Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2019-05-21
Med.
Med.
Med.
Med.
Med.
Med.
Med.
Low
Med.
Med.
Med.
Med.
Med.

The latest CVEs

2019-05-21
CVE-2019-10320
Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS#12 certificate.
CVE-2019-10319
A missing permission check in Jenkins PAM Authentication Plugin 1.5 and earlier, except 1.4.1 in PamSecurityRealm.DescriptorImpl#doTest allowed users with Overall/Read permission to obtain limited information about the file /etc/shadow and the user Jenkins is running as.
2019-05-20
CVE-2019-11816
Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request.
CVE-2019-12241
The Carts Guru plugin 1.4.5 for WordPress allows Insecure Deserialization via a cartsguru-source cookie to classes/wc-cartsguru-event-handler.php.
CVE-2019-12240
The Virim plugin 0.4 for WordPress allows Insecure Deserialization via s_values, t_values, or c_values in graph.php.
CVE-2019-12239
The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access.
CVE-2019-10078
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable.
CVE-2019-10077
A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.
CVE-2019-10076
A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.
CVE-2019-8352
By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could decrypt these credentials and use them to execute code or escalate privileges on the network.

Dorks

2019-05-21
Med.
Schwabe Slovakia WebDesign Studio Nandu Unauthorized File Insertion
intext:Copyright © 2012 Schwabe Slovakia s.r.o., webdesign studio nandu
KingSkrupellos
Med.
ImgHosting 1.3 Sql Injection Vulnerability
"ImgHosting Programming by FoxSash"
indoushka
Med.
Irantechnologhy IRANIAN CMS SQL injection
[intext:"By Irantechnologhy" inurl:*id=] & [intext:"ایران تکنولوژی" inurl:*id=]
S I R M A X
Med.
Netvidade Portugal Unauthorized File Insertion
intext:Desenvolvido por netvidade.com site:pt
KingSkrupellos
2019-05-20
Med.
phpKF 1.10 XSS / CSRF / SQL Injection
Yazılım: phpKF © 2007-2019
Ahmethan Gultekin

Copyright 2019, cxsecurity.com

 

Back to Top