Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2020-07-04
Med.
Med.
High
High
Med.
Med.
2020-07-03
High
Low
High
2020-07-02
Med.
Med.
Med.
Med.

The latest CVEs

2020-07-05
CVE-2020-15530
An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows local users to gain NT AUTHORITY\SYSTEM privileges because some parts of %PROGRAMFILES(X86)%\Steam and/or %COMMONPROGRAMFILES(X86)%\Steam have weak permissions during a critical time window. An attacker can make this time window arbitrarily long by using opportunistic lo...
CVE-2020-15529
An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user installs a game or performs a verify/repair operation. The issue exists because of weak file permissions and can be exploited by using opportunistic locks.
CVE-2020-15528
An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user starts or uninstalls a game because of weak file permissions and missing file integrity checks.
2020-07-04
CVE-2020-15523
In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CAN...
2020-07-03
CVE-2020-7284
Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface (CLI).
CVE-2020-7283
Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to create and edit files via symbolic link manipulation in a location they would otherwise not have access to. This is achieved through running a malicious script or program on the target machine.
CVE-2020-7282
Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.
CVE-2020-7281
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.
CVE-2020-10282
The Micro Air Vehicle Link (MAVLink) protocol presents no authentication mechanism on its version 1.0 (nor authorization) whichs leads to a variety of attacks including identity spoofing, unauthorized access, PITM attacks and more. According to literature, version 2.0 optionally allows for package signing which mitigates this flaw. Another source m...
CVE-2020-10281
This vulnerability applies to the Micro Air Vehicle Link (MAVLink) protocol and allows a remote attacker to gain access to sensitive information provided it has access to the communication medium. MAVLink is a header-based protocol that does not perform encryption to improve transfer (and reception speed) and efficiency by design. The increasing po...

Dorks

2020-07-04
Med.
EATAN – SQL Injection vulnerability( Multiple CVE )
"Designed by 易透網"
Mostafa Farzaneh
Med.
MOBOTIX Live camera Vulnerability
inurl:"/control/userimage.html"
h4shur
High
ZenTao Pro 8.8.2 - Command Injection Dork
inurl:"/zentao/user-login.html"
X0P4SH4
2020-07-02
Med.
DataSoft Forum TR SQL Injection
inurl:forumdisplay.php?fid= "DataSoft"
blackh4wk
Med.
Everywhere – SQL Injection vulnerability( Multiple CVE )
"Design by Everywhere"
Mostafa Farzaneh

Copyright 2020, cxsecurity.com

 

Back to Top