Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2022-09-27
Med.
High
Med.
Med.
Med.
2022-09-25
High
Low
High
2022-09-24
Med.
Low
Low
High
High

Ostatnie CVE

2022-09-28
CVE-2022-40497
Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Response endpoint.
CVE-2022-38699
Armoury Crate Service??s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the system file and disrupt the system.
CVE-2022-39029
Smart eVision has inadequate authorization for the database query function. A remote attacker with general user privilege, who is not explicitly authorized to access the information, can access sensitive information.
CVE-2022-39030
smart eVision has inadequate authorization for system information query function. An unauthenticated remote attacker, who is not explicitly authorized to access the information, can access sensitive information.
CVE-2022-39031
Smart eVision has insufficient authorization for task acquisition function. An unauthorized remote attacker can exploit this vulnerability to acquire the Session IDs of other general users only.
CVE-2022-39032
Smart eVision has an improper privilege management vulnerability. A remote attacker with general user privilege can exploit this vulnerability to escalate to administrator privilege, and then perform arbitrary system command or disrupt service.
CVE-2022-39033
Smart eVision??s file acquisition function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication, access restricted paths to download and delete arbitrary system files to disrupt service.
CVE-2022-39034
Smart eVision has a path traversal vulnerability in the Report API function due to insufficient filtering for special characters in URLs. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication, access restricted paths and download system files.
CVE-2022-39035
Smart eVision has insufficient filtering for special characters in the POST Data parameter in the specific function. An unauthenticated remote attacker can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack.
CVE-2022-39053
Heimavista Rpage has insufficient filtering for platform web URL. An unauthenticated remote attacker can inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack.

Dorks

2022-09-25
Low
WordPress WP-UserOnline 2.88.0 Cross Site Scripting( CVE-2022-2941 )
inurl:/wp-content/plugins/wp-useronline/
UnD3sc0n0c1d0
2022-09-22
High
VIAVIWEB Wallpaper Admin SQL Injection / Shell Upload
intext:"Wallpaper Admin" "LOGIN" "password" "Username"
Edd13Mora
2022-09-15
Low
Genesys PureConnect - Interaction Web Tools XSS( CVE-2022-37775 )
inurl:"/I3Root/chatOrCallback.html"
Jake Murphy - Echelon Risk...
2022-09-13
Med.
Equitysoft Technologies Pvt Ltd - SQL Injection Vulnerability
"Equitysoft Technologies Pvt Ltd"
MR.$UD0
Med.
kansascitynova - Sql Injection Vulnerability
"Designed by kansascitynova"
Security Guard

Copyright 2022, cxsecurity.com

 

Back to Top