Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2020-08-06
High
High
Med.
2020-08-04
Low
Med.
Med.
Low
Med.
High
Med.
Low
High
2020-08-03
Med.

The latest CVEs

2020-08-05
CVE-2020-9036
Jeedom through 4.0.38 allows XSS.
CVE-2020-17366
An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation ".roa" files or X509 Certificate Revocation List files from the RPKI relying party...
CVE-2020-7298
Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real time scanning via a specially crafted object making a specific function call.
CVE-2020-16254
The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets (CSS) Injection (without attribute).
CVE-2020-15132
In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget password" feature on the login screen is used, Sulu asks the user for a username or email address. If the given string is not found, a response with a `400` error code is returned, along with a error message saying that this user name does not exist. This enables attacker...
CVE-2020-15127
In Contour ( Ingress controller for Kubernetes) before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. GET requests to /shutdown on port 8090 of the Envoy pod initiate Envoy's shutdown procedure. The shutdown procedure includes flipping the readiness endpoint to false, which remove...
CVE-2020-15113
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a g...
CVE-2020-15112
In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry.
CVE-2020-13404
The ATOS/Sips (aka Atos-Magento) community module 3.0.0 to 3.0.5 for Magento allows command injection.
CVE-2020-15106
In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant tryin...

Dorks

2020-08-06
Med.
IdeKode Local File Inclusion
inurl:link=page/berita.php
Xmall75
2020-08-04
Med.
Seabreeze Consulting – SQL Injection vulnerability( Multiple CVE )
"Seabreeze Consulting"
behrouz mansoori
2020-08-03
Med.
Tycoon Pacific – SQL Injection vulnerability
"Designed by Tycoon Pacific"
behrouz mansoori
Med.
Design by fajri.com – SQL Injection vulnerability
"Design by fajri.com"
behrouz mansoori
Med.
Opulent Solutions Design Default Admin Password
"Website Designed & Developed By Opulent Solutions."
behrouz mansoori

Copyright 2020, cxsecurity.com

 

Back to Top