Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2020-12-03
Low
Med.
Low
Low
Low
Low
Med.
Med.
Med.
Med.
2020-12-02
Med.
Low
High

The latest CVEs

2020-12-03
CVE-2020-28939
OpenClinic version 0.8.2 is affected by a medical/test_new.php insecure file upload vulnerability. This vulnerability allows authenticated users (with substantial privileges) to upload malicious files, such as PHP web shells, which can lead to arbitrary code execution on the application server.
CVE-2020-28938
OpenClinic version 0.8.2 is affected by a stored XSS vulnerability in lib/Check.php that allows users of the application to force actions on behalf of other users.
CVE-2020-28937
OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient's medical test results, possibly resulting in disclosure of Protected Health Information (PHI) stored in the application, via a direct request for the /tests/ URI.
CVE-2020-2324
Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2020-2323
Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint, allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions.
CVE-2020-2322
Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks.
CVE-2020-2321
A cross-site request forgery (CSRF) vulnerability in Jenkins Shelve Project Plugin 3.0 and earlier allows attackers to shelve, unshelve, or delete a project.
CVE-2020-2320
Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not verify plugin downloads.
CVE-2020-14318
A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.
CVE-2020-6111
An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN 11.000 and Series B FRN 10.000. A specially crafted packet c...

Dorks

2020-12-03
Med.
ООО "СУ-3" - компания sql injection
intext:"ООО "СУ-3" - компания"
OmideMehraban
2020-12-01
High
Rejetto HttpFileServer 2.3.x Remote Command Execution( CVE-2014-6287 )
intext:"httpfileserver 2.3"
Oscar Andreu
2020-11-30
Med.
YATinyWinFTP Denial of Service (PoC)
None
strider
2020-11-28
Med.
Star Web Maker Sql Injection Vulnerability
"Designed by Star Web Maker"
behrouz mansoori
Med.
Stealth Media Ltd Sql Injection Vulnerability
"Website Designed & Developed By Stealth Media Ltd."
behrouz mansoori

Copyright 2020, cxsecurity.com

 

Back to Top