Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2021-07-24
Med.
Med.
2021-07-23
Med.
Med.
High
High
Low
2021-07-22
Med.
2021-07-21
High
Low
Med.
High
Low

The latest CVEs

2021-07-24
CVE-2021-32686
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no grou...
CVE-2021-32783
Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy remotely (a denial of service), or to expose the exis...
CVE-2020-20741
Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does not close the incoming connection on the Windows CE side if the credentials are incorrect.
CVE-2021-25808
A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file.
CVE-2021-25809
UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the adminchannelscache() function in top.php.
CVE-2021-3169
An issue in Jumpserver 2.6.2 and below allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.
2021-07-23
CVE-2021-25790
Multiple stored cross site scripting (XSS) vulnerabilities in the "Register" module of House Rental and Property Listing 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in all text fields except for Phone Number and Alternate Phone Number.
CVE-2021-25791
Multiple stored cross site scripting (XSS) vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields.
CVE-2021-23412
All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization.
CVE-2021-25201
SQL injection vulnerability in Learning Management System v 1.0 allows remote attackers to execute arbitrary SQL statements through the id parameter to obtain sensitive database information.

Dorks

2021-07-24
Med.
hamayeshnegar CMS 10.0.5 - Authentication Bypass
intext:"طراحی و پیاده سازی شده توسط : همایش نگار (ویرایش 10.0.5)"
Aryan Chehreghani
2021-07-23
Med.
Design & Developed By Sial Web - Html Injection
intext:"Design & Developed By Sial Web"
YangMangChun
High
Microsoft SharePoint Server 2019 Remote Code Execution (2)( CVE-2020-1147 )
inurl:quicklinks.aspx
West Shepherd
2021-07-22
Med.
Design & Developed By Nice Techno - Sqli
intext:"Design & Developed By Nice Techno" and inurl:?id=
YangMangChun
2021-07-21
Med.
Bluetooth Low Energy (BLE) USB Dongle | SQL Injection
.php?id= bleuio
0x01369

Copyright 2021, cxsecurity.com

 

Back to Top