Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2019-04-21
High
High
Med.
Med.
2019-04-20
Med.
Med.
Med.
Med.
Med.
Med.
2019-04-19
Med.
High
Med.

The latest CVEs

2019-04-20
CVE-2019-11378
An issue was discovered in ProjectSend r1053. upload-process-form.php allows finished_files[]=../ directory traversal. It is possible for users to read arbitrary files and (potentially) access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code.
CVE-2019-11377
wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload Vulnerability via developer/finder because .php is a valid extension according to the fm_get_text_exts function.
CVE-2019-11375
Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI.
CVE-2019-11374
74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI.
CVE-2019-11373
An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.
CVE-2019-11372
An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.
CVE-2019-11366
An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tft...
CVE-2019-11365
An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this vulnerable strncpy pattern within the code base, spe...
CVE-2019-11362
app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL injection via the Post:doReward score paramter, as demonstrated by the /do/reward/3 URI.
CVE-2019-11359
Cross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter.

Dorks

2019-04-21
Med.
Thailand Government CityVariety Corporation Error Based SQL Injection - Arbitrary File Download
intext:Powered By CityVariety Corporation site:go.th
KingSkrupellos
2019-04-20
Med.
LivroreClamacoes Grupo Ajulio Portugal SQL Injection
intext:Desenvolvido por AJTEC © 2018 Grupo AJúlio
KingSkrupellos
Med.
CyberDairy Solutions SQLi
".php?id=" "Powered by CyberDairy Solutions"
ABDO10
Med.
lai_nassim Design - Admin Panel Bypass & SQLi
allintext:": lai_nassim@hotmail.fr"
ABDO10
2019-04-19
Med.
Netcodes Technologies login bypass
allintext:"Design & Developed by Netcodes Technologies"
ABDO10

Copyright 2019, cxsecurity.com

 

Back to Top