Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2021-11-29
Med.
Low
Med.
Med.
Med.
Low
Med.
Med.
Med.
2021-11-27
Med.
High
Med.
Med.

The latest CVEs

2021-11-30
CVE-2021-44428
Pinkie 2.15 allows remote attackers to cause a denial of service (daemon crash) via a TFTP read (RRQ) request, aka opcode 1.
CVE-2021-44429
Serva 4.4.0 allows remote attackers to cause a denial of service (daemon crash) via a TFTP read (RRQ) request, aka opcode 1, a related issue to CVE-2013-0145.
CVE-2021-43790
Lucet is a native WebAssembly compiler and runtime. There is a bug in the main branch of `lucet-runtime` affecting all versions published to crates.io that allows a use-after-free in an Instance object that could result in memory corruption, data race, or other related issues. This bug was introduced early in the development of Lucet and is present...
CVE-2021-44427
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.
2021-11-29
CVE-2021-42358
The Contact Form With Captcha WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation in the ~/cfwc-form.php file during contact form submission, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.6.2.
CVE-2021-42364
The Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the stats_page function found in the ~/stetic.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.0.6.
CVE-2021-42365
The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the ~/admin/tables/admin-structure-table.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.13. This affects multi-site inst...
CVE-2021-44198
DLL hijacking could lead to local privilege escalation. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035
CVE-2021-44199
DLL hijacking could lead to denial of service. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27305, Acronis Cyber Protect Home Office (Windows) before build 39612
CVE-2021-44200
Self cross-site scripting (XSS) was possible on devices page. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035

Dorks

2021-11-29
Low
PHPJabbers Simple CMS 5 name Persistent Cross-Site Scripting (XSS)
subtitle:Copyright © 2021 PHPJabbers.com
Vulnerability-Lab
2021-11-27
Med.
NEXIN engine v2.0 Backdoor Account Vulnerability
NEXIN engine v2.0
indoushka
2021-11-26
Med.
itchiangmai SQL Injection Vulnerability
Power by itchiangmai
indoushka
Med.
Code For Share | SQL Injection Vulnerability
ip:54.162.128.250 .php?id=
Coders Hunters
2021-11-23
Med.
Webrun 3.6.0.42 SQL Injection
intitle:"Webrun 3.6.0.42"
Vinicius Alves

Copyright 2021, cxsecurity.com

 

Back to Top