Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2019-03-18
Low
Low
Low
Low
Low
Low
Low
Low
Low
Med.
Med.
Med.
Med.

The latest CVEs

2019-03-18
CVE-2019-6149
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
CVE-2018-15509
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).
2019-03-17
CVE-2018-20806
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).
2019-03-15
CVE-2019-5616
CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.
CVE-2018-20106
In yast2-printer up to and including version 4.0.2 the SMB printer settings don't escape characters in passwords properly. If a password with backticks or simliar characters is supplied this allows for executing code as root. This requires tricking root to enter such a password in yast.
CVE-2018-18205
Topvision CC8800 CMTS C-E devices allow remote attackers to obtain sensitive information via a direct request for /WebContent/startup.tar.gz with userName=admin in a cookie.
CVE-2018-17956
In yast2-samba-provision up to and including version 1.0.1 the password for samba shares was provided on the command line to tools used by yast2-samba-provision, allowing local attackers to read them in the process list
CVE-2018-17955
In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection
CVE-2018-17882
An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.
CVE-2019-9835
The receiver (aka bridge) component of Fujitsu Wireless Keyboard Set LX901 GK900 devices allows Keystroke Injection. This occurs because it accepts unencrypted 2.4 GHz packets, even though all legitimate communication uses AES encryption.

Dorks

2019-03-18
Low
WordPress 5.0.4 Zangai Themes Open Redirection
inurl:"/wp-content/themes/zangai/"
KingSkrupellos
Med.
WordPress 5.0.4 FormCraft Plugins 2.0 CSRF Backdoor Access Vulnerability
inurl:''/wp-content/plugins/formcraft/''
KingSkrupellos
Med.
WordPress 5.1.1 Liberator Themes Arbitrary File Download
inurl:"/wp-content/themes/liberator/inc/"
KingSkrupellos
Med.
WordPress 5.1.1 Green_Farming_New Themes Arbitrary File Download
inurl:''/wp-content/themes/green_farming_new/"
KingSkrupellos
Med.
WordPress 4.8.9 Rowe Themes Arbitrary File Download
inurl:''/wp-content/themes/rowe/''
KingSkrupellos

Copyright 2019, cxsecurity.com

 

Back to Top