Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2018-12-12
Med.
Med.
Low
Med.
High
Med.
Med.
Med.
Med.
Med.
Med.
Med.
Med.

The latest CVEs

2018-12-12
CVE-2018-20099
There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
CVE-2018-20098
There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
CVE-2018-20097
There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
CVE-2018-20096
There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function of pngimage.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
CVE-2018-20095
An issue was discovered in EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated by mp42hls.
CVE-2018-20094
An issue was discovered in XXL-CONF 1.6.0. There is a path traversal vulnerability via ../ in the keys parameter that can download any configuration file, related to ConfController.java and PropUtil.java.
CVE-2018-18397
The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c.
2018-12-11
CVE-2018-8652
A Cross-site Scripting (XSS) vulnerability exists when Windows Azure Pack does not properly sanitize user-provided input, aka "Windows Azure Pack Cross Site Scripting Vulnerability." This affects Windows Azure Pack Rollup 13.1.
CVE-2018-8651
A cross site scripting vulnerability exists when Microsoft Dynamics NAV does not properly sanitize a specially crafted web request to an affected Dynamics NAV server, aka "Microsoft Dynamics NAV Cross Site Scripting Vulnerability." This affects Microsoft Dynamics NAV.
CVE-2018-8649
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka "Windows Denial of Service Vulnerability." This affects Windows 10, Windows Server 2019.

Dorks

2018-12-12
Med.
Joomla Com_Acymailing Components 2.0.0 Database Backup Disclosure
inurl:''/administrator/components/com_acymailing/''
KingSkrupellos
Med.
Digitkart Multivendor Digital Products Marketplace V3.0 Backdoor Account Vulnerability
All Rights Reserved. Designed by Avigher "login"
indoushka
Med.
Wordpress theme cameleon arbitrary file upload
inurl:/wp-content/themes/cameleon
Security007
Med.
WordPress WP-Syntax Download Extension Plugins 1.1.1 Database Backup Disclosure
inurl:''/wp-content/plugins/wp-syntax-download-extension/''
KingSkrupellos
Med.
WordPress Simple-E-Commerce-Shopping-Cart Plugins 2.2.5 Database Backup Disclosure
inurl:''/wp-content/plugins/simple-e-commerce-shopping-cart/''
KingSkrupellos

Copyright 2018, cxsecurity.com

 

Back to Top