CXSECURITY.COM Free Security List

Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected

{{te.id}}. {{te.nameDis}} ({{te.count}})

Random comment

{{ x.title }}
{{ x.auth }}

Voted

{{ x.nameSh }} +{{x.pos}} {{x.neg}}

Check the Bugtraq

2023-11-29
Low	israel YCMS 4 - Remote File Upload - CSRF / Shell Upload 1933 (TURK TM - SS CYBER)
Med.	Tenda D151 2 - Authentication Bypass 1933 (TURK TM - SS CYBER)
High	inTouch-1.0 File Upload - RCE nu11secur1ty
2023-11-27
Med.	osCommerce 4 - Reflected XSS CVE-2023-6296 CraCkEr
2023-11-25
High	Next-Hour-5.6 - File Upload - RCE nu11secur1ty
2023-11-23
Med.	Magento 2.4.6 XSLT Server Side Injection / Command Execution tmrswrr
High	ActiveMQ-5.18.2 RCE-shell-reverse-Metasploit nu11secur1ty
High	ActiveMQ 5.18.2 RCE shell-upload nu11secur1ty
Med.	ActiveMQ-5.18.2 RCE-shell-reverse-Metasploit nu11secur1ty
Low	PHPJabbers Availability Booking Calendar 5.0 CSV Injection CVE-2023-48207 Rahad Chowdhury
Med.	emart-Laravel-Multi-Vendor-eCommerce-Advanced-CMS-V 5.0 (RELEASE 3.9.0) File Upload-RCE nu11secur1ty
Med.	WordPress UserPro 5.1.x Password Reset / Authentication Bypass / Escalation Multiple CVE Istvan Marton
2023-11-20
Low	EnBw SENEC Legacy Storage Box Log Disclosure CVE-2023-39167 Ph0s

The latest CVEs

2023-11-23
CVE-2023-4593	Path traversal vulnerability whose exploitation could allow an authenticated remote user to bypass SecurityManager's intended restrictions and list a parent directory via any filename, such as a multiple ..%2F value affecting the 'dodoc' parameter in the /MailAdmin_dll.htm file.
CVE-2023-4594	Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmin_dll.htm file.
CVE-2023-4595	An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca.
CVE-2023-28811	There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.
CVE-2023-39253	Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system.
CVE-2023-43086	Dell Command \| Configure, versions prior to 4.11.0, contains an improper access control vulnerability. A local malicious user could potentially modify files inside installation folder during application upgrade, leading to privilege escalation.
CVE-2023-44289	Dell Command \| Configure versions prior to 4.11.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation.
CVE-2023-44290	Dell Command \| Monitor versions prior to 10.10.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation.
CVE-2023-28812	There is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary code execution or cause process exception of the plug-in.
CVE-2023-28813	An attacker could exploit a vulnerability by sending crafted messages to computers installed with this plug-in to modify plug-in parameters, which could cause affected computers to download malicious files.

Dorks

2023-11-29
Low	israel YCMS 4 - Remote File Upload - CSRF / Shell Upload intext:נבנה ע"י לק"י בניית אתרים	1933 (TURK TM - SS CYBER)
2023-11-27
Med.	osCommerce 4 - Reflected XSS( CVE-2023-6296 ) Powered by osCommerce	CraCkEr
2023-11-16
Med.	Chillipages Technologies - Blind Sql Injection "Site by \| Chillipages Technologies"	behrouz mansoori
2023-11-12
Med.	Plesk Obsidian 18.0.56 command injecrion intitle:"Plesk Obsidian 18.0.56"	Hamza Anonime
2023-11-08
Med.	Virtual Pages - Sql Injection "Site by : Virtual Pages"	behrouz mansoori

Quick goto:

Bugtraq The latest CVEs Dorks
Search

Bugtraq

CVEMAP

By Author

CVE Id

CWE Id

By vendors

By products

Are you looking CVE for some product?

Top Vendors:
Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla

Full List of Vendors

Top Products:
Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx

Full List of Products

Top CWE:
CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)

Check CWE Dictionary

Donate:

is an open project developed and moderated fully by one independent person.

Help develop the project and make
Donations

Bugtraq Stats

CVE database

Affected

Random comment

Voted

2023-11-29

Low

Med.

High

2023-11-27

Med.

2023-11-25

High

2023-11-23

Med.

High

High

Med.

Low

Med.

Med.

2023-11-20

Low

The latest CVEs

2023-11-23

Dorks

2023-11-29

Low

2023-11-27

Med.

2023-11-16

Med.

2023-11-12

Med.

2023-11-08

Med.

Quick goto:

Are you looking CVE for some product?

Top Vendors:

Top Products:

Top CWE:

Donate:

is an open project developed and moderated fully by one independent person.

Help develop the project and makeDonations

Help develop the project and make
Donations