Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2021-01-22
High
Med.
Low
Med.
Med.
Low
Med.
Med.
Med.
Med.
Med.
Med.
2021-01-21
Low

The latest CVEs

2021-01-22
CVE-2020-12525
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
CVE-2020-12514
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd
CVE-2020-12513
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
CVE-2020-12512
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12511
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.
CVE-2021-21270
OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a customer API key used to connect to Octopus Server is exposed via logging in plaintext. This vulnerability is patched in version 4.0.1002.
CVE-2021-21260
Online Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini. In OIS version 4.0 there is a stored XSS which can enables an attacker takeover of the admin account through a payload that extracts a csrf token and sends a request to change password. It h...
CVE-2021-21259
HedgeDoc is open source software which lets you create real-time collaborative markdown notes. In HedgeDoc before version 1.7.2, an attacker can inject arbitrary JavaScript into a HedgeDoc note, which is executed when the note is viewed in slide mode. Depending on the configuration of the instance, the attacker may not need authentication to crea...
CVE-2020-4766
IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending malformed MQ data requests which would consume all available resources. IBM X-Force ID: 188093.
CVE-2020-28487
This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application.

Dorks

2021-01-22
Med.
Ainpex Solutions Sql Injection Vulnerability
"Powered by: Ainpex Solutions"
behrouz mansoori
Med.
Designed by GN DIGITAL - Admin Login Bypass
"Designed by GN DIGITAL"
behrouz mansoori
2021-01-20
Med.
Qboxus - Server Requirements Default Admin Password
intext:"Login in. To see it in action."
Milad Hacking
Med.
wordpress superstorefinder plugins Security misconfigurations bug
inurl:"wp-content/plugins/superstorefinder-wp/ssf-wp-admin/pages/exportAjax.php"
B4b4K kH4TaR
2021-01-17
Med.
Aplikasi Kartu Pelajar Vulnerability arbitrary file upload with CSRF(indonesian school)
intext:Responsive image aplikasi kartu pelajar sch.id
Meicookies

Copyright 2021, cxsecurity.com

 

Back to Top