渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Master.php?f=delete_message. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-43066

#CVE_2022

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:An issue in code signature validation was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, macOS Monterey 12.6. An app may be able to bypass code signing checks. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-42793

#CVE_2022

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. Parsing a maliciously crafted audio file may lead to disclosure of user information. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-42798

#CVE_2022

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.7 and iPadOS 15.7, macOS Ventura 13. An app may be able to gain elevated privileges. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-42796

#CVE_2022

渗透/安全推送中心 @cvebird

创建者:mlcsec
项目描述:Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules, actions, and exclusion locations
项目链接:https://github.com/mlcsec/ASRenum-BOF

#cobalt_strike

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to leak sensitive user information. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-32823

#CVE_2022

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-32832

#CVE_2022

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-32831

#CVE_2022

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-32826

#CVE_2022

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:The issue was addressed with improved handling of caches. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to access sensitive user information. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-32805

#CVE_2022

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-32820

#CVE_2022

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach(). CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-44033

#CVE_2022

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-3254

#CVE_2022

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:The WP Contact Slider WordPress plugin before 2.4.8 does not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-3237

#CVE_2022

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and escaping as well. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-3096

#CVE_2022

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-2627

#CVE_2022

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-2190

#CVE_2022

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-37428

#CVE_2022

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-40188

#CVE_2022

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-2405

#CVE_2022

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:The WP Popup Builder WordPress plugin before 1.2.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-2404

#CVE_2022