Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2019-05-20
Med.
Med.
Med.
Med.
Med.
Med.
Med.
Med.
Med.
Med.
Low
Med.
2019-05-19
Med.

The latest CVEs

2019-05-20
CVE-2019-12198
In GoHttp through 2017-07-25, there is a stack-based buffer over-read via a long User-Agent header.
CVE-2019-12185
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.
2019-05-19
CVE-2019-12184
There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element, a different vulnerability than CVE-2019-12136.
2019-05-18
CVE-2019-12173
MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138.
2019-05-17
CVE-2019-12172
Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137.
CVE-2019-12170
ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PHP files to be written to the web root, and for cod...
CVE-2019-12168
Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell (aka Administration > Commands) screen.
CVE-2019-8339
An issue was discovered in Sysdig through 0.24.2, as used in Falco through 0.14.0 and other products. A bypass allows local users to run malicious code without being detected because record_event_consumer in driver/main.c in sysdig-probe.ko (and falco-probe.ko) mishandles a free space calculation.
CVE-2019-12163
GAT-Ship Web Module through 1.30 allows remote attackers to obtain potentially sensitive information via {} in a ws/gatshipWs.asmx/SqlVersion request.
CVE-2019-11644
In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10, F-Secure PSB Workstation Security before 12.01, and F-Secure Computer Protection Standard and Premium before 19.3, a local user can escalate their pr...

Dorks

2019-05-20
Med.
baqai.edu.pk sql injection
site:baqai.edu.pk inurl:/NewsDetail.php?id=
AmirAli Sadeghi Tamiz
Med.
College of Architecture SQL Injection
intitle:"College of Architecture and Center for Design Nashik" photo-gallery.php?id=3
Cerkuday
Med.
Architecture SQL Injection
site:www.atelierdsync.com id=
Cerkuday
Med.
Xoops Wordpress Modules WP-Ktai 0.5.0 Japan Open Redirection
intext:WP-Ktai ver 0.5.0
KingSkrupellos
Med.
AlumniMagnet OmniMagnet Improper Access Control Vulnerability
intext:Powered By AlumniMagnet + inurl:/article.html?aid= site:org
KingSkrupellos

Copyright 2019, cxsecurity.com

 

Back to Top