Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2018-10-22
Med.
Med.
Med.
Med.
Med.
Low
Med.
Med.
Med.
Med.
Low
Low
Low

The latest CVEs

2018-10-22
CVE-2018-18583
An issue has been found in LuPng through 2017-03-10. It is a heap-based buffer overflow in insertByte in miniz/lupng.c during a write operation for data obtained from a swap.
CVE-2018-18582
An issue has been found in LuPng through 2017-03-10. It is a heap-based buffer overflow in insertByte in miniz/lupng.c during a write operation for data obtained from a palette.
CVE-2018-18581
An issue has been found in LuPng through 2017-03-10. It is a heap-based buffer over-read in internalPrintf in miniz/lupng.c.
CVE-2018-18579
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter.
CVE-2018-18578
DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter.
CVE-2018-13115
Lack of an authentication mechanism in KERUI Wifi Endoscope Camera (YPC99) allows an attacker to watch or block the camera stream. The RTSP server on port 7070 accepts the command STOP to stop streaming, and the command SETSSID to disconnect a user.
CVE-2018-13114
Missing authentication and improper input validation in KERUI Wifi Endoscope Camera (YPC99) allow an attacker to execute arbitrary commands (with a length limit of 19 characters) via the "ssid" value, as demonstrated by ssid:;ping 192.168.1.2 in the body of a SETSSID command.
CVE-2018-15704
Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp.
CVE-2018-15703
Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser.
CVE-2018-12246
Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker can target end users protected by WI with social engineering attacks using crafted URLs for legitimate web sites. A successful attack allows injecting malicious JavaScript code into the website's rendered copy ...

Dorks

2018-10-22
Med.
Powered By iByte Solutions - SQL Injection
intext:"Powered By iByte Solutions"
iKAM
Med.
Powered By Magical Cloud - SQL Injection
intext:"Powered By Magical Cloud"
iKAM
Med.
Powered By AryaNet - SQL Injection
intext:"by AryaNet" inurl:".php?id="
iKAM
2018-10-20
Med.
جميع الحقوق محفوظة لمعهد صناعة الحياة للتدريب والاستشارات © 2018 SQL Injection Vulnerability
intext:جميع الحقوق محفوظة لمعهد صناعة الحياة للتدريب والاستشارات © 2018 inurl:abroad/page.php?cid=
Rednofozi
2018-10-17
Med.
Heatmiser Wifi Thermostat 1.7 Credential Disclosure
intitle:"Heatmiser Wifi Thermostat"
d0wnp0ur

Copyright 2018, cxsecurity.com

 

Back to Top