Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2022-07-05
Low
Med.
High
Med.
2022-07-04
Med.
Med.
High
Med.
Low
Med.
2022-07-02
Low
Low
High

The latest CVEs

2022-07-06
CVE-2022-22681
Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors.
CVE-2022-31856
Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php.
CVE-2022-32310
An access control issue in Ingredient Stock Management System v1.0 allows attackers to take over user accounts via a crafted POST request to /isms/classes/Users.php.
CVE-2022-32311
Ingredient Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /isms/admin/stocks/view_stock.php.
CVE-2022-32413
An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file.
CVE-2022-34972
So Filter Shop v3.x was discovered to contain multiple blind SQL injection vulnerabilities via the att_value_id , manu_value_id , opt_value_id , and subcate_value_id parameters at /index.php?route=extension/module/so_filter_shop_by/filter_data.
2022-07-05
CVE-2021-44915
Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category.
CVE-2022-31014
Nextcloud server is an open source personal cloud server. Affected versions were found to be vulnerable to SMTP command injection. The impact varies based on which commands are supported by the backend SMTP server. However, the main risk here is that the attacker can then hijack an already-authenticated SMTP session and run arbitrary SMTP commands ...
CVE-2022-31116
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupting strings, this allowed for potential key confusion ...
CVE-2022-31117
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. This issue has bee...

Dorks

2022-07-05
Low
SEO Nethizmet Admin NoRedirect Bypass
"inurl /yonetici/yonetici-giris.php"
BQX
2022-07-04
Med.
OPSTECH Thailand Gov Management System Multiple Vulnerabilities
1. intext:"Copyright © by OPSTECH All Right Reserved" site:go.th
NaughtySec
2022-06-28
Low
SEO Nethizmet Admin NoRedirect Bypass
"intext:"Web Tasarım Seo Nethizmet""
BQX
Low
Mailhog 1.0.1 Stored Cross-Site Scripting (XSS)
https://www.shodan.io/search?query=mailhog ( > 3500)
Vulnz
2022-06-22
Med.
BLUEWATER MARIBAGO BEACH RESORT - SQL Injection Vulnerability
intext:"BLUEWATER MARIBAGO BEACH RESORT " inurl:/index.php?page=
MR.$UD0

Copyright 2022, cxsecurity.com

 

Back to Top