Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2019-06-18
Med.
High
High
Med.
Med.
Med.
Med.
Med.
2019-06-17
Low
Low
Med.
High
Med.

The latest CVEs

2019-06-18
CVE-2018-18838
An issue was discovered in Netdata 1.10.0. Log Injection (or Log Forgery) exists via a %0a sequence in the url parameter to api/v1/registry.
CVE-2018-18837
An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c.
CVE-2018-18836
An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c.
CVE-2018-18802
The Tubigan "Welcome to our Resort" 1.0 software allows CSRF via admin/mod_users/controller.php?action=edit.
CVE-2019-7588
A vulnerability in the exacqVision Enterprise System Manager (ESM) v5.12.2 application whereby unauthorized privilege escalation can potentially be achieved. This vulnerability impacts exacqVision ESM v5.12.2 and all prior versions of ESM running on a Windows operating system. This issue does not impact any Windows Server OSs, or Linux deployments ...
CVE-2019-4142
IBM Cloud Private 2.1.0, 3.1.0, 3.1.1, and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158338.
CVE-2019-12872
dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via view_unpushed_bundles.jsp.
CVE-2018-18944
Artha ~ The Open Thesaurus 1.0.3.0 has a Buffer Overflow.
CVE-2018-18886
Helpy v2.1.0 has Stored XSS via the Ticket title.
CVE-2018-18880
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a networkdiags.php reflected Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script.

Dorks

2019-06-17
Med.
WordPress - ChurcHope Responsive Themes 4.7.x Directory Traversal Vulnerability
"/wp-content/themes/churchope/lib/"
indoushka
Med.
AutoLore VillMotor CrisciCars idveicoli SQL Injection
inurl:/index.php?pagina=parcoclienti site:it
KingSkrupellos
Med.
EmpNeusis Web Design XSS SQL Injection
intext:EmpNeusis Web Design and Hosting Services site:gr
KingSkrupellos
Low
Yurdum Software Reflected XSS Privilege Escalation
inurl:/?pnum= site:tr
KingSkrupellos
2019-06-16
Med.
Wordpress Plugins Simple-e-commerce-shopping-cart DatabaseSQL Backup Disclosure Vulnerability
inurl:/wp-content/plugins/simple-e-commerce-shopping-cart/
L4663r666h05t

Copyright 2019, cxsecurity.com

 

Back to Top