Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2022-01-26
Med.
Med.
Med.
Med.
Med.
Med.
Med.
High
High
Low
Med.
Med.
Med.

The latest CVEs

2022-01-27
CVE-2021-44792
Single Connect does not perform an authorization check when using the "log-monitor" module. A remote attacker could exploit this vulnerability to access the logging interface. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information.
CVE-2021-44793
Single Connect does not perform an authorization check when using the sc-reports-ui" module. A remote attacker could exploit this vulnerability to access the device configuration page and export the data to an external file. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information including the datab...
CVE-2021-44794
Single Connect does not perform an authorization check when using the "sc-diagnostic-ui" module. A remote attacker could exploit this vulnerability to access the device information page. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information.
CVE-2021-44795
Single Connect does not perform an authorization check when using the "sc-assigned-credential-ui" module. A remote attacker could exploit this vulnerability to modify users permissions. The exploitation of this vulnerability might allow a remote attacker to delete permissions from other users without authenticating.
CVE-2022-23181
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is co...
CVE-2021-28096
An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection table. This would result in the proxy denying any new connections.
CVE-2022-0348
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.
CVE-2022-0370
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
CVE-2022-0387
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
CVE-2022-22828
An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared files via a modified base64-encoded filename string.

Dorks

2022-01-26
Med.
Quiz Maker 6.2 - Sensitive Data Exposure (Authenticated User Credentials)
inurl:/wp-content/plugins/quiz-maker
Gh05t666nero
Med.
Creative Websoft - Sql Injection Vulnerability
"Website Desined By: Creative Websoft"
behrouz mansoori
2022-01-24
Med.
LDaRosa Xpath Injection Vulnerability
"By LDaRosa"
behrouz mansoori
2022-01-20
Med.
North Wing Limited - Sql Injection Vulnerability
"Developers: North Wing Limited"
behrouz mansoori
Med.
S.S. Technologies - Sql Injection Vulnerability
"Powered By S.S. Technologies" inurl:id="
behrouz mansoori

Copyright 2022, cxsecurity.com

 

Back to Top