Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2023-05-30
Med.
High
High
High
2023-05-28
Low
High
Med.
Low
Med.
Low
2023-05-27
High
Med.
High

The latest CVEs

2023-06-01
CVE-2023-28043
Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.
CVE-2023-28066
Dell OS Recovery Tool, versions 2.2.4013 and 2.3.7012.0, contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability in order to elevate privileges on the system.
CVE-2023-32310
DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references (IDOR). This could result in a user deleting another user's dashboard or messages or interfering with the interface for marking messages read. The vulnera...
CVE-2023-33963
DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from upgrading.
CVE-2023-32324
OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vul...
CVE-2023-32690
libspdm is a sample implementation that follows the DMTF SPDM specifications. Prior to versions 2.3.3 and 3.0, following a successful CAPABILITIES response, a libspdm Requester stores the Responder's CTExponent into its context without validation. If the Requester sends a request message that requires a cryptography operation by the Responder,...
CVE-2023-32706
On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can send specially-crafted messages to the XML parser within SAML authentication to cause a denial of service in the Splunk daemon.
CVE-2023-32707
In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ??edit_user?? capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.
CVE-2023-32708
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can trigger an HTTP response splitting vulnerability with the ??rest?? SPL command that lets them potentially access other REST endpoints in the system arbitrarily.
CVE-2023-32709
In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ??user?? role can see the hashed version of the initial user name and password for the Splunk instance by using the ??rest?? SPL command against the ??conf-user-seed?? REST endpoint.

Dorks

2023-05-28
Med.
JetSınav SQL Injection + Default Password Vulnerability
allintext:"Powered by Jetsınav"
BQX
Low
SCM Manager 1.60 Cross Site Scripting( CVE-2023-33829 )
intitle:"SCM Manager" intext:1.60
neg0x
2023-05-21
Low
Siemens SIMATIC S7-1200 Cross Site Request Forgery( CVE-2015-5698 )
inurl:/Portal/Portal.mwsl
RoseSecurity
2023-04-25
Med.
Sophos Web Appliance 4.3.10.4 Pre-auth command injection( CVE-2023-1671 )
title:"Sophos Web Appliance"
Behnam Abasi Vanda
2023-04-23
Med.
Bluesoft Infotech - Sql Injection Vulnerability
"Designed by Bluesoft Infotech"
behrouz mansoori

Copyright 2023, cxsecurity.com

 

Back to Top