Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2021-10-25
Med.
Low
2021-10-23
Med.
High
High
High
Med.
2021-10-21
Med.
Low
Med.
Med.
2021-10-20
Med.
Med.

The latest CVEs

2021-10-27
CVE-2011-4124
Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges.
CVE-2011-4125
A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root.
CVE-2011-4126
Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged users the ability to mount any device to anywhere.
CVE-2011-4574
PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor's high resolution timer (the RDTSC instruction). This instruction can be virtualized, and some virtual machine hosts have chosen to disable this instruction, returning 0s or predictable results.
CVE-2020-7867
An improper input validation vulnerability in Helpu solution could allow a local attacker to arbitrary file creation and execution without click file transfer menu. It is possible to file in arbitrary directory for user because the viewer program receive the file from agent with privilege of administrator.
CVE-2021-26610
The move_uploaded_file function in godomall5 does not perform an integrity check of extension or authority when user upload file. This vulnerability allows an attacker to execute an remote arbitrary code.
CVE-2021-32951
WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as well as IP addresses and names of all the devices managed via WebAccess/NMS.
CVE-2021-35233
The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that use these methods by returning exact HTTP request that was received in the response to the client. This may lead to the disclosure of sensitive inf...
CVE-2021-35235
The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. ASP.NET allows remote debugging of web applications, if configured to do so. Debug mode causes ASP.NET to compile applications with extra information. The information enables a debugger to closely monitor and control the execution of an application. I...
CVE-2021-35236
The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted requests. If the application can be accessed over both H...

Dorks

2021-10-20
Med.
Optijet School Management System - Blind SQL Injection (Unauthenticated)
"okulsonuc.com"
MaliciousFolder
Med.
SonicWall SMA 10.2.1.0-17sv Password Reset( CVE-2021-20034 )
https://www.shodan.io/search?query=title%3A%22Virtual+Office%22+%22Server%3A+SonicWall%22
Jacob Baines
2021-10-18
Med.
Plastic SCM 10.0.16.5622 Insecure Direct Object Reference( CVE-2021-41382 )
title:"Plastic SCM"
Basavaraj Banakar
2021-10-17
Med.
Code For Share | SQL Injection Vulnerability
ip:54.162.128.250 .php?id=
Coder Hunter
2021-10-14
Low
Logitech Media Server 8.2.0 Cross Site Scripting
Search Logitech Media Server
Mert Das

Copyright 2021, cxsecurity.com

 

Back to Top