unSafe.sh - 不安全

Live-Hack-CVE/CVE-2021-3805 object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') CVE project by @Sn0wAlice
Create: 2023-01-30 03:44:23 +0800 CST Push: 2023-01-30 03:44:25 +0800 CST |

Live-Hack-CVE/CVE-2023-0571 A vulnerability has been found in SourceCodester Canteen Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file createcustomer.php of the component Add Customer. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. T CVE project by @Sn0wAlice
Create: 2023-01-30 03:44:20 +0800 CST Push: 2023-01-30 03:44:22 +0800 CST |

Live-Hack-CVE/CVE-2023-0570 A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects an unknown part of the file user\operations\payment_operation.php. The manipulation of the argument booking_id leads to sql injection. It is possible to initiate the attack remotely. CVE project by @Sn0wAlice
Create: 2023-01-30 03:44:16 +0800 CST Push: 2023-01-30 03:44:18 +0800 CST |

MataKucing-OFC/CVE-2018-17254 Joomla JCK Editor 6.4.4 - 'parent' SQL Injection
Create: 2023-01-30 01:07:10 +0800 CST Push: 2023-01-30 01:07:10 +0800 CST |

Live-Hack-CVE/CVE-2020-4051 In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16 CVE project by @Sn0wAlice
Create: 2023-01-29 23:20:27 +0800 CST Push: 2023-01-29 23:20:29 +0800 CST |

Live-Hack-CVE/CVE-2021-23450 All versions of package dojo are vulnerable to Prototype Pollution via the setObject function. CVE project by @Sn0wAlice
Create: 2023-01-29 23:20:24 +0800 CST Push: 2023-01-29 23:20:26 +0800 CST |

Cyb3rtus/keepass_CVE-2023-24055_yara_rule Contains a simple yara rule to hunt for possible compromised KeePass config files
Create: 2023-01-29 22:13:44 +0800 CST Push: 2023-01-29 22:13:44 +0800 CST |

nikn0laty/PDFkit-CMD-Injection-CVE-2022-25765 Exploit for CVE-2022-25765 command injection in pdfkit < 0.8.6
Create: 2023-01-29 18:36:40 +0800 CST Push: 2023-01-29 18:37:22 +0800 CST |

nikn0laty/PDFkit-CMD-Injection-CVE-2022-25765- Exploit for CVE-2022-25765 command injection in pdfkit < 0.8.6
Create: 2023-01-29 18:36:40 +0800 CST Push: 2023-01-29 18:36:40 +0800 CST |

Live-Hack-CVE/CVE-2023-0564 Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10. CVE project by @Sn0wAlice
Create: 2023-01-29 14:37:11 +0800 CST Push: 2023-01-29 14:37:13 +0800 CST |

Live-Hack-CVE/CVE-2022-48285 loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive. CVE project by @Sn0wAlice
Create: 2023-01-29 14:37:06 +0800 CST Push: 2023-01-29 14:37:08 +0800 CST |

SeasonLeague/CVE-2017-5487 This is a vulnerability in the Linux kernel that was discovered and disclosed in 2017.
Create: 2023-01-29 12:43:37 +0800 CST Push: 2023-01-29 12:43:37 +0800 CST |

krizzz07/CVE-2020-0796 windows 10 SMB vulnerability
Create: 2023-01-29 12:29:49 +0800 CST Push: 2023-01-29 12:29:50 +0800 CST |

fakenews2025/CVE-2023-21839 CVE-2023-21839 exp
Create: 2023-01-29 11:02:10 +0800 CST Push: 2023-01-29 11:02:11 +0800 CST |

Live-Hack-CVE/CVE-2023-0563 A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file add-locker-form.php of the component Assign Locker. The manipulation of the argument ahname leads to cross site scripting. It is possible to initiate the attack remotely. Th CVE project by @Sn0wAlice
Create: 2023-01-29 10:18:12 +0800 CST Push: 2023-01-29 10:18:14 +0800 CST |

Live-Hack-CVE/CVE-2023-0562 A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The identifi CVE project by @Sn0wAlice
Create: 2023-01-29 10:18:09 +0800 CST Push: 2023-01-29 10:18:11 +0800 CST |

Live-Hack-CVE/CVE-2021-4315 A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and classified as critical. This vulnerability affects unknown code of the file psiturk/experiment.py. The manipulation of the argument mode leads to improper neutralization of special elements used in a template engine. The exploit has been disclosed to the CVE project by @Sn0wAlice
Create: 2023-01-29 10:18:05 +0800 CST Push: 2023-01-29 10:18:08 +0800 CST |

Live-Hack-CVE/CVE-2023-0561 A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file /user/s.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed t CVE project by @Sn0wAlice
Create: 2023-01-29 03:42:55 +0800 CST Push: 2023-01-29 03:42:58 +0800 CST |

Live-Hack-CVE/CVE-2023-0560 A vulnerability, which was classified as critical, has been found in SourceCodester Online Tours & Travels Management System 1.0. This issue affects some unknown processing of the file admin/practice_pdf.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit h CVE project by @Sn0wAlice
Create: 2023-01-29 03:42:52 +0800 CST Push: 2023-01-29 03:42:54 +0800 CST |

Live-Hack-CVE/CVE-2020-16093 In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. CVE project by @Sn0wAlice
Create: 2023-01-29 03:42:48 +0800 CST Push: 2023-01-29 03:42:51 +0800 CST |