CXSECURITY.COM Free Security List

Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected

{{te.id}}. {{te.nameDis}} ({{te.count}})

Random comment

{{ x.title }}
{{ x.auth }}

Voted

{{ x.nameSh }} +{{x.pos}} {{x.neg}}

Check the Bugtraq

2024-05-14
Low	Chyrp 2.5.2 Cross Site Scripting Ahmet Umit Bayram
Med.	82webmaster - Blind Sql Injection behrouz mansoori
Med.	Webmirchi - Blind Sql Injection behrouz mansoori
High	Backdoor.Win32.AsyncRat / Arbitrary Code Execution malvuln
High	TrojanSpy.Win64.EMOTET.A / Arbitrary Code Execution malvuln
Low	Apache mod_proxy_cluster Cross Site Scripting CVE-2023-6710 Mohamed Mounir Boudjema
Low	Leafpub 1.1.9 Cross Site Scripting Ahmet Umit Bayram
2024-05-13
Med.	Kemp LoadMaster Local sudo Privilege Escalation bwatters-r7
Med.	Panel.SmokeLoader / Cross Site Request Forgery (CSRF) - Persistent XSS malvuln
Low	Esteghlal F.C. Cross Site Scripting E1.Coders
Med.	Prison Management System SQL Injection Authentication Bypass CVE-2024-33288 Sanjay Singh
2024-05-12
High	Microsoft PlayReady Complete Client Identity Compromise Adam Gowdiak
Med.	Castel Digital Authentication Bypass CCA469

Dorks

2024-05-15
CVE-2023-40297	Stakater Forecastle 1.0.139 and before allows %5C../ directory traversal in the website component.
CVE-2024-31409	Certain MQTT wildcards are not blocked on the CyberPower PowerPanel system, which might result in an attacker obtaining data from throughout the system after gaining access to any device.
CVE-2024-31410	The devices which CyberPower PowerPanel manages use identical certificates based on a hard-coded cryptographic key. This can allow an attacker to impersonate any client in the system and send malicious data.
CVE-2024-31856	An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. This could result in an attacker injecting SQL syntax, writing arbitrary files to the system, and executing remote code.
CVE-2024-32042	The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be recovered.
CVE-2024-32047	Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. This might result in an attacker gaining access to the testing or production server.
CVE-2024-32053	Hard-coded credentials are used by the CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud. This could result in an attacker gaining access to services with the privileges of a Powerpanel business application.
CVE-2024-33615	A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an attacker to achieve remote code execution.
CVE-2024-33625	CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authentication.
CVE-2024-34025	CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. This could result in an attacker bypassing authentication and gaining administrator privileges.

2024-05-14
Med.	82webmaster - Blind Sql Injection "Design & Developed By: 82webmaster"	behrouz mansoori
Med.	Webmirchi - Blind Sql Injection "Powered by Webmirchi"	behrouz mansoori
2024-05-12
Med.	Castel Digital Authentication Bypass "Castel Digital"	CCA469
2024-05-06
Med.	Kobiz Design - Sql Injection "Desing by Kobiz Design Co"	behrouz mansoori
2024-05-05
Med.	Oracuz - Blind Sql Injection "Design by Oracuz"	behrouz mansoori

Quick goto:

Bugtraq The latest CVEs Dorks
Search

Bugtraq

CVEMAP

By Author

CVE Id

CWE Id

By vendors

By products

Are you looking CVE for some product?

Top Vendors:
Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla

Full List of Vendors

Top Products:
Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx

Full List of Products

Top CWE:
CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)

Check CWE Dictionary

Donate:

is an open project developed and moderated fully by one independent person.

Help develop the project and make
Donations

Bugtraq Stats

CVE database

Affected

Random comment

Voted

2024-05-14

Low

Med.

Med.

High

High

Low

Low

2024-05-13

Med.

Med.

Low

Med.

2024-05-12

High

Med.

The latest CVEs

2024-05-15

Dorks

2024-05-14

Med.

Med.

2024-05-12

Med.

2024-05-06

Med.

2024-05-05

Med.

Quick goto:

Are you looking CVE for some product?

Top Vendors:

Top Products:

Top CWE:

Donate:

is an open project developed and moderated fully by one independent person.

Help develop the project and makeDonations

Help develop the project and make
Donations