Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2020-02-22
Low
Med.
Med.
Med.
Med.
Med.
2020-02-21
Low
Low
High
Med.
Med.
2020-02-20
High
Med.

The latest CVEs

2020-02-24
CVE-2019-3670
Remote Code Execution vulnerability in the web interface in McAfee Web Advisor (WA) 8.0.34745 and earlier allows remote unauthenticated attacker to execute arbitrary code via a cross site scripting attack.
2020-02-23
CVE-2020-9355
danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled.
CVE-2020-9354
An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL allows an unauthenticated attacker to overwrite files via vectors involving an XML comment and /.. path traversal.
CVE-2020-9353
An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences in the elem XML element in the _transaction parameter.
CVE-2020-9352
An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a valid payload in the _transaction parameter.
CVE-2020-9351
An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error showing where the application resides (the absolute path).
CVE-2020-9350
Graph Builder in SAS Visual Analytics 8.5 allows XSS via a graph template that is accessed directly.
2020-02-22
CVE-2020-9342
The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive. This affects versions before 17.0.605.474 (on Linux) of Cloud Protection For Salesforce, Email and Server Security, and Internet GateKeeper.
CVE-2020-9341
CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI.
CVE-2020-9340
fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandidat.php id parameter.

Dorks

2020-02-22
Med.
Powered by COCSSYS Infotech - Bypass Admin
intext:All rights reserved | Powered by COCSSYS Infotech Pvt. Ltd.
Light Cyber Indonesia
Med.
Indonesian School - SQL Lokomedia Vulnerability
inurl:/hal-visi-misi.html site:.sch.id
Light Cyber Indonesia
Med.
Element Ajans Scripts Local File Inclusion Vulnerability
intext:Copyrigt © 2019 Element Ajans ®
Gaddar
Med.
colorcode - Bypass admin
"Designed & Developed By colorcode"
Xplo5ionS
Med.
Tom Cowan - Bypass admin with Noredirect
"Website by Tom Cowan"
Xplo5ionS

Copyright 2020, cxsecurity.com

 

Back to Top