unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
Github CVE
Github Tools
编码/解码
文件传输
管理
Twitter Bot
Telegram Bot
Search
Rss
黑夜模式
增加标签
Tags (allow clear + 0 threshold)
Choose a tag...
Please select a valid tag.
Live-Hack-CVE/CVE-2019-4308
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034. CVE project by @Sn0wAlice
Create: 2023-02-01 07:14:32 +0800 CST Push: 2023-02-01 07:14:35 +0800 CST |
Live-Hack-CVE/CVE-2019-4473
Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984. CVE project by @Sn0wAlice
Create: 2023-02-01 07:14:29 +0800 CST Push: 2023-02-01 07:14:31 +0800 CST |
Live-Hack-CVE/CVE-2019-4310
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161036. CVE project by @Sn0wAlice
Create: 2023-02-01 07:14:25 +0800 CST Push: 2023-02-01 07:14:27 +0800 CST |
Live-Hack-CVE/CVE-2019-4298
IBM Robotic Process Automation with Automation Anywhere 11 uses a high privileged PostgreSQL account for database access which could allow a local user to perform actions they should not have privileges to execute. IBM X-Force ID: 160764. CVE project by @Sn0wAlice
Create: 2023-02-01 07:14:22 +0800 CST Push: 2023-02-01 07:14:24 +0800 CST |
Live-Hack-CVE/CVE-2019-4299
IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. IBM X-Force ID: 160765. CVE project by @Sn0wAlice
Create: 2023-02-01 07:14:18 +0800 CST Push: 2023-02-01 07:14:20 +0800 CST |
Live-Hack-CVE/CVE-2020-16242
The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts. CVE project by @Sn0wAlice
Create: 2023-02-01 07:14:15 +0800 CST Push: 2023-02-01 07:14:17 +0800 CST |
Live-Hack-CVE/CVE-2020-26137
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. CVE project by @Sn0wAlice
Create: 2023-02-01 07:14:11 +0800 CST Push: 2023-02-01 07:14:13 +0800 CST |
Live-Hack-CVE/CVE-2019-4383
When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle or MongoDB databases, a redirected restore operation may result in an escalation of user privileges. IBM X-Force ID: 162165. CVE project by @Sn0wAlice
Create: 2023-02-01 07:14:08 +0800 CST Push: 2023-02-01 07:14:10 +0800 CST |
Halcy0nic/CVE-2022-36752
Proof of concept for CVE-2022-36752
Create: 2023-02-01 07:14:06 +0800 CST Push: 2023-02-01 07:14:07 +0800 CST |
Live-Hack-CVE/CVE-2020-26154
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. CVE project by @Sn0wAlice
Create: 2023-02-01 07:14:04 +0800 CST Push: 2023-02-01 07:14:06 +0800 CST |
Live-Hack-CVE/CVE-2020-5387
Dell XPS 13 9370 BIOS versions prior to 1.13.1 contains an Improper Exception Handling vulnerability. A local attacker with physical access could exploit this vulnerability to prevent the system from booting until the exploited boot device is removed. CVE project by @Sn0wAlice
Create: 2023-02-01 07:14:01 +0800 CST Push: 2023-02-01 07:14:03 +0800 CST |
Live-Hack-CVE/CVE-2020-26164
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack. CVE project by @Sn0wAlice
Create: 2023-02-01 07:13:57 +0800 CST Push: 2023-02-01 07:13:59 +0800 CST |
Live-Hack-CVE/CVE-2020-26935
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query. CVE project by @Sn0wAlice
Create: 2023-02-01 07:13:53 +0800 CST Push: 2023-02-01 07:13:56 +0800 CST |
Live-Hack-CVE/CVE-2020-13943
If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - in CVE project by @Sn0wAlice
Create: 2023-02-01 07:13:50 +0800 CST Push: 2023-02-01 07:13:52 +0800 CST |
Live-Hack-CVE/CVE-2020-27619
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. CVE project by @Sn0wAlice
Create: 2023-02-01 07:13:45 +0800 CST Push: 2023-02-01 07:13:48 +0800 CST |
Live-Hack-CVE/CVE-2020-26566
A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP request. CVE project by @Sn0wAlice
Create: 2023-02-01 07:13:42 +0800 CST Push: 2023-02-01 07:13:44 +0800 CST |
Live-Hack-CVE/CVE-2019-5609
In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350619, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bhyve e1000 device emulation used a guest-provided value to determine the size of the on-stack buffer without validation when TCP seg CVE project by @Sn0wAlice
Create: 2023-02-01 07:13:38 +0800 CST Push: 2023-02-01 07:13:40 +0800 CST |
Live-Hack-CVE/CVE-2019-5608
In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. A re CVE project by @Sn0wAlice
Create: 2023-02-01 07:13:34 +0800 CST Push: 2023-02-01 07:13:36 +0800 CST |
Live-Hack-CVE/CVE-2019-5610
In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350638, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bsnmp library is not properly validating the submitted length from a type-length-value encoding. A remote user could cause an out-of- CVE project by @Sn0wAlice
Create: 2023-02-01 07:13:31 +0800 CST Push: 2023-02-01 07:13:33 +0800 CST |
Live-Hack-CVE/CVE-2019-5611
In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous. Extra checks in the CVE project by @Sn0wAlice
Create: 2023-02-01 07:13:27 +0800 CST Push: 2023-02-01 07:13:29 +0800 CST |
Previous
1
2
3
4
5
6
7
8
Next