Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2022-10-01
Low
Med.
High
High
Low
Med.
2022-09-29
Med.
Low
High
Low
Low
2022-09-28
High
Low

The latest CVEs

2022-10-01
CVE-2022-42002
SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete.
CVE-2022-34428
Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service.
CVE-2022-34429
Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.
CVE-2022-39268
### Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user's account. ### Patch Upgrade to v2022.09.10...
2022-09-30
CVE-2021-33354
Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter.
CVE-2022-40944
Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via sales-report-ds.php file.
CVE-2022-41870
AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload.
CVE-2022-41975
RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege escalation via MSI installer Repair mode.
CVE-2021-36865
Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 at WordPress allows attackers to change the content of the quiz.
CVE-2022-20662
A vulnerability in the smart card login authentication of Cisco Duo for macOS could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability exists because the assigned user of a smart card is not properly matched with the authenticating user. An attacker could exploit this vulnerability by configuring a s...

Dorks

2022-09-25
Low
WordPress WP-UserOnline 2.88.0 Cross Site Scripting( CVE-2022-2941 )
inurl:/wp-content/plugins/wp-useronline/
UnD3sc0n0c1d0
2022-09-22
High
VIAVIWEB Wallpaper Admin SQL Injection / Shell Upload
intext:"Wallpaper Admin" "LOGIN" "password" "Username"
Edd13Mora
2022-09-15
Low
Genesys PureConnect - Interaction Web Tools XSS( CVE-2022-37775 )
inurl:"/I3Root/chatOrCallback.html"
Jake Murphy - Echelon Risk...
2022-09-13
Med.
Equitysoft Technologies Pvt Ltd - SQL Injection Vulnerability
"Equitysoft Technologies Pvt Ltd"
MR.$UD0
Med.
kansascitynova - Sql Injection Vulnerability
"Designed by kansascitynova"
Security Guard

Copyright 2022, cxsecurity.com

 

Back to Top