Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2019-06-16
Med.
Med.
Med.
Low
2019-06-15
High
High
Med.
Med.
Med.
Med.
Low
2019-06-14
High
Med.

The latest CVEs

2019-06-16
CVE-2019-12855
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
2019-06-15
CVE-2013-7472
The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter.
CVE-2019-12840
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
CVE-2019-12839
In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution.
CVE-2019-12835
formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::write via characters that require escaping.
CVE-2019-12831
In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too long for a database column) to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by truncation of aaaaaaaaaaaaaaaaaaaaaaaaaa.php.css to aaaaaaaaaaaaaaaaaaaaa...
CVE-2019-12830
In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue.
CVE-2019-12829
radare2 through 3.5.1 mishandles the RParse API, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, as demonstrated by newstr buffer overflows during replace operations. This affects libr/asm/asm.c and libr/parse/parse.c.
CVE-2019-12816
Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name.
2019-06-14
CVE-2019-9842
madskristensen MiniBlog through 2018-05-18 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in app_code/handlers/PostHandler.cs writes a decoded base64 string to a file without validating the extension.

Dorks

2019-06-16
Med.
Wordpress Plugins Simple-e-commerce-shopping-cart DatabaseSQL Backup Disclosure Vulnerability
inurl:/wp-content/plugins/simple-e-commerce-shopping-cart/
L4663r666h05t
Low
Demo Illustrations by Justin Mezzell reflected XSS
allintext:"Demo Illustrations by Justin Mezzell"
ABDO10
2019-06-15
Med.
Designed & Developed by Rlight NoRedirect Bypass
"Designed & Developed by Rlight"
Xplo5ionS
Med.
Cwcontrol Default Admin
inurl:/cwcontrol/
Minah.id A.k.a Dx666
Med.
Wordpress Plugins Cart66-Lite DatabaseSQL Backup Disclosure Vulnerability
"Index of /wp-content/plugins/cart66-lite/sql"
L4663r666h05t

Copyright 2019, cxsecurity.com

 

Back to Top