CXSECURITY.COM Free Security List

Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected

{{te.id}}. {{te.nameDis}} ({{te.count}})

Random comment

{{ x.title }}
{{ x.auth }}

Voted

{{ x.nameSh }} +{{x.pos}} {{x.neg}}

Check the Bugtraq

2023-12-14
Med.	Purchase-Order-Management-System-1.0 File-Upload-RCE nu11secur1ty
2023-12-13
Med.	Webnet Digital Media - Sql Injection behrouz mansoori
Med.	dgNet Web Design - Blind Sql Injection behrouz mansoori
Med.	ApacheFriends-XAMPP-Version-8.2.12-Bypass-Microsoft-Security-Privilege-Escalation-LCE-RCE-0day nu11secur1ty
2023-12-11
Med.	PhoenixCart-1.0.8.20-File-Upload-Bypass-override-htaccess-security-RCE nu11secur1ty
Low	CE Phoenix v1.0.8.20 - Remote Code Execution (RCE) (Authenticated) tmrswrr
Med.	Marcin Woszczak - Sql Injection behrouz mansoori
2023-12-10
Med.	Kopage-Website-Builder-4.4.15-File-Upload-RCE nu11secur1ty
Med.	webdesign Dubai - Sql Injection behrouz mansoori
Low	Jewelry Shop Management System - Multiple XSS Eren Arslan
2023-12-09
Med.	inTouch-1.0 File Upload - RCE nu11secur1ty
Med.	firstideabooks - SQL Injection vulnerability Mahdi Karimi
Med.	Microsoft Defender Anti-Malware PowerShell API / Arbitrary Code Execution hyp3rlinx

The latest CVEs

2023-12-15
CVE-2023-36878	Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVE-2023-40954	A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka web_progress) v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recency parameter in models/web_progress.py component.
CVE-2023-42183	lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrictions, such as when U+1FEF is converted to a backtick.
CVE-2023-48050	SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (aka odoo-biometric-attendance) v. 13.0 through 16.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the db parameter in the controllers/controllers.py component.
CVE-2023-6831	Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
CVE-2023-6832	Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-50715	Home Assistant is open source home automation software. Prior to version 2023.12.3, the login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Version 2023.12.3 contains a patch for this issue. When starting the Home Assistant 2023.12 release, the login page returns all currentl...
CVE-2023-48371	ITPison OMICARD EDM??s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.
CVE-2023-48372	ITPison OMICARD EDM 's SMS-related function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database.
CVE-2023-48373	ITPison OMICARD EDM has a path traversal vulnerability within its parameter ??FileName? in a specific function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.

Dorks

2023-12-13
Med.	Webnet Digital Media - Sql Injection "Webnet Digital Media"	behrouz mansoori
Med.	dgNet Web Design - Blind Sql Injection "dgNet Web Design"	behrouz mansoori
2023-12-11
Med.	Marcin Woszczak - Sql Injection "design Marcin Woszczak"	behrouz mansoori
2023-12-10
Med.	webdesign Dubai - Sql Injection "Designed and developed by webdesign Dubai"	behrouz mansoori
2023-12-09
Med.	firstideabooks - SQL Injection vulnerability "Powered by firstideabooks"	Mahdi Karimi

Quick goto:

Bugtraq The latest CVEs Dorks
Search

Bugtraq

CVEMAP

By Author

CVE Id

CWE Id

By vendors

By products

Are you looking CVE for some product?

Top Vendors:
Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla

Full List of Vendors

Top Products:
Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx

Full List of Products

Top CWE:
CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)

Check CWE Dictionary

Donate:

is an open project developed and moderated fully by one independent person.

Help develop the project and make
Donations

Bugtraq Stats

CVE database

Affected

Random comment

Voted

2023-12-14

Med.

2023-12-13

Med.

Med.

Med.

2023-12-11

Med.

Low

Med.

2023-12-10

Med.

Med.

Low

2023-12-09

Med.

Med.

Med.

The latest CVEs

2023-12-15

Dorks

2023-12-13

Med.

Med.

2023-12-11

Med.

2023-12-10

Med.

2023-12-09

Med.

Quick goto:

Are you looking CVE for some product?

Top Vendors:

Top Products:

Top CWE:

Donate:

is an open project developed and moderated fully by one independent person.

Help develop the project and makeDonations

Help develop the project and make
Donations