Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

Best Hackers:
{{ te.id }}. {{te.nameDis}}
CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}
Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2023-09-20
Med.
Academy LMS 6.2 SQL Injection CVE-2023-4974
CraCkEr
Low
SFTP/FTP Password Exposure via sftp-config.json Multiple CVE
Mr.Fn4ticHz
High
Atos Unify OpenScape Code Execution / Missing Authentication Multiple CVE
Armin Weihbold
High
Lexmark Device Embedded Web Server Remote Code Execution Multiple CVE
jheysel-r7
Med.
WordPress Essential Blocks 4.2.0 / Essential Blocks Pro 1.1.0 PHP Object Injection Multiple CVE
Marco Wotschka
Med.
Taskhub 2.8.7 SQL Injection CVE-2023-4987
CraCkEr
Med.
Windows Common Log File System Driver (clfs.sys) Privilege Escalation CVE-2023-28252
Ricardo Narvaja
High
Super Store Finder 3.7 Remote Command Execution
Etharus
Low
WordPress Theme My Login 2FA Brute Force
Joost Grunwald
2023-09-18
High
WinRAR Remote Code Execution CVE-2023-38831
Alexander Hagenah
Med.
Conception & Réalisation MGSD - Blind Sql Injection Vulnerability
behrouz mansoori
Low
Night Club Booking Software 1.0 Cross Site Scripting
nu11secur1ty
Low
Academy LMS 6.2 - Reflected XSS CVE-2023-4973
CraCkEr

The latest CVEs

2023-09-21
CVE-2023-4753
OpenHarmony v3.2.1 and prior version has a liteos-a kernel may crash caused by mqueue undetected entries vulnerability. Local attackers can crash liteos-a kernel by the error input 
CVE-2015-5467
web\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to execute any local .php file via a relative path in the view parameeter.
CVE-2015-8371
Composer before 2016-02-10 allows cache poisoning from other projects built on the same host. This results in attacker-controlled code entering a server-side build process. The issue occurs because of the way that dist packages are cached. The cache key is derived from the package name, the dist type, and certain other data from the package reposit...
CVE-2018-5478
Contao 3.x before 3.5.32 allows XSS via the unsubscribe module in the frontend newsletter extension.
CVE-2023-39252
Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.
CVE-2023-43669
The Tungstenite crate through 0.20.0 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted (e.g., thousands of times) and the average amount of data for each parse attempt (e.g., millions ...
CVE-2023-4152
Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS101 device.
CVE-2023-4291
Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a remote code execution (RCE) vulnerability via manipulated parameters of the web interface without authentication. This could lead to a full compromise of the FDS101 device.
CVE-2023-4292
Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a SQL injection vulnerability via manipulated parameters of the web interface without authentication. The database contains limited, non-critical log information.
CVE-2023-4760
In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component. The reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileName(String name) method. As soon as this finds a / in the path, everything before it is...

Dorks

2023-09-20
Low
SFTP/FTP Password Exposure via sftp-config.json( Multiple CVE )
inurl:/.vscode/sftp-config.json
 Mr.Fn4ticHz
High
Super Store Finder 3.7 Remote Command Execution
"designed and built by Joe Iz."
 Etharus
2023-09-18
Med.
Conception & Réalisation MGSD - Blind Sql Injection Vulnerability
"Conception & Réalisation MGSD"
 behrouz mansoori
Med.
SNDK Technologies - Blind Sql Injection
"Designed by SNDK Technologies Pvt. Ltd."
 behrouz mansoori
Med.
CMS united - Blind Sql Injection
"Powered by CMS united"
 behrouz mansoori
Quick goto:

Bugtraq The latest CVEs Dorks
Search

Are you looking CVE for some product?

Top Vendors:

Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla
 
Full List of Vendors

Top Products:

Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx
 

Full List of Products

Top CWE:

CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)
 
Check CWE Dictionary

Donate:
is an open project developed and moderated fully by one independent person.
Help develop the project and make
Donations
Copyright 2023, cxsecurity.com

 

Back to Top