Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2021-10-23
Med.
High
High
High
Med.
2021-10-21
Med.
Low
Med.
Med.
2021-10-20
Med.
Med.
2021-10-18
High
High

The latest CVEs

2021-10-23
CVE-2021-42258
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERV...
CVE-2020-23036
MEDIA NAVI Inc SMACom v1.2 was discovered to contain an insecure session validation vulnerability in the session handling of the `password` authentication parameter of the wifi photo transfer module. This vulnerability allows attackers with network access privileges or on public wifi networks to read the authentication credentials and follow-up req...
CVE-2020-23037
Portable Ltd Playable v9.18 contains a code injection vulnerability in the filename parameter, which allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.
CVE-2020-23038
Swift File Transfer Mobile v1.1.2 and below was discovered to contain an information disclosure vulnerability in the path parameter. This vulnerability is exploited via an error caused by including non-existent path environment variables.
CVE-2020-23039
Folder Lock v3.4.5 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Create Folder function under the 'create' module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload as a path or folder name.
CVE-2020-23040
Sky File v2.1.0 contains a directory traversal vulnerability in the FTP server which allows attackers to access sensitive data and files via 'null' path commands.
CVE-2020-23041
Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the path parameter of the `list` and `download` exception-handling. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request.
CVE-2020-23042
Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability in the path parameter of the `list` and `download` module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request.
CVE-2020-23043
Tran Tu Air Sender v1.0.2 was discovered to contain an arbitrary file upload vulnerability in the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted file.
CVE-2020-23044
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.

Dorks

2021-10-20
Med.
Optijet School Management System - Blind SQL Injection (Unauthenticated)
"okulsonuc.com"
MaliciousFolder
Med.
SonicWall SMA 10.2.1.0-17sv Password Reset( CVE-2021-20034 )
https://www.shodan.io/search?query=title%3A%22Virtual+Office%22+%22Server%3A+SonicWall%22
Jacob Baines
2021-10-18
Med.
Plastic SCM 10.0.16.5622 Insecure Direct Object Reference( CVE-2021-41382 )
title:"Plastic SCM"
Basavaraj Banakar
2021-10-17
Med.
Code For Share | SQL Injection Vulnerability
ip:54.162.128.250 .php?id=
Coder Hunter
2021-10-14
Low
Logitech Media Server 8.2.0 Cross Site Scripting
Search Logitech Media Server
Mert Das

Copyright 2021, cxsecurity.com

 

Back to Top