Live-Hack-CVE/CVE-2022-4120 The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2022.6 passes base64 encoded user input to the unserialize() PHP function when CAPTCHA are used as second challenge, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadget chain CVE project by @Sn0wAlice Create: 2022-12-27 16:36:14 +0000 UTC Push: 2022-12-27 16:36:16 +0000 UTC |

Live-Hack-CVE/CVE-2022-4117 The IWS WordPress plugin through 1.0 does not properly escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection. CVE project by @Sn0wAlice Create: 2022-12-27 16:36:10 +0000 UTC Push: 2022-12-27 16:36:12 +0000 UTC |

Live-Hack-CVE/CVE-2022-4110 The Eventify™ WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). CVE project by @Sn0wAlice Create: 2022-12-27 16:36:06 +0000 UTC Push: 2022-12-27 16:36:08 +0000 UTC |

Live-Hack-CVE/CVE-2022-4047 The Return Refund and Exchange For WooCommerce WordPress plugin before 4.0.9 does not validate attachment files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files such as PHP and lead to RCE CVE project by @Sn0wAlice Create: 2022-12-27 16:36:03 +0000 UTC Push: 2022-12-27 16:36:05 +0000 UTC |

Live-Hack-CVE/CVE-2022-4042 The Paytium: Mollie payment forms & donations WordPress plugin through 4.3.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). CVE project by @Sn0wAlice Create: 2022-12-27 16:35:59 +0000 UTC Push: 2022-12-27 16:36:01 +0000 UTC |

Live-Hack-CVE/CVE-2022-3840 The Login for Google Apps WordPress plugin before 3.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). CVE project by @Sn0wAlice Create: 2022-12-27 16:35:56 +0000 UTC Push: 2022-12-27 16:35:58 +0000 UTC |

Live-Hack-CVE/CVE-2022-3835 The Kwayy HTML Sitemap WordPress plugin before 4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). CVE project by @Sn0wAlice Create: 2022-12-27 16:35:52 +0000 UTC Push: 2022-12-27 16:35:54 +0000 UTC |

Live-Hack-CVE/CVE-2020-12069 In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), the password-hashing feature requires insufficient computational effort. CVE project by @Sn0wAlice Create: 2022-12-27 16:35:35 +0000 UTC Push: 2022-12-27 16:35:37 +0000 UTC |

Live-Hack-CVE/CVE-2020-12067 In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user's password may be changed by an attacker without knowledge of the current password. CVE project by @Sn0wAlice Create: 2022-12-27 16:35:31 +0000 UTC Push: 2022-12-27 16:35:33 +0000 UTC |

Live-Hack-CVE/CVE-2021-4281 A vulnerability was found in Brave UX for-the-badge and classified as critical. Affected by this issue is some unknown functionality of the file .github/workflows/combine-prs.yml. The manipulation leads to os command injection. The name of the patch is 55b5a234c0fab935df5fb08365bc8fe9c37cf46b. It is recommended to appl CVE project by @Sn0wAlice Create: 2022-12-27 16:35:27 +0000 UTC Push: 2022-12-27 16:35:29 +0000 UTC |

Live-Hack-CVE/CVE-2020-11101 Sierra Wireless AirLink Mobility Manager (AMM) before 2.17 mishandles sessions and thus an unauthenticated attacker can obtain a login session with administrator privileges. CVE project by @Sn0wAlice Create: 2022-12-27 16:35:24 +0000 UTC Push: 2022-12-27 16:35:26 +0000 UTC |

Live-Hack-CVE/CVE-2019-9579 An issue was discovered in Illumos in Nexenta NexentaStor 4.0.5 and 5.1.2, and other products. The SMB server allows an attacker to have unintended access, e.g., an attacker with WRITE_XATTR can change permissions. This occurs because of a combination of three factors: ZFS extended attributes are used to implement NT n CVE project by @Sn0wAlice Create: 2022-12-27 16:35:20 +0000 UTC Push: 2022-12-27 16:35:22 +0000 UTC |

Live-Hack-CVE/CVE-2019-9011 In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), an attacker can identify valid usernames. CVE project by @Sn0wAlice Create: 2022-12-27 16:35:17 +0000 UTC Push: 2022-12-27 16:35:19 +0000 UTC |

Live-Hack-CVE/CVE-2019-19705 Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 Carbon 20A7, 20A8, 20BS, and 20BT before 6.0.8882.1 and 20KH and 20KG before 6.0.8907.1 (and on many other Lenovo and non-Lenovo products), mishandles DLL preloading. CVE project by @Sn0wAlice Create: 2022-12-27 16:35:13 +0000 UTC Push: 2022-12-27 16:35:16 +0000 UTC |

Live-Hack-CVE/CVE-2019-18177 In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update. CVE project by @Sn0wAlice Create: 2022-12-27 16:35:10 +0000 UTC Push: 2022-12-27 16:35:12 +0000 UTC |

Live-Hack-CVE/CVE-2019-14802 HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintended environment variables to the rendering task during template rendering, aka GHSA-6hv3-7c34-4hx8. This applies to nomad/client/allocrunner/taskrunner/template. CVE project by @Sn0wAlice Create: 2022-12-27 16:35:06 +0000 UTC Push: 2022-12-27 16:35:09 +0000 UTC |

Live-Hack-CVE/CVE-2019-13988 Sierra Wireless MGOS before 3.15.2 and 4.x before 4.3 allows attackers to read log files via a Direct Request (aka Forced Browsing). CVE project by @Sn0wAlice Create: 2022-12-27 16:35:03 +0000 UTC Push: 2022-12-27 16:35:05 +0000 UTC |

Live-Hack-CVE/CVE-2022-36664 Password Manager for IIS 2.0 has a cross-site scripting (XSS) vulnerability via the /isapi/PasswordManager.dll ResultURL parameter. CVE project by @Sn0wAlice Create: 2022-12-27 16:34:58 +0000 UTC Push: 2022-12-27 16:35:01 +0000 UTC |

Live-Hack-CVE/CVE-2020-28191 The console in Togglz before 2.9.4 allows CSRF. CVE project by @Sn0wAlice Create: 2022-12-27 16:34:55 +0000 UTC Push: 2022-12-27 16:34:57 +0000 UTC |

Live-Hack-CVE/CVE-2020-24600 Shilpi CAPExWeb 1.1 allows SQL injection via a servlet/capexweb.cap_sendMail GET request. CVE project by @Sn0wAlice Create: 2022-12-27 16:34:51 +0000 UTC Push: 2022-12-27 16:34:54 +0000 UTC |