Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2021-10-21
Med.
Low
Med.
Med.
2021-10-20
Med.
Med.
2021-10-18
High
High
Low
Med.
2021-10-17
Low
Med.
Low

Ostatnie CVE

2021-10-22
CVE-2021-31682
The login portal for the Automated Logic WebCTRL/WebCTRL OEM web application contains a vulnerability that allows for reflected XSS attacks due to the operatorlocale GET parameter not being sanitized. This issue impacts versions 6.5 and below. This issue works by passing in a basic XSS payload to a vulnerable GET parameter that is reflected in the ...
CVE-2021-35230
As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry.
CVE-2021-36357
An issue was discovered in OpenPOWER 2.6 firmware. unpack_timestamp() calls le32_to_cpu() for endian conversion of a uint16_t "year" value, resulting in a type mismatch that can truncate a higher integer value to a smaller one, and bypass a timestamp check. The fix is to use the right endian conversion function.
CVE-2021-38449
Some API functions permit by-design writing or copying data into a given buffer. Since the client controls these parameters, an attacker could rewrite the memory in any location of the affected product.
CVE-2021-38451
The affected product??s proprietary protocol CSC allows for calling numerous function codes. In order to call those function codes, the user must supply parameters. There is no sanitation on the value of the offset, which allows the client to specify any offset and read out-of-bounds data.
CVE-2021-38453
Some API functions allow interaction with the registry, which includes reading values as well as data modification.
CVE-2021-38455
The affected product??s OS Service does not verify any given parameter. A user can supply any type of parameter that will be passed to inner calls without checking the type of the parameter or the value.
CVE-2021-38457
The server permits communication without any authentication procedure, allowing the attacker to initiate a session with the server without providing any form of authentication.
CVE-2021-38459
The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. If a specific .exe is not restarted often, it is possible to access the needed handshake packets between admin/client connections. Using the SYSDBA permission, an attacker can change user passwords or delete the database.
CVE-2021-38461
The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from binaries.

Dorks

2021-10-20
Med.
Optijet School Management System - Blind SQL Injection (Unauthenticated)
"okulsonuc.com"
MaliciousFolder
Med.
SonicWall SMA 10.2.1.0-17sv Password Reset( CVE-2021-20034 )
https://www.shodan.io/search?query=title%3A%22Virtual+Office%22+%22Server%3A+SonicWall%22
Jacob Baines
2021-10-18
Med.
Plastic SCM 10.0.16.5622 Insecure Direct Object Reference( CVE-2021-41382 )
title:"Plastic SCM"
Basavaraj Banakar
2021-10-17
Med.
Code For Share | SQL Injection Vulnerability
ip:54.162.128.250 .php?id=
Coder Hunter
2021-10-14
Low
Logitech Media Server 8.2.0 Cross Site Scripting
Search Logitech Media Server
Mert Das

Copyright 2021, cxsecurity.com

 

Back to Top