTC |
Live-Hack-CVE/CVE-2020-36649
A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Affected is an unknown function of the file papaparse.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 5.2.0 is able to address this issue. The name of the patch is 235a12758cd77 CVE project by @Sn0wAlice
Create: 2023-01-20 00:30:27 +0000 UTC Push: 2023-01-20 00:30:30 +0000 UTC |
Live-Hack-CVE/CVE-2018-25074
A vulnerability was found in Prestaul skeemas and classified as problematic. This issue affects some unknown processing of the file validators/base.js. The manipulation of the argument uri leads to inefficient regular expression complexity. The name of the patch is 65e94eda62dc8dc148ab3e59aa2ccc086ac448fd. It is recomm CVE project by @Sn0wAlice
Create: 2023-01-20 00:30:22 +0000 UTC Push: 2023-01-20 00:30:26 +0000 UTC |
Live-Hack-CVE/CVE-2017-20168
A vulnerability was found in jfm-so piWallet. It has been rated as critical. Affected by this issue is some unknown functionality of the file api.php. The manipulation of the argument key leads to sql injection. The name of the patch is b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb. It is recommended to apply a patch to fix CVE project by @Sn0wAlice
Create: 2023-01-20 00:30:18 +0000 UTC Push: 2023-01-20 00:30:21 +0000 UTC |
Live-Hack-CVE/CVE-2021-37774
An issue was discovered in function httpProcDataSrv in TL-WDR7660 2.0.30 that allows attackers to execute arbitrary code. CVE project by @Sn0wAlice
Create: 2023-01-20 00:30:01 +0000 UTC Push: 2023-01-20 00:30:04 +0000 UTC |
Live-Hack-CVE/CVE-2014-125074
A vulnerability was found in Nayshlok Voyager. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Voyager/src/models/DatabaseAccess.java. The manipulation leads to sql injection. The name of the patch is f1249f438cd8c39e7ef2f6c8f2ab76b239a02fae. It is recommended to CVE project by @Sn0wAlice
Create: 2023-01-20 00:29:57 +0000 UTC Push: 2023-01-20 00:30:00 +0000 UTC |
p33d/CVE-2022-47966
Multiple Zoho ManageEngine on-premise products
Create: 2023-01-20 00:06:56 +0000 UTC Push: 2023-01-20 00:06:56 +0000 UTC |
MONK-MODE/CVE-2023-XXXX
Create: 2023-01-19 22:02:38 +0000 UTC Push: 2023-01-19 22:02:39 +0000 UTC |
Previous
1042
1043
1044
1045
1046
1047
1048
1049
Next