Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2021-12-05
High
Med.
2021-12-04
High
Low
Med.
Med.
High
Low
2021-12-03
Med.
Med.
High
High
Med.

The latest CVEs

2021-12-06
CVE-2021-43469
VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulnerability in the goahead component.
CVE-2021-4069
vim is vulnerable to Use After Free
CVE-2021-43033
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Multiple functions in the bpserverd daemon were vulnerable to arbitrary remote code execution as root. The vulnerability was caused by untrusted input (received by the server) being passed to system calls.
CVE-2021-43034
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file allowed local users to execute arbitrary code as the user apache, leading to privilege escalation.
CVE-2021-43035
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Two unauthenticated SQL injection vulnerabilities were discovered, allowing arbitrary SQL queries to be injected and executed under the postgres superuser account. Remote code execution was possible, leading to full access to the postgres user account.
CVE-2021-43036
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The password for the PostgreSQL wguest account is weak.
CVE-2021-43037
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Unitrends Windows agent was vulnerable to DLL injection and binary planting due to insecure default permissions. This allowed privilege escalation from an unprivileged user to SYSTEM.
CVE-2021-43038
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The wguest account could execute commands by injecting into PostgreSQL trigger functions. This allowed privilege escalation from the wguest user to the postgres user.
CVE-2021-43039
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Samba file sharing service allowed anonymous read/write access.
CVE-2021-43040
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The privileged vaultServer could be leveraged to create arbitrary writable files, leading to privilege escalation.

Dorks

2021-12-05
Med.
WordPress DZS Zoomsounds 6.45 Arbitrary File Read( CVE-2021-39316 )
inurl:/wp-content/plugins/dzs-zoomsounds/
Uriel Yochpaz
2021-12-03
Med.
Openbiz Cubi 3.0.8 Unrestricted File Upload Vulnerability
" System Login - Cubi Platform "
indoushka
High
WordPress Plugin DZS Zoomsounds 6.45 Arbitrary File Read (Unauthenticated)( CVE-2021-39316 )
inurl:/wp-content/plugins/dzs-zoomsounds/
Uriel Yochpaz
2021-12-02
Med.
Harshainfotech - Sql Injection Vulnerability
"Designed & Maintained by | Harshainfotech"
behrouz mansoori
2021-11-30
Med.
Design By Magic Mayo - Sql Injection Vulnerability
"Design By Magic Mayo"
behrouz mansoori

Copyright 2021, cxsecurity.com

 

Back to Top