urlscan.io logo urlscan.io
SecurityTrails logo

cxsecurity.com Open in urlscan Pro
2a06:98c1:3120::3  Public Scan

Back to summary
Submitted URL: http://cxsecurity.com/
Effective URL: https://cxsecurity.com/
Submission Tags: tranco_l324
Submission: On March 14 via api from DE — Scanned from NL

Form analysis 0 forms found in the DOM

Text Content

 * Home
 * Bugtraq
   * Full List
   * 
   * Only Bugs
   * Only Tricks
   * Only Exploits
   * Only Dorks
   * Only CVE
   * Only CWE
   * 
   * Fake Notes
   * 
   * Ranking
 * CVEMAP
   * Full List
   * 
   * Show Vendors
   * Show Products
   * 
   * CWE Dictionary
   * 
   * Check CVE Id
   * Check CWE Id
 * Search
   * Bugtraq
   * 
   * CVEMAP
   * 
   * By author
   * 
   * CVE Id
   * CWE Id
   * 
   * By vendors
   * By products
 * RSS
   * Bugtraq
   * 
   * CVEMAP
   * CVE Products
   * 
   * Bugs
   * Exploits
   * Dorks
 * More
   * cIFrex
   * 
   * Facebook
   * Twitter
   * 
   * Donate
   * 
   * About

 * Submit

BUGTRAQ STATS

Yesterday: 5
Last month: 105
Current month: 94
Total: 40745

BEST HACKERS:

1. behrouz mansoori
2. Mr_Amir_Typer
3. Ersin Erenler
4. Meryem Taskin



CVE DATABASE

Last Update: 307
Last month: 2633
Current month: 2787
Total CVE: 237643

AFFECTED

1. postgres ad... (8)
2. mattermost ... (7)
3. windows ser... (5)
4. sinec ins (5)


RANDOM COMMENT

Chillipages Technologies - Blind Sql Injection
671254
i not hacker


VOTED

Savsoft Quiz v6.0 Enterprise - Persistent Cro... +1 0
Axiomatic - Sql Injection +1 0
DealBert Cross Site Scripting +1 0

CHECK THE BUGTRAQ

2024-03-13

LOW

SNIPEIT 6.2.1 STORED CROSS SITE SCRIPTING CVE-2023-5452
SHAHZAIB ALI KHAN

MED.

HUMAN RESOURCE MANAGEMENT SYSTEM 1.0 SQL INJECTION
SRIKAR

MED.

MSMS-PHP (BY: ORETNOM23 - 2024) V1.0 MULTIPLE-SQLI
NU11SECUR1TY

MED.

MSMS-PHP (BY: ORETNOM23 ) V1.0 FILE UPLOAD - RCE BROWSER USING
NU11SECUR1TY

HIGH

OSGI 3.18 REMOTE CODE EXECUTION
ANDRZEJ OLCHAWA

2024-03-11

HIGH

TP-LINK TL-WR740N BUFFER OVERFLOW / DENIAL OF SERVICE
ANISH FEROZ

MED.

RUPPEINVOICE-1.0 MULTIPLE-SQLI
NU11SECUR1TY

MED.

BACKDOOR.WIN32.BEASTDOOR.OQ / UNAUTHENTICATED REMOTE COMMAND EXECUTION
MALVULN

HIGH

ADOBE COLDFUSION 2018,15 / 2021,5 ARBITRARY FILE READ CVE-2023-26360
YOUSSEF MUHAMMAD

MED.

SANDHYA BRANDING AGENCY - SQL INJECTION
BEHROUZ MANSOORI

MED.

HITACHI NAS SMU BACKUP AND RESTORE INSECURE DIRECT OBJECT REFERENCE
CVE-2023-5808
ARSLAN MASOOD

HIGH

AKAUNTING 3.1.3 REMOTE COMMAND EXECUTION CVE-2024-22836
U32I

HIGH

DATACUBE3 1.0 SHELL UPLOAD CVE-2024-25832
SAMY YOUNSI






THE LATEST CVES

2024-03-14

CVE-2024-28251

QUERYBOOK IS A BIG DATA QUERYING UI, COMBINING COLLOCATED TABLE METADATA AND A
SIMPLE NOTEBOOK INTERFACE. QUERYBOOK'S DATADOCS FUNCTIONALITY WORKS BY USING A
WEBSOCKET SERVER. THE CLIENT TALKS TO THIS WSS WHENEVER
UPDATING/DELETING/READING ANY CELLS AS WELL AS FOR WATCHING THE LIVE STATUS OF
QUERY EXECUTIONS. CURRENTLY THE CORS SETTING ALLOWS ...

CVE-2024-25228

VINCHIN BACKUP AND RECOVERY 7.2 AND EARLIER IS VULNERABLE TO AUTHENTICATED
REMOTE CODE EXECUTION (RCE) VIA THE GETVERIFYDIYRESULT FUNCTION IN
MANOEUVREHANDLER.CLASS.PHP.

CVE-2024-25650

INSECURE KEY EXCHANGE BETWEEN DELINEA PAM SECRET SERVER 11.4 AND THE DISTRIBUTED
ENGINE 8.4.3 ALLOWS A PAM ADMINISTRATOR TO OBTAIN THE SYMMETRIC KEY (USED TO
ENCRYPT RABBITMQ MESSAGES) VIA CRAFTED PAYLOADS TO THE /PRE-AUTHENTICATE,
/AUTHENTICATE, AND /EXECUTE-AND-RESPOND REST API ENDPOINTS. THIS MAKES IT
POSSIBLE FOR A PAM ADMINISTRATOR TO IMPERSON...

