Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2019-12-04
Med.
Med.
Low
Med.
Med.
High
High
Low
High
2019-12-03
High
Med.
High
High

The latest CVEs

2019-12-05
CVE-2012-1592
A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.
CVE-2012-1115
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.
CVE-2012-1114
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php.
CVE-2019-19609
The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function.
CVE-2019-16770
A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough.
CVE-2019-16769
Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expression...
CVE-2019-16768
Exception messages from internal exceptions (like database exception) are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI. Therefore, some internal system information may leak and be visible to the customer. A validation message with the exception details will be presente...
CVE-2012-1105
An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner.
CVE-2019-7195
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.
CVE-2019-7194
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.

Dorks

2019-12-02
Low
Superlist - Directory WordPress Theme v2.9.2 Persistent XSS
/wp-content/themes/superlist/
SubversA
2019-12-01
Med.
Avanthi Group Admin Page Bypass
inurl: "/login.php" Avanthi Group
Moeein Seven
2019-11-30
Med.
Italian Hotels Blind SQL Injection vulnerability
inurl:camere-dettaglio.php?id= site:.it
H9xHacker
2019-11-29
Low
ListingPro - WordPress Directory Theme v2.0.14.2 Reflected & Persistent XSS
/wp-content/themes/listingpro/
SubversA
Med.
alfacommunication.it SQL Injection vulnerability
inurl:detail.php?id= site:.it
H9xHacker

Copyright 2019, cxsecurity.com

 

Back to Top