Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2019-05-18
Med.
Med.
2019-05-17
Med.
Low
Med.
Med.
Med.
Med.
Med.
Med.
Low
Med.
High

The latest CVEs

2019-05-18
CVE-2019-12173
MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138.
2019-05-17
CVE-2019-12172
Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137.
CVE-2019-12170
ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PHP files to be written to the web root, and for cod...
CVE-2019-12168
Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell (aka Administration > Commands) screen.
CVE-2019-8339
An issue was discovered in Sysdig through 0.24.2, as used in Falco through 0.14.0 and other products. A bypass allows local users to run malicious code without being detected because record_event_consumer in driver/main.c in sysdig-probe.ko (and falco-probe.ko) mishandles a free space calculation.
CVE-2019-12163
GAT-Ship Web Module through 1.30 allows remote attackers to obtain potentially sensitive information via {} in a ws/gatshipWs.asmx/SqlVersion request.
CVE-2019-11644
In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10, F-Secure PSB Workstation Security before 12.01, and F-Secure Computer Protection Standard and Premium before 19.3, a local user can escalate their pr...
CVE-2019-12161
WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses (such as 0300.0250 as a replacement for 192.168).
CVE-2019-12160
GoHTTP through 2017-07-25 has a sendHeader use-after-free.
CVE-2019-12159
GoHTTP through 2017-07-25 has a stack-based buffer over-read in the scan function (when called from getRequestType) via a long URL.

Dorks

2019-05-18
Med.
Ministryfocusets SQL Injection
intitle:"Ministry Focus ETS" id=
Cerkuday
Med.
Powered by Adox Solutions SQL INJECTION
intext:"Powered by Adox Solutions"
blackpetya
2019-05-17
Med.
BabyLYK SQL Injection
intext:"Website design A & H Design 2 Print & Web" id=
Cerkuday
Med.
Abstract of New Technology SQL Injection
intitle:"Abstract of New Technology" id=
Cerkuday
Med.
פלדות אלגר בנגב SQL Injection
intitle:פלדות אלגר בנגב cat=8&id_category=15
Cerkuday

Copyright 2019, cxsecurity.com

 

Back to Top