Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2021-05-06
Low
Med.
Med.
Low
Low
Med.
Low
Low
High
Low
High
2021-05-05
High
High

The latest CVEs

2021-05-06
CVE-2020-18888
Arbitrary File Deletion vulnerability in puppyCMS v5.1 allows remote malicious attackers to delete the file/folder via /admin/functions.php.
CVE-2020-18890
Rmote Code Execution (RCE) vulnerability in puppyCMS v5.1 due to insecure permissions, which could let a remote malicious user getshell via /admin/functions.php.
CVE-2021-31828
An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin's intended scope.
CVE-2019-25043
ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header.
CVE-2021-28151
Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) field to the tools.cgi ping command, which is accessible with the username guest and password guest.
CVE-2021-28149
Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ (e.g., ../../etc/passwd) This can be carried out with a web browser by changing the file name accordingly. Upon vi...
CVE-2020-18889
Cross Site Request Forgery (CSRF) vulnerability in puppyCMS v5.1 that can change the admin's password via /admin/settings.php.
CVE-2021-28152
Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. To connect, the telnet service is used on port 5188 with the default credentials of root:superzxmn.
CVE-2021-28150
Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi.
CVE-2021-31918
A flaw was found in tripleo-ansible version as shipped in Red Hat Openstack 16.1. The Ansible log file is readable to all users during stack update and creation. The highest threat from this vulnerability is to data confidentiality.

Dorks

2021-05-05
High
Ghostcat Vulnerability Remote Code Execution( CVE-2020-1938 )
python3 ajpshooter.py IP:ApachePort AjpPort /file/location read/eval
Chaitin Tech
2021-05-04
Med.
ILDIS v2 Applications Multiple Vulnerabilities
intitle:Signin | ILDIS JDIHN
KimiHmei7
2021-05-03
Med.
Technical Assistance explore IT Sql Injection Vulnerability
"Technical Assistance explore IT"
behrouz mansoori
2021-04-28
Low
Dulux - Html Injection Vulnerability
inurl : dulux site:.
Hz3666Ghost
2021-04-20
Med.
Irandesign.ir CMS SQL Injection
intext:"طراحی سایت توسط ایران دیزاین"
K0uR0sH3R

Copyright 2021, cxsecurity.com

 

Back to Top