Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2022-10-02
Low
Med.
Med.
Med.
2022-10-01
Low
Med.
High
High
Low
Med.
2022-09-29
Med.
Low
High

The latest CVEs

2022-10-02
CVE-2022-42003
In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
CVE-2022-42004
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.
2022-10-01
CVE-2022-42002
SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete.
CVE-2022-34428
Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service.
CVE-2022-34429
Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.
CVE-2022-39268
### Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user's account. ### Patch Upgrade to v2022.09.10...
2022-09-30
CVE-2021-33354
Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter.
CVE-2022-40944
Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via sales-report-ds.php file.
CVE-2022-41870
AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload.
CVE-2022-41975
RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege escalation via MSI installer Repair mode.

Dorks

2022-09-25
Low
WordPress WP-UserOnline 2.88.0 Cross Site Scripting( CVE-2022-2941 )
inurl:/wp-content/plugins/wp-useronline/
UnD3sc0n0c1d0
2022-09-22
High
VIAVIWEB Wallpaper Admin SQL Injection / Shell Upload
intext:"Wallpaper Admin" "LOGIN" "password" "Username"
Edd13Mora
2022-09-15
Low
Genesys PureConnect - Interaction Web Tools XSS( CVE-2022-37775 )
inurl:"/I3Root/chatOrCallback.html"
Jake Murphy - Echelon Risk...
2022-09-13
Med.
Equitysoft Technologies Pvt Ltd - SQL Injection Vulnerability
"Equitysoft Technologies Pvt Ltd"
MR.$UD0
Med.
kansascitynova - Sql Injection Vulnerability
"Designed by kansascitynova"
Security Guard

Copyright 2022, cxsecurity.com

 

Back to Top