Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2021-10-17
Low
Med.
Low
Med.
Med.
Low
High
High
Med.
Med.
2021-10-14
Low
Med.
Med.

The latest CVEs

2021-10-18
CVE-2021-38297
Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.
CVE-2021-36097
Agents are able to lock the ticket without the "Owner" permission. Once the ticket is locked, it could be moved to the queue where the agent has "rw" permissions and gain a full control. This issue affects: OTRS AG OTRS 8.0.x version: 8.0.16 and prior versions.
CVE-2021-42565
myfactory.FMS before 7.1-912 allows XSS via the UID parameter.
CVE-2021-42566
myfactory.FMS before 7.1-912 allows XSS via the Error parameter.
CVE-2021-38562
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.
CVE-2021-41611
An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hij...
2021-10-16
CVE-2018-16060
Mitsubishi Electric SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI.
CVE-2018-16061
Mitsubishi Electric SmartRTU devices allow XSS via the username parameter or PATH_INFO to login.php.
2021-10-15
CVE-2021-27561
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.
CVE-2020-4951
IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.

Dorks

2021-10-17
Med.
Code For Share | SQL Injection Vulnerability
ip:54.162.128.250 .php?id=
Coder Hunter
2021-10-14
Low
Logitech Media Server 8.2.0 Cross Site Scripting
Search Logitech Media Server
Mert Das
2021-10-13
Low
Sonicwall SonicOS 7.0 Host Header Injection( CVE-2021-20031 )
inurl:"auth.html" intitle:"SonicWall"
Ramikan
2021-10-11
Med.
WordPress Pie Register 3.7.1.4 Privilege Escalation
inurl:/plugins/pie-register/
Lotfi13-DZ
Med.
Developed by VSFB DEVELOPERS ZONE - Sql Injection Vulnerability
"Website Developed by VSFB DEVELOPERS ZONE PVT. LTD."
behrouz mansoori

Copyright 2021, cxsecurity.com

 

Back to Top