Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2021-11-29
Low
Med.
Med.
Med.
2021-11-27
Med.
High
Med.
Med.
Med.
Med.
Med.
2021-11-26
Low
Med.

The latest CVEs

2021-11-29
CVE-2021-32061
S3Scanner before 2.0.2 allows Directory Traversal via a crafted bucket, as demonstrated by a <Key>../ substring in a ListBucketResult element.
CVE-2021-44077
Zoho ManageEngine ServiceDesk Plus before 11306 is vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.
CVE-2021-44093
A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell
CVE-2021-44094
ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file
2021-11-27
CVE-2021-4020
janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
2021-11-26
CVE-2021-43776
Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate access tokens or other secrets from the user's browser. The default CS...
CVE-2021-43785
@joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a `script` tag into the page and execute malicious code.
CVE-2021-23654
This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via CSV files.
CVE-2020-7881
The vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using 21201 port. A stack-based buffer overflow leading to remote code execution was discovered in strcpy() operate by "FanTicket" field. It is because of stored data without validation of length.
CVE-2021-26611
HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnerability. This issue allows remote attackers to operate the IP Camera.(reboot, factory reset, snapshot etc..)

Dorks

2021-11-29
Low
PHPJabbers Simple CMS 5 name Persistent Cross-Site Scripting (XSS)
subtitle:Copyright © 2021 PHPJabbers.com
Vulnerability-Lab
2021-11-27
Med.
NEXIN engine v2.0 Backdoor Account Vulnerability
NEXIN engine v2.0
indoushka
2021-11-26
Med.
itchiangmai SQL Injection Vulnerability
Power by itchiangmai
indoushka
Med.
Code For Share | SQL Injection Vulnerability
ip:54.162.128.250 .php?id=
Coders Hunters
2021-11-23
Med.
Webrun 3.6.0.42 SQL Injection
intitle:"Webrun 3.6.0.42"
Vinicius Alves

Copyright 2021, cxsecurity.com

 

Back to Top