Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2018-11-13
High
Med.
Med.
2018-11-12
Med.
Med.
Med.
High
Med.
Low
Med.
Med.
Med.
Med.

The latest CVEs

2018-11-12
CVE-2018-19229
An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/art.php?typeid=1 biaoti parameter.
CVE-2018-19228
An issue was discovered in LAOBANCMS 2.0. It allows arbitrary file deletion via ../ directory traversal in the admin/pic.php del parameter, as demonstrated by deleting install/install.txt to permit a reinstallation.
CVE-2018-19227
An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/liuyan.php neirong[] parameter.
CVE-2018-19226
An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to list .txt files via a direct request for the /data/0/admin.txt URI.
CVE-2018-19225
An issue was discovered in LAOBANCMS 2.0. admin/mima.php has CSRF.
CVE-2018-19224
An issue was discovered in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and guanliyuan cookies.
CVE-2018-19223
An issue was discovered in LAOBANCMS 2.0. It allows XSS via the first input field to the admin/type.php?id=1 URI.
CVE-2018-19222
An issue was discovered in LAOBANCMS 2.0. It allows a /install/mysql_hy.php?riqi=0&i=0 attack to reset the admin password, even if install.txt exists.
CVE-2018-19221
An issue was discovered in LAOBANCMS 2.0. It allows SQL Injection via the admin/login.php guanliyuan parameter.
CVE-2018-19220
An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to execute arbitrary PHP code via the host parameter to the install/ URI.

Dorks

2018-11-12
Med.
Powered By Dimofinf CMS Version 4.0.0 Saudi-Arabia Government Unauthorized Arbitrary Insert File Vulnerability
intext:''Powered by Dimofinf cms Version 4.0.0'' site:gov.sa
KingSkrupellos
Med.
Design and Developed by TechSparkIT Limited Bangladesh Education Unauthorized Insert File Vulnerability
intext:''Design and Developed by : TechSparkIT Ltd.'' site:edu.bd
KingSkrupellos
Med.
Design & Develop by Mahamud Bangladesh Education Unauthorized Arbitrary Insert File Vulnerability
intext:''Design & Develop by Mahamud.'' site:edu.bd
KingSkrupellos
2018-11-10
Med.
WB4Host Saudi Arabia Hosting Company النطاق الواسع للاستضافة SQL Injection Vulnerability
intext:''النطاق الواسع للاستضافة'' site:sa
KingSkrupellos
Med.
Sadv.Com.Sa Hosting شعوب المتقدمة Shooub Adv CMS V.1 SQL Injection Vulnerability
intext:''© جميع الحقوق محفوظة لشركة شعوب المتقدمة'' site:sa
KingSkrupellos

Copyright 2018, cxsecurity.com

 

Back to Top