Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2019-10-19
Med.
Med.
Low
High
2019-10-18
High
Med.
Low
Med.
Low
Low
Med.
Med.
2019-10-17
Med.

The latest CVEs

2019-10-16
CVE-2019-17660
A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the tolang parameter, as demonstrated by the index.php/admin/translate/sa/index/surveyid/336819/lang/ PATH_INFO.
CVE-2019-11281
Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with admin...
CVE-2019-6334
HP LaserJet, PageWide, OfficeJet Enterprise, and LaserJet Managed Printers have a solution to check application signature that may allow potential execution of arbitrary code.
CVE-2019-17630
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen.
CVE-2019-17629
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen.
CVE-2019-16523
The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcodes (locations_map and events_map) provided by the plugin.
CVE-2019-16522
The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU Cookie Law (GDPR)) is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color, and the Disable Cookie text. An attacker with high privileges can attack other u...
CVE-2019-16521
The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS payload in the s_filter GET parameter in a filter_id=s...
CVE-2019-16520
The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in One SEO Pack) is susceptible to Stored XSS due to improper encoding of the SEO-specific description for posts provided by the plugin via unsafe placeholder replacement.
CVE-2019-15893
Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution.

Dorks

2019-10-18
Low
WordPress Soliloquy Lite 2.5.6 Cross Site Scripting
inurl:"wp-contentpluginssoliloquy-lite"
Unk9vvN
Low
WordPress FooGallery 1.8.12 Cross Site Scripting
inurl:"wp-contentpluginsfoogallery"
Unk9vvN
Low
WordPress Popup Builder 3.49 Cross Site Scripting
inurl:"wp-contentpluginspopupbuilder"
Unk9vvN
2019-10-17
Med.
3kits CMS Sql Injection Vulnerability
intext:"Designed & Developed By 3KITS" inurl:.php?id=
sir shahroukh
2019-10-16
Med.
Made in Globopex Bypass Sql Login
intext:"Made in Globopex"
MR.5T1Y0

Copyright 2019, cxsecurity.com

 

Back to Top