unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
Github CVE
Github Tools
编码/解码
文件传输
管理
Twitter Bot
Telegram Bot
Search
Rss
黑夜模式
增加标签
Tags (allow clear + 0 threshold)
Choose a tag...
Please select a valid tag.
Live-Hack-CVE/CVE-2020-27619
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. CVE project by @Sn0wAlice
Create: 2023-02-01 07:13:45 +0800 CST Push: 2023-02-01 07:13:48 +0800 CST |
Live-Hack-CVE/CVE-2020-26566
A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP request. CVE project by @Sn0wAlice
Create: 2023-02-01 07:13:42 +0800 CST Push: 2023-02-01 07:13:44 +0800 CST |
Live-Hack-CVE/CVE-2019-5609
In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350619, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bhyve e1000 device emulation used a guest-provided value to determine the size of the on-stack buffer without validation when TCP seg CVE project by @Sn0wAlice
Create: 2023-02-01 07:13:38 +0800 CST Push: 2023-02-01 07:13:40 +0800 CST |
Live-Hack-CVE/CVE-2019-5608
In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. A re CVE project by @Sn0wAlice
Create: 2023-02-01 07:13:34 +0800 CST Push: 2023-02-01 07:13:36 +0800 CST |
Live-Hack-CVE/CVE-2019-5610
In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350638, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bsnmp library is not properly validating the submitted length from a type-length-value encoding. A remote user could cause an out-of- CVE project by @Sn0wAlice
Create: 2023-02-01 07:13:31 +0800 CST Push: 2023-02-01 07:13:33 +0800 CST |
Live-Hack-CVE/CVE-2019-5611
In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous. Extra checks in the CVE project by @Sn0wAlice
Create: 2023-02-01 07:13:27 +0800 CST Push: 2023-02-01 07:13:29 +0800 CST |
Live-Hack-CVE/CVE-2019-5612
In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel driver for /dev/midistat implements a read handler that is not thread-safe. A multi-threaded program can exploit races in the CVE project by @Sn0wAlice
Create: 2023-02-01 07:13:24 +0800 CST Push: 2023-02-01 07:13:26 +0800 CST |
Live-Hack-CVE/CVE-2019-9921
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to read information that should only be accessible by a different user. CVE project by @Sn0wAlice
Create: 2023-02-01 07:13:20 +0800 CST Push: 2023-02-01 07:13:22 +0800 CST |
Live-Hack-CVE/CVE-2022-45494
Buffer overflow vulnerability in function json_parse_object in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. CVE project by @Sn0wAlice
Create: 2023-02-01 07:13:16 +0800 CST Push: 2023-02-01 07:13:19 +0800 CST |
Live-Hack-CVE/CVE-2022-45297
EQ v1.5.31 to v2.2.0 was discovered to contain a SQL injection vulnerability via the UserPwd parameter. CVE project by @Sn0wAlice
Create: 2023-02-01 07:13:13 +0800 CST Push: 2023-02-01 07:13:15 +0800 CST |
Live-Hack-CVE/CVE-2022-37708
Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users outside the Docker container can access any files within the Docker container. CVE project by @Sn0wAlice
Create: 2023-02-01 07:13:09 +0800 CST Push: 2023-02-01 07:13:11 +0800 CST |
Live-Hack-CVE/CVE-2022-32984
BTCPay Server 1.3.0 through 1.5.3 allows a remote attacker to obtain sensitive information when a public Point of Sale app is exposed. The sensitive information, found in the HTML source code, includes the xpub of the store. Also, if the store isn't using the internal lightning node, the credentials of a lightning node CVE project by @Sn0wAlice
Create: 2023-02-01 07:13:05 +0800 CST Push: 2023-02-01 07:13:08 +0800 CST |
Halcy0nic/CVE-2022-41220
Proof of concept for CVE-2022-41220
Create: 2023-02-01 07:05:31 +0800 CST Push: 2023-02-01 07:05:32 +0800 CST |
Halcy0nic/CVE-2022-34913
Proof of concept for CVE-2022-34913
Create: 2023-02-01 06:37:29 +0800 CST Push: 2023-02-01 06:37:29 +0800 CST |
Live-Hack-CVE/CVE-2019-14322
In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames. CVE project by @Sn0wAlice
Create: 2023-02-01 06:08:08 +0800 CST Push: 2023-02-01 06:08:11 +0800 CST |
Live-Hack-CVE/CVE-2016-15023
A vulnerability, which was classified as problematic, was found in SiteFusion Application Server up to 6.6.6. This affects an unknown part of the file getextension.php of the component Extension Handler. The manipulation leads to path traversal. Upgrading to version 6.6.7 is able to address this issue. The name of the CVE project by @Sn0wAlice
Create: 2023-02-01 06:07:57 +0800 CST Push: 2023-02-01 06:08:00 +0800 CST |
Live-Hack-CVE/CVE-2019-19509
An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution. CVE project by @Sn0wAlice
Create: 2023-02-01 06:07:53 +0800 CST Push: 2023-02-01 06:07:56 +0800 CST |
Live-Hack-CVE/CVE-2019-19585
An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions. CVE project by @Sn0wAlice
Create: 2023-02-01 06:07:50 +0800 CST Push: 2023-02-01 06:07:52 +0800 CST |
Halcy0nic/CVE-2022-34556
Proof of concept for CVE-2022-34556
Create: 2023-02-01 06:07:50 +0800 CST Push: 2023-02-01 06:07:51 +0800 CST |
Live-Hack-CVE/CVE-2019-14834
A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation. CVE project by @Sn0wAlice
Create: 2023-02-01 06:07:46 +0800 CST Push: 2023-02-01 06:07:49 +0800 CST |
Previous
13
14
15
16
17
18
19
20
Next