Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

Best Hackers:
{{ te.id }}. {{te.nameDis}}
CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}
Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2023-05-30
Med.
PrinterLogic Build 1.0.757 XSS / SQL Injection / Authentication Bypass
Nadeem Salim
High
Widevine Trustlet 5.x / 6.x / 7.x PRDiagVerifyProvisioning Buffer Overflow Multiple CVE
CyberIntel Team
High
Serenity / StartSharp Software File Upload / XSS / User Enumeration / Reusable Tokens Multiple CVE
Fabian Densborn
High
Widevine Trustlet 5.x drm_save_keys Buffer Overflow Multiple CVE
CyberIntel Team
2023-05-28
Low
Webkul Qloapps 1.5.2 Cross Site Scripting CVE-2023-30256
Astik Rawat
High
GetSimple CMS 3.3.16 Shell Upload CVE-2022-41544
Youssef Muhammad
Med.
JetSınav SQL Injection + Default Password Vulnerability
BQX
Low
SCM Manager 1.60 Cross Site Scripting CVE-2023-33829
neg0x
Med.
Screen SFT DAB 600/C Authentication Bypass Admin Password Change
LiquidWorm
Low
TinyWebGallery v2.5 Remote Code Execution (RCE)
Mirabbas Ağalarov
2023-05-27
High
Yank Note 3.52.1 Arbitrary Code Execution CVE-2023-31874
8bitsec
Med.
Stackposts Social Marketing Tool v1.0 SQL Injection
Ahmet Ümit BAYRAM
High
Seagate Central Storage 2015.0916 User Creation / Command Execution
Ege Balci

The latest CVEs

2023-06-01
CVE-2023-28043
Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.
CVE-2023-28066
Dell OS Recovery Tool, versions 2.2.4013 and 2.3.7012.0, contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability in order to elevate privileges on the system.
CVE-2023-32310
DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references (IDOR). This could result in a user deleting another user's dashboard or messages or interfering with the interface for marking messages read. The vulnera...
CVE-2023-33963
DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from upgrading.
CVE-2023-32324
OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vul...
CVE-2023-32690
libspdm is a sample implementation that follows the DMTF SPDM specifications. Prior to versions 2.3.3 and 3.0, following a successful CAPABILITIES response, a libspdm Requester stores the Responder's CTExponent into its context without validation. If the Requester sends a request message that requires a cryptography operation by the Responder,...
CVE-2023-32706
On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can send specially-crafted messages to the XML parser within SAML authentication to cause a denial of service in the Splunk daemon.
CVE-2023-32707
In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ??edit_user?? capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.
CVE-2023-32708
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can trigger an HTTP response splitting vulnerability with the ??rest?? SPL command that lets them potentially access other REST endpoints in the system arbitrarily.
CVE-2023-32709
In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ??user?? role can see the hashed version of the initial user name and password for the Splunk instance by using the ??rest?? SPL command against the ??conf-user-seed?? REST endpoint.

Dorks

2023-05-28
Med.
JetSınav SQL Injection + Default Password Vulnerability
allintext:"Powered by Jetsınav"
 BQX
Low
SCM Manager 1.60 Cross Site Scripting( CVE-2023-33829 )
intitle:"SCM Manager" intext:1.60
 neg0x
2023-05-21
Low
Siemens SIMATIC S7-1200 Cross Site Request Forgery( CVE-2015-5698 )
inurl:/Portal/Portal.mwsl
 RoseSecurity
2023-04-25
Med.
Sophos Web Appliance 4.3.10.4 Pre-auth command injection( CVE-2023-1671 )
title:"Sophos Web Appliance"
 Behnam Abasi Vanda
2023-04-23
Med.
Bluesoft Infotech - Sql Injection Vulnerability
"Designed by Bluesoft Infotech"
 behrouz mansoori
Quick goto:

Bugtraq The latest CVEs Dorks
Search

Are you looking CVE for some product?

Top Vendors:

Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla
 
Full List of Vendors

Top Products:

Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx
 

Full List of Products

Top CWE:

CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)
 
Check CWE Dictionary

Donate:
is an open project developed and moderated fully by one independent person.
Help develop the project and make
Donations
Copyright 2023, cxsecurity.com

 

Back to Top