Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2021-11-30
High
Low
Med.
Med.
High
Med.
Med.
Med.
2021-11-29
Med.
Low
Med.
Med.
Med.

The latest CVEs

2021-11-30
CVE-2021-38958
IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service attack caused by a concurrency issue. IBM X-Force ID: 212042
CVE-2021-38967
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. IBM X-Force ID: 212441.
CVE-2021-38999
IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace.
CVE-2021-39000
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information by inclusion of sensitive data within diagnostics. IBM X-Force ID: 213215.
CVE-2021-43998
HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0.
CVE-2021-43202
In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.
CVE-2021-41677
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/functions/GetStuListFnc.php &Grade= parameter.
CVE-2021-25987
Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post ??body? and ??tags? don??t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code.
CVE-2021-41678
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/users/Staff.php, staff{TITLE] parameter.
CVE-2021-41679
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/grades/InputFinalGrades.php, period parameter.

Dorks

2021-11-30
Med.
Design By Magic Mayo - Sql Injection Vulnerability
"Design By Magic Mayo"
behrouz mansoori
Med.
Designed by Desire Web World - Sql Injection Vulnerability
"Designed by Desire Web World"
behrouz mansoori
2021-11-29
Low
PHPJabbers Simple CMS 5 name Persistent Cross-Site Scripting (XSS)
subtitle:Copyright © 2021 PHPJabbers.com
Vulnerability-Lab
2021-11-27
Med.
NEXIN engine v2.0 Backdoor Account Vulnerability
NEXIN engine v2.0
indoushka
2021-11-26
Med.
itchiangmai SQL Injection Vulnerability
Power by itchiangmai
indoushka

Copyright 2021, cxsecurity.com

 

Back to Top