Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2019-09-15
Low
Low
Low
Low
Low
Med.
Med.
Med.
Med.
2019-09-14
Low
Med.
Med.
Med.

The latest CVEs

2019-09-15
CVE-2019-16321
ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demonstrated by the dwr/test/ PATH_INFO.
CVE-2019-16320
Cobham Sea Tel v170 224521 through v194 225444 devices allow attackers to obtain potentially sensitive information, such as a vessel's latitude and longitude, via the public SNMP community.
CVE-2019-16319
In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero.
2019-09-14
CVE-2019-16318
In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317.
CVE-2019-16317
In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerability than CVE-2019-10867 and CVE-2019-16318.
CVE-2019-16314
Indexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via /ndxzstudio/install.php?p=2.
CVE-2019-16313
ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code.
CVE-2019-16312
s-cms V3.0 has XSS in index.php?type=text via the S_id parameter.
CVE-2019-16311
NIUSHOP V1.11 has CSRF via search_info to index.php.
CVE-2019-16310
NIUSHOP V1.11 has XSS via the index.php?s=/admin URI.

Dorks

2019-09-15
Med.
Cabrera Propiedades (Blind SQL Injection)
"inurl:php?id= site:ar intext:propiedades"
intrackeable
2019-09-14
Med.
La Paz Shopping (SQL Injection / XSS Reflected)
"inurl:.php?id= site:.ar intext:shopping"
intrackeable
2019-09-13
Med.
Laprida Gobierno Municipal (SQL Injection)
"inurl:.php?id= site:.gov.ar"
intrackeable
2019-09-12
Med.
by Logic Indo Solution Bypass Admin Login
intext:"Supported by Logic Indo Solution © 2019"
Mr.X98
Med.
Turkish Real Estate Sites Sql İnjection
inurl:template/default/print.php?id=
efeb3y

Copyright 2019, cxsecurity.com

 

Back to Top