Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2020-02-21
Med.
2020-02-20
High
Med.
Med.
High
High
Low
2020-02-19
Med.
Low
Low
Med.
Low
Low

The latest CVEs

2020-02-21
CVE-2020-5534
Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors.
CVE-2020-5533
Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2020-5525
Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen.
CVE-2020-5524
Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function.
CVE-2016-4606
Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks.
CVE-2014-7914
btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag.
2020-02-20
CVE-2020-8960
Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS.
CVE-2020-8601
Trend Micro Vulnerability Protection 2.0 is affected by a vulnerability that could allow an attack to use the product installer to load other DLL files located in the same directory.
CVE-2020-5243
uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted l...
CVE-2020-5242
openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user running openHAB. Starting with version 2.5.2 all commands need to be whitelisted in a local file which cannot be changed via REST calls.

Dorks

2020-02-21
Med.
Pengadilan Negeri Sidrap - SQL Injection
intext:"Pengadilan Negeri Sidrap"
Light Cyber Indonesia
2020-02-20
High
Techoriginator - Bypass admin
"Designed by Techoriginator"
Xplo5ionS
Med.
Rainhopes - Bypass admin with Noredirect
"Powered by Rainhopes"
Xplo5ionS
2020-02-19
Med.
Komquest Solutions - SQL Injection & Bypass admin Noredirect
"Powered by Komquest Solutions" ===================================================================================
Xplo5ioNS
Low
WordPress Fruitful 3.8 Cross Site Scripting
intext:"Fruitful theme by fruitfulcode Powered by: WordPress" intext:"Comment" intext:"Leave a Reply"
AmirMohammad Safari

Copyright 2020, cxsecurity.com

 

Back to Top