Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

Best Hackers:
{{ te.id }}. {{te.nameDis}}
CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}
Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2023-12-05
Med.
Powered By Assamlook.com - Sql Injection
behrouz mansoori
2023-12-04
High
Stock-Coupon-2.1 File Upload - RCE
nu11secur1ty
Low
WordPress Theme phlox-pro 5.14.0 - 'searchform' Cross-Site Scripting (XSS)
Haktrak Team
Low
PHP8: php-curl-RCE-Privilage-Escalation
nu11secur1ty
2023-12-03
High
Quick-Quiz-2.4 File Upload - RCE
nu11secur1ty
Med.
firstideabooks - SQL Injection vulnerability
Mahdi Karimi
Med.
artandaustralia - SQL Injection vulnerability
Mahdi Karimi
Med.
Orpak Fueling Systems Exploit and Default Password
Parsa Rezaei khiabanloo
High
Doksoft Uploader CSRF File Upload
L4663r666h05t
2023-11-29
Low
israel YCMS 4 - Remote File Upload - CSRF / Shell Upload
1933 (TURK TM - SS CYBER)
Med.
Tenda D151 2 - Authentication Bypass
1933 (TURK TM - SS CYBER)
High
inTouch-1.0 File Upload - RCE
nu11secur1ty
2023-11-27
Med.
osCommerce 4 - Reflected XSS CVE-2023-6296
CraCkEr

The latest CVEs

2023-11-23
CVE-2023-4593
Path traversal vulnerability whose exploitation could allow an authenticated remote user to bypass SecurityManager's intended restrictions and list a parent directory via any filename, such as a multiple ..%2F value affecting the 'dodoc' parameter in the /MailAdmin_dll.htm file.
CVE-2023-4594
Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmin_dll.htm file.
CVE-2023-4595
An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca.
CVE-2023-28811
There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.
CVE-2023-39253
Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system.
CVE-2023-43086
Dell Command | Configure, versions prior to 4.11.0, contains an improper access control vulnerability. A local malicious user could potentially modify files inside installation folder during application upgrade, leading to privilege escalation.
CVE-2023-44289
Dell Command | Configure versions prior to 4.11.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation.
CVE-2023-44290
Dell Command | Monitor versions prior to 10.10.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation.
CVE-2023-28812
There is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary code execution or cause process exception of the plug-in.
CVE-2023-28813
An attacker could exploit a vulnerability by sending crafted messages to computers installed with this plug-in to modify plug-in parameters, which could cause affected computers to download malicious files.

Dorks

2023-12-05
Med.
Powered By Assamlook.com - Sql Injection
"Powered By Assamlook.com"
 behrouz mansoori
2023-12-03
Med.
firstideabooks - SQL Injection vulnerability
"Powered by firstideabooks"
 Mahdi Karimi
Med.
artandaustralia - SQL Injection vulnerability
"Powered by artandaustralia"
 Mahdi Karimi
Med.
Orpak Fueling Systems Exploit and Default Password
intitle:"SiteOmat Loader"
 Parsa Rezaei khiabanloo
High
Doksoft Uploader CSRF File Upload
inurl:/doksoft_uploader/userfiles/
 L4663r666h05t
Quick goto:

Bugtraq The latest CVEs Dorks
Search

Are you looking CVE for some product?

Top Vendors:

Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla
 
Full List of Vendors

Top Products:

Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx
 

Full List of Products

Top CWE:

CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)
 
Check CWE Dictionary

Donate:
is an open project developed and moderated fully by one independent person.
Help develop the project and make
Donations
Copyright 2023, cxsecurity.com

 

Back to Top