Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2022-12-05
Low
Low
Med.
Med.
Med.
2022-12-01
High
Med.
Med.
Med.
Med.
Med.
2022-11-29
High
High

The latest CVEs

2022-12-06
CVE-2022-43706
Cross-site scripting (XSS) vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users.
CVE-2022-45019
SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter.
CVE-2022-45020
Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in the component /rukovoditel/index.php?module=users/login. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
CVE-2022-45769
A cross-site scripting (XSS) vulnerability in ClicShopping_V3 v3.402 allows attackers to execute arbitrary web scripts or HTML via a crafted URL parameter.
CVE-2022-45990
A cross-site scripting (XSS) vulnerability in the component /signup_script.php of Ecommerce-Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the eMail parameter.
CVE-2022-46464
ConcreteCMS v9.1.3 was discovered to be vulnerable to Xpath injection attacks. This vulnerability allows attackers to access sensitive XML data via a crafted payload injected into the URL path folder "3".
CVE-2021-39434
A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220.
CVE-2022-38336
An access control issue in MobaXterm before v22.1 allows attackers to make connections to the server via the SSH or SFTP protocols without authentication.
CVE-2022-38337
When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service (DoS) for the user if services like fail2ban are used.
CVE-2022-40918
Buffer overflow in firmware lewei_cam binary version 2.0.10 in Force 1 Discovery Wifi U818A HD+ FPV Drone allows attacker to gain remote code execution as root user via a specially crafted UDP packet. Please update the Reference section to these links > http://thiscomputer.com/ > https://www.bostoncyber.org/ > https://medium.com/@meekworth...

Dorks

2022-11-18
Med.
Remote Code Execution in SimpleMachinesForum 2.1.1( CVE-2022-26982 )
SimpleMachinesForum Exploit
Sarang Tumne
2022-11-15
Med.
Remote Code Execution in MODX Revolution V2.8.3-pl( CVE-2022-26149 )
MODX Exploit
Sarang Tumne
2022-11-13
High
Remote Code Execution in Abantecart-1.3.2( CVE-2022-26521 )
Abantecart exploit
Sarang Tumne
2022-10-23
Low
Khameneie.ir XSS vulnerabilities
site:farsi.khamenei.ir/search-result?q="
E1.Coders
Med.
developway SQL Injection
intext:"Powered By DevelopWay"
cymilad

Copyright 2022, cxsecurity.com

 

Back to Top