Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2020-11-26
High
Med.
Med.
Med.
High
Med.
2020-11-25
Low
Med.
Med.
High
Low
Med.
High

The latest CVEs

2020-11-26
CVE-2020-7779
All versions of package djvalidator are vulnerable to Regular Expression Denial of Service (ReDoS) by sending crafted invalid emails - for example, --@------------------------------------------------------------------------------------------------------------------------!.
CVE-2020-7778
This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.
CVE-2020-29128
petl before 1.68, in some configurations, allows resolution of entities in an XML document.
CVE-2020-27255
A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious set attribute requests, which could result in the leaking of sensitive information. This information disclosure could lead to the bypass of address space layout randomization (ASLR)...
CVE-2020-27253
A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to specifically craft a malicious packet resulting in a denial-of-service condition on the device.
CVE-2020-27251
A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious port ranges, which could result in remote code execution.
CVE-2020-25653
A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confid...
CVE-2020-25652
A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Any unprivileged local guest user could use this flaw to prevent legitimate agents from connecting to the spice-vdagentd daemon, resulting in a denial of s...
CVE-2020-25651
A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to data confide...
2020-11-25
CVE-2020-29074
scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user.

Dorks

2020-11-26
Med.
MASTER TECNOLOGIA - Sql Injection Vulnerability
"Powered By Trynet Solutions"
behrouz mansoori
2020-11-24
Med.
Powered By Trynet Solutions Sql Injection Vulnerability
"Powered By Trynet Solutions"
behrouz mansoori
Med.
CyberDairy Solutions Sql Injection Vulnerability
"Designed by Star Web Maker"
behrouz mansoori
2020-11-23
Med.
Waters Computer Consultants Sql Injection Vulnerability
"Website by Waters Computer Consultants"
behrouz mansoori
Med.
Developed By Click Informatics - Sql Injection Vulnerability
"Developed By Click Informatics"
behrouz mansoori

Copyright 2020, cxsecurity.com

 

Back to Top