Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2020-08-10
Med.
Med.
Med.
Med.
Med.
2020-08-09
Med.
Med.
Med.
Med.
Med.
2020-08-07
Med.
High
Med.

The latest CVEs

2020-08-10
CVE-2020-8229
A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system.
CVE-2020-8224
A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory.
CVE-2020-6145
An SQL injection vulnerability exists in the frappe.desk.reportview.get functionality of ERPNext 11.1.38. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2020-6070
An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2020-13295
For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF.
CVE-2020-13294
In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application.
CVE-2020-13293
In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash.
CVE-2020-13292
In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow.
CVE-2020-4541
IBM Jazz Reporting Service 7.0 and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183039.
CVE-2020-4539
IBM Jazz Reporting Service 6.0.2, 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Dorks

2020-08-10
Med.
IDS – SQL Injection vulnerability
"Designed and Developed By IDS"
behrouz mansoori
2020-08-09
Med.
IRIran – SQL Injection vulnerability( Multiple CVE )
"Powered By: IRIran.net"
behrouz mansoori
Med.
Impression Technologies – SQL Injection vulnerability( Multiple CVE )
"Website | Impression Technologies"
behrouz mansoori
Med.
AEM Solutions – SQL Injection vulnerability
"Design & Devloped By:AEM Solutions"
behrouz mansoori
2020-08-07
Med.
IBSmng 1.24 - 'id' SQL Injection (Authenticated)
inurl:index.php inurl:group= inurl:mode=auto
Ultra Security Team

Copyright 2020, cxsecurity.com

 

Back to Top