Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2021-08-01
Med.
Low
Med.
Low
Med.
Low
2021-07-30
Low
Med.
Med.
Med.
Low
Med.
High

The latest CVEs

2021-08-02
CVE-2021-34556
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack.
CVE-2021-3351
OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the Device Name to the web server's Add New Device page.
CVE-2017-18113
The DefaultOSWorkflowConfigurator class in Jira Server and Jira Data Center before version 8.18.1 allows remote attackers who can trick a system administrator to import their malicious workflow to execute arbitrary code via a Remote Code Execution (RCE) vulnerability. The vulnerability allowed for various problematic OSWorkflow classes to be used a...
CVE-2021-35477
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value.
2021-08-01
CVE-2021-32066
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS comma...
2021-07-31
CVE-2021-37759
A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID).
CVE-2021-37760
A Session ID leak in the audit log in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID).
CVE-2020-26564
ObjectPlanet Opinio before 7.15 allows XXE attacks via three steps: modify a .css file to have <!ENTITY content, create a .xml file for a generic survey template (containing a link to this .css file), and import this .xml file at the survey/admin/folderSurvey.do?action=viewImportSurvey['importFile'] URI. The XXE can then be triggered at a admin/...
CVE-2020-26565
ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do from parameter. This can be used to retrieve possibly sensitive serverInfo data.
CVE-2020-26806
admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted File Upload of executable JSP files, resulting in remote code execution, because filePath can have directory traversal and fileContent can be valid JSP code.

Dorks

2021-08-01
Med.
Relieve Marketing y Web Sql Injection Vulnerability
"Created by Obra soft"
behrouz mansoori
2021-07-28
Med.
TripSpark VEO Transportation SQL Injection
inhtml:"Student Busing Information"
Sedric Louissaint
2021-07-27
Med.
Better Proposals: Online Proposal Software | SQL Injection
.php?id= betterproposals.io
0x01369
2021-07-26
Med.
Schoolsindia SQL Injection
intext:"Powered by Schoolsindia"
h4shur
2021-07-24
Med.
hamayeshnegar CMS 10.0.5 - Authentication Bypass
intext:"طراحی و پیاده سازی شده توسط : همایش نگار (ویرایش 10.0.5)"
Aryan Chehreghani

Copyright 2021, cxsecurity.com

 

Back to Top