Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2021-12-03
Med.
Med.
High
High
Med.
Med.
Med.
Med.
2021-12-02
Med.
Med.
Med.
Low
High

The latest CVEs

2021-12-04
CVE-2021-35413
A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file.
CVE-2021-35414
Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php.
CVE-2021-35415
A stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the course "Title" and "Content" fields.
CVE-2021-43415
HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1.
2021-12-03
CVE-2021-44347
SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Controller\GuestbookController.class.php.
CVE-2021-44352
A Stack-based Buffer Overflow vlnerability exists in the Tenda AC15 V15.03.05.18_multi device via the list parameter in a post request in goform/SetIpMacBind.
CVE-2021-23562
This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.
CVE-2021-23758
All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution.
CVE-2021-35344
tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function BitStreamReader::getCurVal in bitStream.h.
CVE-2021-35346
tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function HevcSpsUnit::short_term_ref_pic_set(int) in hevc.cpp.

Dorks

2021-12-03
Med.
Openbiz Cubi 3.0.8 Unrestricted File Upload Vulnerability
" System Login - Cubi Platform "
indoushka
High
WordPress Plugin DZS Zoomsounds 6.45 Arbitrary File Read (Unauthenticated)( CVE-2021-39316 )
inurl:/wp-content/plugins/dzs-zoomsounds/
Uriel Yochpaz
2021-12-02
Med.
Harshainfotech - Sql Injection Vulnerability
"Designed & Maintained by | Harshainfotech"
behrouz mansoori
2021-11-30
Med.
Design By Magic Mayo - Sql Injection Vulnerability
"Design By Magic Mayo"
behrouz mansoori
Med.
Designed by Desire Web World - Sql Injection Vulnerability
"Designed by Desire Web World"
behrouz mansoori

Copyright 2021, cxsecurity.com

 

Back to Top