Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2023-09-20
Med.
Low
High
High
Med.
Med.
Med.
High
Low
2023-09-18
High
Med.
Low
Low

The latest CVEs

2023-09-21
CVE-2023-4753
OpenHarmony v3.2.1 and prior version has a liteos-a kernel may crash caused by mqueue undetected entries vulnerability. Local attackers can crash liteos-a kernel by the error input 
CVE-2015-5467
web\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to execute any local .php file via a relative path in the view parameeter.
CVE-2015-8371
Composer before 2016-02-10 allows cache poisoning from other projects built on the same host. This results in attacker-controlled code entering a server-side build process. The issue occurs because of the way that dist packages are cached. The cache key is derived from the package name, the dist type, and certain other data from the package reposit...
CVE-2018-5478
Contao 3.x before 3.5.32 allows XSS via the unsubscribe module in the frontend newsletter extension.
CVE-2023-39252
Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.
CVE-2023-43669
The Tungstenite crate through 0.20.0 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted (e.g., thousands of times) and the average amount of data for each parse attempt (e.g., millions ...
CVE-2023-4152
Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS101 device.
CVE-2023-4291
Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a remote code execution (RCE) vulnerability via manipulated parameters of the web interface without authentication. This could lead to a full compromise of the FDS101 device.
CVE-2023-4292
Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a SQL injection vulnerability via manipulated parameters of the web interface without authentication. The database contains limited, non-critical log information.
CVE-2023-4760
In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component. The reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileName(String name) method. As soon as this finds a / in the path, everything before it is...

Dorks

2023-09-20
Low
SFTP/FTP Password Exposure via sftp-config.json( Multiple CVE )
inurl:/.vscode/sftp-config.json
Mr.Fn4ticHz
High
Super Store Finder 3.7 Remote Command Execution
"designed and built by Joe Iz."
Etharus
2023-09-18
Med.
Conception & Réalisation MGSD - Blind Sql Injection Vulnerability
"Conception & Réalisation MGSD"
behrouz mansoori
Med.
SNDK Technologies - Blind Sql Injection
"Designed by SNDK Technologies Pvt. Ltd."
behrouz mansoori
Med.
CMS united - Blind Sql Injection
"Powered by CMS united"
behrouz mansoori

Copyright 2023, cxsecurity.com

 

Back to Top