Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2019-10-16
High
Med.
Med.
Med.
Low
2019-10-15
Med.
Low
High
Med.
Med.
Low
Med.
Med.

The latest CVEs

2019-10-16
CVE-2019-4031
IBM Workload Scheduler Distributed 9.2, 9.3, 9.4, and 9.5 contains a vulnerability that could allow a local user to write files as root in the file system, which could allow the attacker to gain root privileges. IBM X-Force ID: 155997.
CVE-2019-17627
The Yale Bluetooth Key application for mobile devices allows unauthorized unlock actions by sniffing Bluetooth Low Energy (BLE) traffic during one authorized unlock action, and then calculating the authentication key via simple computations on the hex digits of a valid authentication request. This affects the Yale ZEN-R lock and unspecified other l...
CVE-2019-17626
ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.
CVE-2019-17625
There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field when being processed and stored. This allows a user to craft a payload for Node.js and Electron, such as an exec of OS commands within the onerror attr...
CVE-2019-17624
In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2019-13392
A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette NateMail 3.0.15 allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note that this array is keyed via integers by default, so any s...
CVE-2016-11016
NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= XSS.
CVE-2016-11015
NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL parameter.
CVE-2016-11014
NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case.
2019-10-15
CVE-2019-17613
qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin&action=addjf via CSRF, as demonstrated by a payload in the content parameter.

Dorks

2019-10-16
Med.
Made in Globopex Bypass Sql Login
intext:"Made in Globopex"
MR.5T1Y0
2019-10-13
Med.
iPOT Technologies Bypass Admin
intext:"Powered by iPOT Technologies."
MR.5T1Y0
Med.
Neha Web Solutions Multiple vulnerabilities
intext:"Powered by Neha Web Solutions"
MR.5T1Y0
2019-10-12
Med.
Siteni Hazırla CMS - Local File Inclusion
Index of /sh-cdn/
z3r0fy
2019-10-11
Med.
Moduliti Creation De Site İnternet Professionnel XSS SQL Injection
/catalogueproduit.php? intext:Location de sites Web avec la solution Moduliti
KingSkrupellos

Copyright 2019, cxsecurity.com

 

Back to Top