Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2019-09-15
Low
Low
Low
Low
Low
Med.
Med.
Med.
Med.
2019-09-14
Low
Med.
Med.
Med.

The latest CVEs

2019-09-14
CVE-2019-16318
In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317.
CVE-2019-16317
In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerability than CVE-2019-10867 and CVE-2019-16318.
CVE-2019-16314
Indexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via /ndxzstudio/install.php?p=2.
CVE-2019-16313
ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code.
CVE-2019-16312
s-cms V3.0 has XSS in index.php?type=text via the S_id parameter.
CVE-2019-16311
NIUSHOP V1.11 has CSRF via search_info to index.php.
CVE-2019-16310
NIUSHOP V1.11 has XSS via the index.php?s=/admin URI.
CVE-2019-16309
FlameCMS 3.3.5 has SQL injection in account/login.php via accountName.
CVE-2019-16307
A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers to inject arbitrary web script or HTML via the handle parameter (webExMeetingLogin.jsp) and meetingKey parameter (deleteWebExMeetingCheck.jsp).
CVE-2019-16294
SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.

Dorks

2019-09-15
Med.
Cabrera Propiedades (Blind SQL Injection)
"inurl:php?id= site:ar intext:propiedades"
intrackeable
2019-09-14
Med.
La Paz Shopping (SQL Injection / XSS Reflected)
"inurl:.php?id= site:.ar intext:shopping"
intrackeable
2019-09-13
Med.
Laprida Gobierno Municipal (SQL Injection)
"inurl:.php?id= site:.gov.ar"
intrackeable
2019-09-12
Med.
by Logic Indo Solution Bypass Admin Login
intext:"Supported by Logic Indo Solution © 2019"
Mr.X98
Med.
Turkish Real Estate Sites Sql İnjection
inurl:template/default/print.php?id=
efeb3y

Copyright 2019, cxsecurity.com

 

Back to Top