Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2020-08-14
Low
High
Low
Med.
High
High
Med.
High
Med.
Low
2020-08-12
Med.
Med.
2020-08-11
Med.

The latest CVEs

2020-08-14
CVE-2020-17475
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.
CVE-2020-17474
A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to create arbitrary new users, elevate users to administrators, delete users, and download user faces from the database.
CVE-2020-17473
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.
CVE-2020-9767
CVE-2020-15694
In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get().contentLength() does not raise any error if a malicious server provides a negative Content-Length.
CVE-2020-15693
In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call (such as httpClient.get or httpClient.post), the User-Agent header value, or custom HTTP header names or values.
CVE-2020-15692
In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker can pass one argument to the underlying open command to execute arbitrary registered system commands.
CVE-2015-8033
In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account.
CVE-2015-8032
In Textpattern 4.5.7, an unprivileged author can change an article's markup setting.
CVE-2020-9708
The resolveRepositoryPath function doesn't properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. This issue may lead to unauthorized access of private Git repositories as long as the malicious user knows or brute-forces the location of the repository.

Dorks

2020-08-14
Low
vabase– Cross Site Scripting vulnerability (xss)
"Powered & Designed by vaBase.com"
Mostafa Farzaneh
2020-08-12
Med.
TRMH - SQL Injection vulnerability
more_details.php?id=
Mahdi Karimi
2020-08-11
Med.
Astronim Belarus gov CMS SQLi XSS
"Дизайн и программирование” astronim
BlackHasan
2020-08-10
Med.
IDS – SQL Injection vulnerability
"Designed and Developed By IDS"
behrouz mansoori
2020-08-09
Med.
IRIran – SQL Injection vulnerability( Multiple CVE )
"Powered By: IRIran.net"
behrouz mansoori

Copyright 2020, cxsecurity.com

 

Back to Top