Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2018-11-16
Low
Med.
Med.
High
High
Med.
Med.
Med.
Med.
Low
2018-11-15
Med.
Med.
Med.

The latest CVEs

2018-11-16
CVE-2018-9086
In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users.
CVE-2018-9085
A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors.
CVE-2018-9073
Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets.
CVE-2018-9071
Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows unauthenticated users to retrieve information related to the current authentication configuration settings. Exposed settings relate to password lengths, expiration, and lockout configuration.
CVE-2018-19296
PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.
2018-11-15
CVE-2018-19301
tp4a TELEPORT 3.1.0 allows XSS via the login page because a crafted username is mishandled when an administrator later views the system log.
CVE-2018-5407
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
CVE-2018-8529
A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TFS and Search services, aka "Team Foundation Server Remote Code Execution Vulnerability." This affects Team.
CVE-2018-18954
The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory.
CVE-2018-16621
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection.

Dorks

2018-11-13
Med.
Web Portal People LLC 2018 OurClassOnline USA Unauthorized Arbitrary File Insert Vulnerability
intext:''To obtain a site like this for your class visit www.ourclassonline.com.''
KingSkrupellos
Med.
WEBSITE DEVELOPED BY: A R INFOTECH SQL injection
inurl:product-detail.php?id= intext:"WEBSITE DEVELOPED BY: A R INFOTECH"
Mikayil Ilyas
Med.
WEBSITE DEVELOPED BY: A R INFOTECH SQL injection
inurl:product-detail.php?id= intext:"WEBSITE DEVELOPED BY: A R INFOTECH"
Mikayil Ilyas
Med.
Developed By NaiveScripters Noakhali Science and Technology University Bangladesh SQL Injection Vulnerability
intext:''Developed By NaiveScripters'' site:edu.bd
KingSkrupellos
2018-11-12
Med.
Powered By Dimofinf CMS Version 4.0.0 Saudi-Arabia Government Unauthorized Arbitrary Insert File Vulnerability
intext:''Powered by Dimofinf cms Version 4.0.0'' site:gov.sa
KingSkrupellos

Copyright 2018, cxsecurity.com

 

Back to Top