unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
Github CVE
Github Tools
编码/解码
文件传输
管理
Twitter Bot
Telegram Bot
Search
Rss
黑夜模式
增加标签
Tags (allow clear + 0 threshold)
Choose a tag...
Please select a valid tag.
Live-Hack-CVE/CVE-2018-3734
stattic node module suffers from a Path Traversal vulnerability due to lack of validation of path, which allows a malicious user to read content of any file with known path. CVE project by @Sn0wAlice
Create: 2023-01-31 01:31:10 +0800 CST Push: 2023-01-31 01:31:12 +0800 CST |
Live-Hack-CVE/CVE-2018-3715
glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path. CVE project by @Sn0wAlice
Create: 2023-01-31 01:31:06 +0800 CST Push: 2023-01-31 01:31:08 +0800 CST |
Live-Hack-CVE/CVE-2018-3746
The pdfinfojs NPM module versions <= 0.3.6 has a command injection vulnerability that allows an attacker to execute arbitrary commands on the victim's machine. CVE project by @Sn0wAlice
Create: 2023-01-31 01:31:01 +0800 CST Push: 2023-01-31 01:31:04 +0800 CST |
Live-Hack-CVE/CVE-2018-3743
Open redirect in hekto <=0.2.3 when target domain name is used as html filename on server. CVE project by @Sn0wAlice
Create: 2023-01-31 01:30:58 +0800 CST Push: 2023-01-31 01:31:00 +0800 CST |
Live-Hack-CVE/CVE-2018-3730
mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path. CVE project by @Sn0wAlice
Create: 2023-01-31 01:30:54 +0800 CST Push: 2023-01-31 01:30:56 +0800 CST |
Live-Hack-CVE/CVE-2018-3744
The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL. CVE project by @Sn0wAlice
Create: 2023-01-31 01:30:50 +0800 CST Push: 2023-01-31 01:30:53 +0800 CST |
Live-Hack-CVE/CVE-2019-12181
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux. CVE project by @Sn0wAlice
Create: 2023-01-31 01:30:45 +0800 CST Push: 2023-01-31 01:30:48 +0800 CST |
Live-Hack-CVE/CVE-2017-1107
IBM Marketing Platform 9.1.0, 9.1.2, 10.0, and 10.1 exposes sensitive information in the headers that could be used by an authenticated attacker in further attacks against the system. IBM X-Force ID: 120906. CVE project by @Sn0wAlice
Create: 2023-01-31 01:30:41 +0800 CST Push: 2023-01-31 01:30:44 +0800 CST |
Live-Hack-CVE/CVE-2019-4364
IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680. CVE project by @Sn0wAlice
Create: 2023-01-31 01:30:38 +0800 CST Push: 2023-01-31 01:30:40 +0800 CST |
Live-Hack-CVE/CVE-2019-4385
IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attacker gaining access to sensitive information as well as vSnap. IBM X-Force ID: 162173. CVE project by @Sn0wAlice
Create: 2023-01-31 01:30:33 +0800 CST Push: 2023-01-31 01:30:36 +0800 CST |
Live-Hack-CVE/CVE-2019-4384
IBM Campaign 9.1.2 and 10.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162172. CVE project by @Sn0wAlice
Create: 2023-01-31 01:30:30 +0800 CST Push: 2023-01-31 01:30:32 +0800 CST |
Live-Hack-CVE/CVE-2018-3731
public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path. CVE project by @Sn0wAlice
Create: 2023-01-31 01:30:26 +0800 CST Push: 2023-01-31 01:30:28 +0800 CST |
Live-Hack-CVE/CVE-2018-3725
hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. CVE project by @Sn0wAlice
Create: 2023-01-31 01:30:22 +0800 CST Push: 2023-01-31 01:30:25 +0800 CST |
Live-Hack-CVE/CVE-2018-20469
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports module is vulnerable to h2 SQL injection. This can be exploited to inject SQL queries and run standard h2 system functions. CVE project by @Sn0wAlice
Create: 2023-01-31 01:30:18 +0800 CST Push: 2023-01-31 01:30:21 +0800 CST |
Live-Hack-CVE/CVE-2018-1845
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150905. CVE project by @Sn0wAlice
Create: 2023-01-31 01:30:14 +0800 CST Push: 2023-01-31 01:30:17 +0800 CST |
Live-Hack-CVE/CVE-2018-20470
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerability exists in the web reports module. This allows an outside attacker to view contents of sensitive files. CVE project by @Sn0wAlice
Create: 2023-01-31 01:30:11 +0800 CST Push: 2023-01-31 01:30:13 +0800 CST |
Live-Hack-CVE/CVE-2023-0266
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c CVE project by @Sn0wAlice
Create: 2023-01-30 23:20:07 +0800 CST Push: 2023-01-30 23:20:09 +0800 CST |
Live-Hack-CVE/CVE-2023-0240
There is a logic error in io_uring's implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation. In the io_prep_async_work function the assumption that the last io_grab_identity call cannot return false is not true, and in this case the function will use the init_cred or CVE project by @Sn0wAlice
Create: 2023-01-30 23:20:03 +0800 CST Push: 2023-01-30 23:20:05 +0800 CST |
Live-Hack-CVE/CVE-2022-45788
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure™ Control Expert (All Versions), EcoStruxur CVE project by @Sn0wAlice
Create: 2023-01-30 23:19:58 +0800 CST Push: 2023-01-30 23:20:01 +0800 CST |
Live-Hack-CVE/CVE-2023-20007
A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code or cause the web-based management process on the device to restart unexpectedly, resulting in a denial of se CVE project by @Sn0wAlice
Create: 2023-01-30 23:19:54 +0800 CST Push: 2023-01-30 23:19:57 +0800 CST |
Previous
12
13
14
15
16
17
18
19
Next