Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2018-09-23
Med.
Med.
Med.
Med.
2018-09-22
Low
Med.
Med.
Med.
Low
Med.
Med.
Med.
Med.

The latest CVEs

2018-09-23
CVE-2018-17404
The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android might allow an attacker to sniff private information such as mobile number, PAN number (from a government-issued ID), and date of birth.
CVE-2018-17403
The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to impersonate a user and set up their account without their knowledge.
CVE-2018-17402
The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to discover the Credit/Debit card number, expiration date, and CVV number.
CVE-2018-17401
The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by exploiting its Forgot Password feature.
CVE-2018-17400
The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by intercepting the user name and PIN during the initial configuration of the application.
CVE-2018-17369
An issue was discovered in springboot_authority through 2017-03-06. There is stored XSS via the admin/role/edit roleKey, name, or description parameter.
CVE-2018-17368
An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whether the username is valid, which makes it easier to conduct brute-force attacks.
CVE-2018-17407
An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex.
CVE-2018-17366
An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do.
CVE-2018-17364
OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via the accBackupDir parameter.

Dorks

2018-09-23
Med.
Designed & Developed by Brigadasoft Authentication Bypass Vulnerability
intext:''Designed & Developed by Brigadasoft''
KingSkrupellos
Med.
StNetwoork 3.0 Backdoor Account Vulnerability
"Diseño y Desarrollo CORPORACIÓN M&M"
indoushka
Med.
Developed By RKV IT Solutions Pvt. Ltd India Authentication Bypass Vulnerability
intext:''Developed By : RKV IT Solutions Pvt. Ltd''
KingSkrupellos
Med.
izeneth SQL Injection Vulnerability
"Powered by iZeneth Innovative Technologies"
MR Hashtag
2018-09-22
Low
StNetwoork 3.0 XsS Vulnerability
"Diseño y Desarrollo CORPORACIÓN M&M"
indoushka

Copyright 2018, cxsecurity.com

 

Back to Top