Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2018-12-14
Med.
Med.
High
High
2018-12-13
Med.
Med.
Med.
Low
Med.
Med.
Med.
2018-12-12
High
Med.

The latest CVEs

2018-12-15
CVE-2018-20159
i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a ".zip" file because a ZIP archive is accepted ...
2018-12-14
CVE-2018-20157
The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.
CVE-2018-20156
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated "site administrator" users to execute arbitrary PHP code throughout a multisite network.
CVE-2018-20155
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings.
CVE-2018-20154
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses.
CVE-2018-20153
In WordPress versions before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS.
CVE-2018-20152
In WordPress versions before 5.0.1, authors could bypass intended restrictions on post types via crafted input.
CVE-2018-20151
In WordPress versions before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was generated by default.
CVE-2018-20150
In WordPress versions before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins.
CVE-2018-20149
In WordPress versions before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS.

Dorks

2018-12-13
Med.
WordPress JoeBooking Plugins 6.6.5 Database Backup Disclosure
inurl:''/wp-content/plugins/joebooking/''
KingSkrupellos
Med.
WordPress MagicMembers Plugins 1.0 Database Backup Disclosure
inurl:''/wp-content/plugins/magicmembers/core/libs/''
KingSkrupellos
Med.
WordPress TimeTable Responsive Schedule Plugins 5.4 Database Backup Disclosure
inurl:''/wp-content/plugins/timetable/dummy-content-files/''
KingSkrupellos
2018-12-12
Med.
Bangladesh Educational School & College Admin Panels
admin/login
Maruf Sakirim
Med.
WordPress Wysija-Newsletters 2.10.2 Database Backup Disclosure
inurl:''/wp-content/plugins/wysija-newsletters/sql/''
KingSkrupellos

Copyright 2018, cxsecurity.com

 

Back to Top