Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2021-10-25
Med.
Low
2021-10-23
Med.
High
High
High
Med.
2021-10-21
Med.
Low
Med.
Med.
2021-10-20
Med.
Med.

The latest CVEs

2021-10-27
CVE-2021-41872
Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.
CVE-2021-34580
In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts.
CVE-2011-4124
Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges.
CVE-2011-4125
A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root.
CVE-2011-4126
Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged users the ability to mount any device to anywhere.
CVE-2011-4574
PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor's high resolution timer (the RDTSC instruction). This instruction can be virtualized, and some virtual machine hosts have chosen to disable this instruction, returning 0s or predictable results.
CVE-2020-7867
An improper input validation vulnerability in Helpu solution could allow a local attacker to arbitrary file creation and execution without click file transfer menu. It is possible to file in arbitrary directory for user because the viewer program receive the file from agent with privilege of administrator.
CVE-2021-26610
The move_uploaded_file function in godomall5 does not perform an integrity check of extension or authority when user upload file. This vulnerability allows an attacker to execute an remote arbitrary code.
CVE-2021-32951
WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as well as IP addresses and names of all the devices managed via WebAccess/NMS.
CVE-2021-35233
The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that use these methods by returning exact HTTP request that was received in the response to the client. This may lead to the disclosure of sensitive inf...

Dorks

2021-10-20
Med.
Optijet School Management System - Blind SQL Injection (Unauthenticated)
"okulsonuc.com"
MaliciousFolder
Med.
SonicWall SMA 10.2.1.0-17sv Password Reset( CVE-2021-20034 )
https://www.shodan.io/search?query=title%3A%22Virtual+Office%22+%22Server%3A+SonicWall%22
Jacob Baines
2021-10-18
Med.
Plastic SCM 10.0.16.5622 Insecure Direct Object Reference( CVE-2021-41382 )
title:"Plastic SCM"
Basavaraj Banakar
2021-10-17
Med.
Code For Share | SQL Injection Vulnerability
ip:54.162.128.250 .php?id=
Coder Hunter
2021-10-14
Low
Logitech Media Server 8.2.0 Cross Site Scripting
Search Logitech Media Server
Mert Das

Copyright 2021, cxsecurity.com

 

Back to Top