Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2021-12-07
Low
Med.
High
Low
2021-12-06
Med.
Low
Med.
High
Med.
Med.
2021-12-05
High
Med.
2021-12-04
High

The latest CVEs

2021-12-08
CVE-2021-43808
Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent plac...
CVE-2021-44420
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.
CVE-2020-27356
The debug-meta-data plugin 1.1.2 for WordPress allows XSS.
CVE-2021-28680
The devise_masquerade gem before 1.3 allows certain attacks when a password's salt is unknown. An application that uses this gem to let administrators masquerade/impersonate users loses one layer of security protection compared to a situation where Devise (without this extension) is used. If the server-side secret_key_base value became publicl...
CVE-2021-34543
The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. As a result, the attacker can modify configuration files and change the system status.
CVE-2021-34544
An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2013. In /export.html, email.html, and sms.html, cleartext passwords are stored. This may allow sensitive information to be read by someone with access to the device.
CVE-2021-36133
The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral.
CVE-2021-36760
In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the callback parameter modifying the URL that precedes the callback parameter. Once the username or password reset procedure is completed, the JavaScript code will be executed. (recoverpassword.do also has an open ...
CVE-2021-38759
Raspberry Pi OS through 5.10 has the raspberry default password for the pi account. If not changed, attackers can gain administrator privileges.
CVE-2021-42681
A Buffer Overflow vulnerability exists in Accops HyWorks DVM Tools prior to v3.3.1.105. The IOCTL Handler 0x22001B allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.

Dorks

2021-12-07
Med.
PageWay Version 1.8 BETA SQL Injection Vulnerability
"PageWay™ Website Administration System, Version 1.8 BETA"
indoushka
2021-12-05
Med.
WordPress DZS Zoomsounds 6.45 Arbitrary File Read( CVE-2021-39316 )
inurl:/wp-content/plugins/dzs-zoomsounds/
Uriel Yochpaz
2021-12-03
Med.
Openbiz Cubi 3.0.8 Unrestricted File Upload Vulnerability
" System Login - Cubi Platform "
indoushka
High
WordPress Plugin DZS Zoomsounds 6.45 Arbitrary File Read (Unauthenticated)( CVE-2021-39316 )
inurl:/wp-content/plugins/dzs-zoomsounds/
Uriel Yochpaz
2021-12-02
Med.
Harshainfotech - Sql Injection Vulnerability
"Designed & Maintained by | Harshainfotech"
behrouz mansoori

Copyright 2021, cxsecurity.com

 

Back to Top