Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2018-10-15
High
High
Low
Med.
Low
High
High
Low
2018-10-13
High
Med.
High
Med.
Med.

The latest CVEs

2018-10-15
CVE-2018-18260
In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. The profile image in the User settings section can be run in the update / upload area via /admin/media/upload?actions=false.
CVE-2018-18259
Stored XSS has been discovered in version 1.0.12 of the LUYA CMS software via /admin/api-cms-nav/create-page.
CVE-2018-17980
NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers to gain privileges via a Trojan horse wintab32.dll file located in the same directory as a .nxs file, as demonstrated by a scenario where the .nxs file and the DLL are in the current working directory, and the Trojan horse code is executed. (The directory could, in general, be on a local...
CVE-2018-17534
Teltonika RUT9XX routers with firmware before 00.04.233 provide a root terminal on a serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges.
CVE-2018-17533
Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization.
CVE-2018-17532
Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges.
CVE-2018-15540
Agentejo Cockpit performs actions on files without appropriate validation and therefore allows an attacker to traverse the file system to unintended locations and/or access arbitrary files, aka /media/api Directory Traversal.
CVE-2018-15539
Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords, etc.
CVE-2018-15538
Agentejo Cockpit has multiple Cross-Site Scripting vulnerabilities.
CVE-2018-12154
Denial of Service in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unprivileged user to potentially create an infinite loop and crash an application via local access.

Dorks

2018-10-15
Low
Summernote Cross Site Scripting ( XSS ) Vulnerability
inurl:/summernote.php editor
0N3R1D3R
Med.
Seawind Solution SQL Injection
intext:Website Design & Developed By Seawind Solution Pvt. Ltd. inurl:.php?id=
Azerbaijan Cyber Army
2018-10-13
Med.
Design by Koncepts SQL Injection Vulnerability
"Design by Koncepts"
Iran Cyber Security Group
Med.
Đăng nhập Arbitrary File Upload
intext:Đăng nhập. Xác nhận. inurl:/xadmin
0N3R1D3R
2018-10-10
Med.
CustomPublish CMS - Login Admin panel Page Bypass
inurl:/admin/login.php and intitle:"CustomPublish CMS"
Inj3ct0r

Copyright 2018, cxsecurity.com

 

Back to Top