Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2019-05-24
Med.
Low
Med.
2019-05-23
Med.
High
High
High
Med.
Low
Med.
Low
Low
Low

The latest CVEs

2019-05-24
CVE-2018-17843
SQL injection exists in ADD Clicking MLM Software 1.0, Binary MLM Software 1.0, Level MLM Software 1.0, Singleleg MLM Software 1.0, Autopool MLM Software 1.0, Investment MLM Software 1.0, Bidding MLM Software 1.0, Moneyorder MLM Software 1.0, Repurchase MLM Software 1.0, and Gift MLM Software 1.0 via the member/readmsg.php msg_id parameter, the mem...
CVE-2018-12624
An issue was discovered in Eventum 3.5.0. /htdocs/post_note.php has XSS via the garlic_prefix parameter.
CVE-2017-18375
Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php and democratic.class.php.
CVE-2016-10759
The Xinha plugin in Precurio 2.1 allows Directory Traversal, with resultant arbitrary code execution, via ExtendedFileManager/Classes/ExtendedFileManager.php because ExtendedFileManager can be used to rename the .htaccess file that blocks .php uploads.
CVE-2016-10758
PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php file to pkinc/admin/mediaarchive.php and pkinc/func/default.php via the image_name parameter.
CVE-2016-10757
In Redaxo 5.2.0, the cron management of the admin panel suffers from CSRF that leads to arbitrary Remote Code Execution via addons/cronjob/lib/types/phpcode.php.
CVE-2016-10756
Kliqqi 3.0.0.5 allows CSRF with resultant Arbitrary File Upload because module.php?module=upload can be used to configure the uploading of .php files, and then modules/upload/upload_main.php can be used for the upload itself.
CVE-2016-10755
AbanteCart 1.2.8 allows SQL Injection via the source_language parameter to admin/controller/pages/localisation/language.php and core/lib/language_manager.php, or via POST data to admin/controller/pages/tool/backup.php and admin/model/tool/backup.php.
CVE-2016-10754
modules/Calendar/Activity.php in Vtiger CRM 6.5.0 allows SQL injection via the contactidlist parameter.
CVE-2016-10753
e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.

Dorks

2019-05-23
Med.
Разработка сайта Artonica Russia Unauthorized File Insertion
intext:Разработка сайта: Artonica site:ru
KingSkrupellos
Med.
Web80.ir SQL INJECTION
site:web80.ir inurl:/File/post/index.php?id=
Bl4ckNiGth
Med.
WordPress 4.6.12 PHPL Plugins 1.0 Open Redirection
inurl:/wp-content/plugins/phpl/
KingSkrupellos
Low
WordPress 5.2.1 Dankov Planer Themes 1.1.2 Open Redirection
inurl:/wp-content/themes/planer/
KingSkrupellos
Low
WordPress 4.9.10 Aliyun Themes 5.2 Open Redirection
inurl:/wp-content/themes/aliyun/inc/
KingSkrupellos

Copyright 2019, cxsecurity.com

 

Back to Top