CXSECURITY.COM Free Security List

Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected

{{te.id}}. {{te.nameDis}} ({{te.count}})

Random comment

{{ x.title }}
{{ x.auth }}

Voted

{{ x.nameSh }} +{{x.pos}} {{x.neg}}

Check the Bugtraq

2023-12-07
High	WBCE_CMS-1.6.1 File Upload - RCE nu11secur1ty
Med.	osCommerce 4 - SQL Injection CVE-2023-6579 CraCkEr
Med.	Winter CMS 1.2.2 - Server-Side Template Injection (SSTI) (Authenticated) tmrswrr
Med.	PopojiCMS Version : 2.0.1 Remote Command Execution tmrswrr
High	WBCE CMS Version : 1.6.1 Remote Command Executio tmrswrr
High	CSZ CMS Version 1.3.0 Remote Command Execution tmrswrr
Med.	PHP8: php-curl from Curl-8.4.0 Windows11 Privilage-Escalation RCE nu11secur1ty
2023-12-05
Med.	Powered By Assamlook.com - Sql Injection behrouz mansoori
2023-12-04
High	Stock-Coupon-2.1 File Upload - RCE nu11secur1ty
Low	WordPress Theme phlox-pro 5.14.0 - 'searchform' Cross-Site Scripting (XSS) Haktrak Team
Low	PHP8: php-curl-RCE-Privilage-Escalation nu11secur1ty
2023-12-03
High	Quick-Quiz-2.4 File Upload - RCE nu11secur1ty
Med.	firstideabooks - SQL Injection vulnerability Mahdi Karimi

The latest CVEs

2023-11-23
CVE-2023-4593	Path traversal vulnerability whose exploitation could allow an authenticated remote user to bypass SecurityManager's intended restrictions and list a parent directory via any filename, such as a multiple ..%2F value affecting the 'dodoc' parameter in the /MailAdmin_dll.htm file.
CVE-2023-4594	Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmin_dll.htm file.
CVE-2023-4595	An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca.
CVE-2023-28811	There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.
CVE-2023-39253	Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system.
CVE-2023-43086	Dell Command \| Configure, versions prior to 4.11.0, contains an improper access control vulnerability. A local malicious user could potentially modify files inside installation folder during application upgrade, leading to privilege escalation.
CVE-2023-44289	Dell Command \| Configure versions prior to 4.11.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation.
CVE-2023-44290	Dell Command \| Monitor versions prior to 10.10.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation.
CVE-2023-28812	There is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary code execution or cause process exception of the plug-in.
CVE-2023-28813	An attacker could exploit a vulnerability by sending crafted messages to computers installed with this plug-in to modify plug-in parameters, which could cause affected computers to download malicious files.

Dorks

2023-12-07
Med.	osCommerce 4 - SQL Injection( CVE-2023-6579 ) Powered by osCommerce	CraCkEr
2023-12-05
Med.	Powered By Assamlook.com - Sql Injection "Powered By Assamlook.com"	behrouz mansoori
2023-12-03
Med.	firstideabooks - SQL Injection vulnerability "Powered by firstideabooks"	Mahdi Karimi
Med.	artandaustralia - SQL Injection vulnerability "Powered by artandaustralia"	Mahdi Karimi
Med.	Orpak Fueling Systems Exploit and Default Password intitle:"SiteOmat Loader"	Parsa Rezaei khiabanloo

Quick goto:

Bugtraq The latest CVEs Dorks
Search

Bugtraq

CVEMAP

By Author

CVE Id

CWE Id

By vendors

By products

Are you looking CVE for some product?

Top Vendors:
Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla

Full List of Vendors

Top Products:
Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx

Full List of Products

Top CWE:
CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)

Check CWE Dictionary

Donate:

is an open project developed and moderated fully by one independent person.

Help develop the project and make
Donations

Bugtraq Stats

CVE database

Affected

Random comment

Voted

2023-12-07

High

Med.

Med.

Med.

High

High

Med.

2023-12-05

Med.

2023-12-04

High

Low

Low

2023-12-03

High

Med.

The latest CVEs

2023-11-23

Dorks

2023-12-07

Med.

2023-12-05

Med.

2023-12-03

Med.

Med.

Med.

Quick goto:

Are you looking CVE for some product?

Top Vendors:

Top Products:

Top CWE:

Donate:

is an open project developed and moderated fully by one independent person.

Help develop the project and makeDonations

Help develop the project and make
Donations