Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2020-10-26
Low
Med.
Med.
Med.
2020-10-25
High
Med.
Med.
Med.
Med.
2020-10-24
Low
Low
2020-10-23
High
High

The latest CVEs

2020-10-26
CVE-2020-27743
libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). This could lead to use of a non-random/predictable session_id.
CVE-2020-26879
Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An unauthenticated attacker can interact with the service API by using a backdoor value as the Authorization header.
CVE-2020-26878
Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user via web.py.
CVE-2020-1915
An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScri...
CVE-2020-26566
A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP request.
CVE-2020-26161
In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header.
CVE-2020-25034
eMPS prior to eMPS 9.0 FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort, sort_by, search{URL], or search[attachment] parameter to the email search feature.
CVE-2020-15274
In Wiki.js before version 2.5.162, an XSS payload can be injected in a page title and executed via the search results. While the title is properly escaped in both the navigation links and the actual page title, it is not the case in the search results. Commit a57d9af34c15adbf460dde6553d964efddf433de fixes this vulnerability (version 2.5.162) by pro...
CVE-2020-15272
In the git-tag-annotation-action (open source GitHub Action) before version 1.0.1, an attacker can execute arbitrary (*) shell commands if they can control the value of [the `tag` input] or manage to alter the value of [the `GITHUB_REF` environment variable]. The problem has been patched in version 1.0.1. If you don't use the `tag` input you are mo...
CVE-2020-15271
In lookatme (python/pypi package) versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "file_loader" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is fixed in version 2.3.0. As a workaround, the `lookatme...

Dorks

2020-10-26
Med.
WordPress Plugin Rest Google Maps < 7.11.18 SQL Injection( CVE-2019-10692 )
inurl:index.php?rest_route=3D/wpgmza/
Jonatas Fil
Med.
MEGGIESCHNEIDER - SQL Injection vulnerability
"Powered by Meggieschneider"
Mahdi Karimi
2020-10-25
High
icewarp webmail 11.4.5.0 exploit
inurl:/webmail/ intext:Powered by IceWarp Server
0x94
Med.
Powered by Shambhala.Travel - SQL Injection vulnerability
"Powered by Shambhala.Travel"
behrouz mansoori
Med.
webinnovation - SQL Injection vulnerability
"site designed by webinnovation.net"
behrouz mansoori

Copyright 2020, cxsecurity.com

 

Back to Top