Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2019-05-21
High
Med.
Med.
Med.
Med.
Med.
Med.
Med.
Low
Med.
Med.
Med.
Med.

The latest CVEs

2019-05-21
CVE-2019-12253
my little forum before 2.4.20 allows CSRF to delete posts, as demonstrated by mode=posting&delete_posting.
CVE-2019-12251
sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadmin_ceditpost cvalue parameter.
CVE-2019-12250
IdentityServer IdentityServer4 through 2.4 has stored XSS via the httpContext to the host/Extensions/RequestLoggerMiddleware.cs LogForErrorContext method, which can be triggered by viewing a log.
CVE-2019-10320
Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS#12 certificate.
CVE-2019-10319
A missing permission check in Jenkins PAM Authentication Plugin 1.5 and earlier, except 1.4.1 in PamSecurityRealm.DescriptorImpl#doTest allowed users with Overall/Read permission to obtain limited information about the file /etc/shadow and the user Jenkins is running as.
2019-05-20
CVE-2019-11816
Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request.
CVE-2019-12241
The Carts Guru plugin 1.4.5 for WordPress allows Insecure Deserialization via a cartsguru-source cookie to classes/wc-cartsguru-event-handler.php.
CVE-2019-12240
The Virim plugin 0.4 for WordPress allows Insecure Deserialization via s_values, t_values, or c_values in graph.php.
CVE-2019-12239
The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access.
CVE-2019-10078
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable.

Dorks

2019-05-21
Med.
Schwabe Slovakia WebDesign Studio Nandu Unauthorized File Insertion
intext:Copyright © 2012 Schwabe Slovakia s.r.o., webdesign studio nandu
KingSkrupellos
Med.
ImgHosting 1.3 Sql Injection Vulnerability
"ImgHosting Programming by FoxSash"
indoushka
Med.
Irantechnologhy IRANIAN CMS SQL injection
[intext:"By Irantechnologhy" inurl:*id=] & [intext:"ایران تکنولوژی" inurl:*id=]
S I R M A X
Med.
Netvidade Portugal Unauthorized File Insertion
intext:Desenvolvido por netvidade.com site:pt
KingSkrupellos
2019-05-20
Med.
phpKF 1.10 XSS / CSRF / SQL Injection
Yazılım: phpKF © 2007-2019
Ahmethan Gultekin

Copyright 2019, cxsecurity.com

 

Back to Top