Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2018-08-18
Med.
Med.
Med.
2018-08-17
Low
High
High
Med.
High
High
Med.
Med.
Low
2018-08-16
Med.

The latest CVEs

2018-08-18
CVE-2018-15505
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 address.
CVE-2018-15504
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
CVE-2018-15503
The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV.
CVE-2018-15501
In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS.
CVE-2018-15495
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.
CVE-2018-15494
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
CVE-2018-15492
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.
CVE-2018-15491
A vulnerability in the permission and encryption implementation of Zemana Anti-Logger 1.9.3.527 and prior (fixed in 1.9.3.602) allows an attacker to take control of the whitelisting feature (MyRules2.ini under %LOCALAPPDATA%\Zemana\ZALSDK) to permit execution of unauthorized applications (such as ones that record keystrokes).
2018-08-17
CVE-2018-15482
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006.
CVE-2018-14982
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004.

Dorks

2018-08-18
Med.
WordPress Dreamsmiths Themes 0.0.1 Arbitrary File Download
inurl:/wp-content/themes/fiestaresidences/
IRaNHaCK Security Team
Med.
News365 v4 disconnect database connection Vulnerability
"bdtask Theme | All right Reserved 2016" Login |
indoushka
2018-08-17
Med.
phpMeteo v1.6 sensitive information disclosure Vulnerability
Powered by phpMeteo.
indoushka
Low
Designed & Developed by: Progressive NoRedirect Bypass
"Welcome to Control PanelUse a valid Loginid and password to gain access to the administration console"
F0x35
2018-08-16
Low
TheNextBigWriter.com Insecure Direct Object References Leading To Possibly Defacement
intext:"Built by Proxima B"
Nyx of CycoSEC

Copyright 2018, cxsecurity.com

 

Back to Top