Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2022-06-28
Low
Med.
Low
Med.
Low
Med.
Med.
2022-06-26
Med.
Med.
Low
Low
Med.
Low

The latest CVEs

2022-07-01
CVE-2021-41995
A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass.
CVE-2022-23717
PingID Windows Login prior to 2.8 is vulnerable to a denial of service condition on local machines when combined with using offline security keys as part of authentication.
CVE-2022-23718
PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. An attacker capable of achieving a sophisticated man-in-the-middle position, or to compromise Ping Identity web servers, could deliver malicious code that would be executed as SYSTEM by the PingID Windows Login application.
CVE-2022-23719
PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. An attacker with the ability to execute code on the target machine maybe able to exploit and spoof the local Java service using multiple attack vectors. A successful attack can lead to code executed as SYSTEM by the...
CVE-2022-23720
PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file. An IT administrator could mistakenly deploy administrator privileged PingID API credentials, such as those typically used by PingFederate, into PingID Windows Login user endpoints. Using sensitive full perm...
CVE-2022-23725
PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances.
CVE-2014-0068
It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission.
CVE-2014-0156
Awesome spawn contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, attacker could use this flaw to execute arbitrary command.
CVE-2022-2257
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
2022-06-30
CVE-2013-4144
There is an object injection vulnerability in swfupload plugin for wordpress.

Dorks

2022-06-28
Low
SEO Nethizmet Admin NoRedirect Bypass
"intext:"Web Tasarım Seo Nethizmet""
BQX
Low
Mailhog 1.0.1 Stored Cross-Site Scripting (XSS)
https://www.shodan.io/search?query=mailhog ( > 3500)
Vulnz
2022-06-22
Med.
BLUEWATER MARIBAGO BEACH RESORT - SQL Injection Vulnerability
intext:"BLUEWATER MARIBAGO BEACH RESORT " inurl:/index.php?page=
MR.$UD0
2022-06-11
Low
WEB SITE Yas Arghavani System XSS( Multiple CVE )
-
E1.Coders
2022-06-05
High
H3k / tiny File Manager
intitle:"h3k File Manager"
Hamza Anonime

Copyright 2022, cxsecurity.com

 

Back to Top