Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2018-12-15
High
High
High
Low
Low
Low
Med.
2018-12-14
Med.
Med.
High
High
2018-12-13
Med.
Med.

The latest CVEs

2018-12-15
CVE-2018-20161
A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips (triggered by the motion sensor) are not saved if the attacker's traffic (such as Dot11Deauth) successfully disconnects the Sync Module from the Wi-Fi network. (Access to live video from the app...
CVE-2018-20159
i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a ".zip" file because a ZIP archive is accepted ...
2018-12-14
CVE-2018-20157
The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.
CVE-2018-20156
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated "site administrator" users to execute arbitrary PHP code throughout a multisite network.
CVE-2018-20155
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings.
CVE-2018-20154
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses.
CVE-2018-20153
In WordPress versions before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS.
CVE-2018-20152
In WordPress versions before 5.0.1, authors could bypass intended restrictions on post types via crafted input.
CVE-2018-20151
In WordPress versions before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was generated by default.
CVE-2018-20150
In WordPress versions before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins.

Dorks

2018-12-15
Med.
designed and developed by : japno IT department " SQL Injection "
"designed and developed by : japno IT department "
Bl4ck M4n
2018-12-13
Med.
WordPress JoeBooking Plugins 6.6.5 Database Backup Disclosure
inurl:''/wp-content/plugins/joebooking/''
KingSkrupellos
Med.
WordPress MagicMembers Plugins 1.0 Database Backup Disclosure
inurl:''/wp-content/plugins/magicmembers/core/libs/''
KingSkrupellos
Med.
WordPress TimeTable Responsive Schedule Plugins 5.4 Database Backup Disclosure
inurl:''/wp-content/plugins/timetable/dummy-content-files/''
KingSkrupellos
2018-12-12
Med.
Bangladesh Educational School & College Admin Panels
admin/login
Maruf Sakirim

Copyright 2018, cxsecurity.com

 

Back to Top