Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2018-10-20
High
Low
Low
High
High
Med.
High
High
High
Med.
Med.
Med.
2018-10-19
High

The latest CVEs

2018-10-21
CVE-2018-18546
ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable.
CVE-2018-18545
Fiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name parameter.
CVE-2018-18544
There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16.
2018-10-20
CVE-2018-18541
In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download packets.
CVE-2018-18540
TeaKKi 2.7 allows XSS via a crafted onerror attribute for a picture's URL.
2018-10-19
CVE-2018-18438
Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.
CVE-2018-18428
TP-Link TL-SC3130 1.6.18P12_121101 devices allow unauthenticated RTSP stream access, as demonstrated by a /jpg/image.jpg URI.
CVE-2018-18420
Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI.
CVE-2018-18419
Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstrated by a .jpg filename to the /account URI.
CVE-2018-18417
In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI.

Dorks

2018-10-20
Med.
جميع الحقوق محفوظة لمعهد صناعة الحياة للتدريب والاستشارات © 2018 SQL Injection Vulnerability
intext:جميع الحقوق محفوظة لمعهد صناعة الحياة للتدريب والاستشارات © 2018 inurl:abroad/page.php?cid=
Rednofozi
2018-10-17
Med.
Heatmiser Wifi Thermostat 1.7 Credential Disclosure
intitle:"Heatmiser Wifi Thermostat"
d0wnp0ur
2018-10-16
Med.
Webmaster Atom Computer Software Counselling Improper Access Control Vulnerability
intext:''Webmaster Atom Bilgisayar Yazılım Danışmanllık'' site:meb.gov.tr
KingSkrupellos
Med.
PROGRAMERS SQL Injection Vulnerability
"Developed by PROGRAMERS"
Mr Hashtag
2018-10-15
Low
Summernote Cross Site Scripting ( XSS ) Vulnerability
inurl:/summernote.php editor
0N3R1D3R

Copyright 2018, cxsecurity.com

 

Back to Top