Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2020-01-21
High
Med.
Med.
Med.
Med.
Low
Med.
Low
Med.
Med.
Med.
Low
Low

The latest CVEs

2020-01-21
CVE-2020-7470
Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via the Friendly Name 1 field (after a successful login with the Web Admin Password).
CVE-2019-3864
A vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where POST requests include a specific parameter which is used as a CSRF token. The token is not refreshed for every request or when a user logged out and in again. An attacker could use a leaked token to gain access to the system using the user's account.
CVE-2019-14768
An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges.
CVE-2019-14767
In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence (dossier=../) and servletrecuperefichier (document=../) allows an unauthenticated user to download arbitrary files from the server.
CVE-2019-14766
Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to browse the server filesystem.
CVE-2019-14765
Incorrect Access Control in AfficheExplorateurParam() in DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to use administrative controllers.
CVE-2012-5190
Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability
CVE-2011-5282
mIRC prior to 7.22 has a message leak because chopping of outbound messages is mishandled.
CVE-2011-4322
websitebaker prior to and including 2.8.1 has an authentication error in backup module.
CVE-2011-4095
Jara 1.6 has an XSS vulnerability

Dorks

2020-01-21
Med.
Built with WordPress and WP FanZone Themes 3.1 SQL Injection
Built with WordPress and WP FanZone site:ca
KingSkrupellos
Low
Dokuz Eylül Üniversitesi Bilgisayar Bölümü reflected xss
intext:csc.deu.edu.tr
Furkan Özer
2020-01-20
Med.
İstanbul Technical University Ottoman Architecture Texts Archives SQL Injection
Osmanlı Mimarlık Metinleri Arşivi site:itu.edu.tr
KingSkrupellos
Med.
Powered by myIT-School Education System HongKong XSS SQL Injection
inurl:/it-school/php/webcms/public/ site:edu.hk
KingSkrupellos
Low
izmir ekonomi üniversitesi XSS
site:ieu.edu.tr -www
Furkan Özer

Copyright 2020, cxsecurity.com

 

Back to Top