Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2019-07-17
Med.
Low
High
High
High
High
High
Med.
Med.
2019-07-16
High
High
Med.
High

The latest CVEs

2019-07-18
CVE-2019-13647
Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. The JavaScript code is executed during attachments/view/$file_id$ attachment viewing.
CVE-2019-13646
Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query.
CVE-2019-13645
Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. The JavaScript code is executed during attachments/edit/$file_id$ attachment editing.
CVE-2019-13644
Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction, and is executed on the tags/show/$tag_number$ tag summary page.
CVE-2019-13643
Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The attack begins by storing a new stream message containing an XSS payload. The stored payload can then be triggered by clicking a malicious link on the Notifications page.
2019-07-17
CVE-2019-5222
There is an information disclosure vulnerability on Secure Input of certain Huawei smartphones in Versions earlier than Tony-AL00B 9.1.0.216(C00E214R2P1). The Secure Input does not properly limit certain system privilege. An attacker tricks the user to install a malicious application and successful exploit could result in information disclosure.
CVE-2019-13640
In qBittorrent before 4.1.7, the function Application::runExternalProgram() located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, as demonstrated by remote command execution via a crafted name within an RSS feed.
CVE-2019-8932
Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application.
CVE-2019-8931
Redbrick Shift through 3.4.3 allows an attacker to extract emails of services (such as Gmail, Outlook, etc.) used in the application.
CVE-2019-3973
Comodo Antivirus versions 11.0.0.6582 and below are vulnerable to Denial of Service affecting CmdGuard.sys via its filter port "cmdServicePort". A low privileged process can crash CmdVirth.exe to decrease the port's connection count followed by process hollowing a CmdVirth.exe instance with malicious code to obtain a handle to "cmdSe...

Dorks

2019-07-17
Med.
phpFK 8.0 version Reinstall Add Admin Vulnerability
Powered by: phpFK
indoushka
2019-07-15
Med.
pixaal sql injection
inurl:.php?id= intext:"Developed by pixaal"
Mikayil Ilyas
2019-07-11
Low
Oracle Support Platform Service XSS Vulnerability
inurl:/app/answers/list
Zunfix
2019-07-07
Med.
Fédération Francaise de Voile SQL Injection Vulnerability
site:www.ffvoile.fr id=
Cerkuday
Med.
Cédia.fr SQL Injection Vulnerability
intext:"Cedia- Éditions Maradi - Copyright Cedia© 1999-2018 - 758."
Cerkuday

Copyright 2019, cxsecurity.com

 

Back to Top