CVE-2024-1221

THIS VULNERABILITY POTENTIALLY ALLOWS FILES ON A PAPERCUT NG/MF SERVER TO BE
EXPOSED USING A SPECIFICALLY FORMED PAYLOAD AGAINST THE IMPACTED API ENDPOINT.
THE ATTACKER MUST CARRY OUT SOME RECONNAISSANCE TO GAIN KNOWLEDGE OF A SYSTEM
TOKEN. THIS CVE ONLY AFFECTS LINUX AND MACOS PAPERCUT NG/MF SERVERS.

CVE-2024-1222

THIS ALLOWS ATTACKERS TO USE A MALICIOUSLY FORMED API REQUEST TO GAIN ACCESS TO
AN API AUTHORIZATION LEVEL WITH ELEVATED PRIVILEGES. THIS APPLIES TO A SMALL
SUBSET OF PAPERCUT NG/MF API CALLS.

CVE-2024-1223

THIS VULNERABILITY POTENTIALLY ALLOWS UNAUTHORIZED ENUMERATION OF INFORMATION
FROM THE EMBEDDED DEVICE APIS. AN ATTACKER MUST ALREADY HAVE EXISTING KNOWLEDGE
OF SOME COMBINATION OF VALID USERNAMES, DEVICE NAMES AND AN INTERNAL SYSTEM KEY.
FOR SUCH AN ATTACK TO BE SUCCESSFUL THE SYSTEM MUST BE IN A SPECIFIC RUNTIME
STATE.

CVE-2024-1654

THIS VULNERABILITY POTENTIALLY ALLOWS UNAUTHORIZED WRITE OPERATIONS WHICH MAY
LEAD TO REMOTE CODE EXECUTION. AN ATTACKER MUST ALREADY HAVE AUTHENTICATED ADMIN
ACCESS AND KNOWLEDGE OF BOTH AN INTERNAL SYSTEM IDENTIFIER AND DETAILS OF
ANOTHER VALID USER TO EXPLOIT THIS.

CVE-2024-25649

IN DELINEA PAM SECRET SERVER 11.4, IT IS POSSIBLE FOR AN ATTACKER (WITH
ADMINISTRATOR ACCESS TO THE SECRET SERVER MACHINE) TO READ THE FOLLOWING DATA
FROM A MEMORY DUMP: THE DECRYPTED MASTER KEY, DATABASE CREDENTIALS (WHEN SQL
SERVER AUTHENTICATION IS ENABLED), THE ENCRYPTION KEY OF RABBITMQ QUEUE
MESSAGES, AND SESSION COOKIES.

CVE-2024-25651

USER ENUMERATION CAN OCCUR IN THE AUTHENTICATION REST API IN DELINEA PAM SECRET
SERVER 11.4. THIS ALLOWS A REMOTE ATTACKER TO DETERMINE WHETHER A USER IS VALID
BECAUSE OF A DIFFERENCE IN RESPONSES FROM THE /OAUTH2/TOKEN ENDPOINT.

CVE-2024-25652

IN DELINEA PAM SECRET SERVER 11.4, IT IS POSSIBLE FOR A USER (WITH ACCESS TO THE
REPORT FUNCTIONALITY) TO GAIN UNAUTHORIZED ACCESS TO REMOTE SESSIONS CREATED BY
LEGITIMATE USERS.




DORKS

2024-03-11

MED.

SANDHYA BRANDING AGENCY - SQL INJECTION
"POWERED BY : SANDHYA BRANDING AGENCY"

behrouz mansoori

2024-03-06

HIGH

ELFINDER WEB FILE MANAGER VERSION 2.1.53 REMOTE COMMAND EXECUTION
INTITLE:"ELFINDER 2.1.53"

tmrswrr

2024-03-03

LOW

GL.INET AR300M V3.216 REMOTE CODE EXECUTION CVE-2023-46456 EXPLOIT(
CVE-2023-46456 )
INTITLE:"GL.INET ADMIN PANEL"

Michele 'cyberaz0r�...

2024-02-28

MED.

AGENCIA NUBA- SQL INJECTION
"DISEÑO Y PROGRAMACIÓN AGENCIA NUBA"

behrouz mansoori

MED.

FICUS GLOBAL - BLIND SQL INJECTION
"DESIGNED & MAINTAINED BY FICUS GLOBAL"

behrouz mansoori

QUICK GOTO:

BUGTRAQ THE LATEST CVES DORKS
SEARCH
 * BUGTRAQ
 * 
 * CVEMAP
 * 
 * BY AUTHOR
 * 
 * CVE ID
 * CWE ID
 * 
 * BY VENDORS
 * BY PRODUCTS



ARE YOU LOOKING CVE FOR SOME PRODUCT?




TOP VENDORS:

Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla
 
Full List of Vendors

--------------------------------------------------------------------------------


TOP PRODUCTS:



LINUX KERNEL MAC OS X WINDOWS XP WINDOWS 10 FLASH PLAYER ADOBE READER PHP JRE
JDK
WORDPRESS JOOMLA CHROME IE FIREFOX SAFARI HTTPD TOMCAT NGINX
 


FULL LIST OF PRODUCTS



--------------------------------------------------------------------------------



TOP CWE:

CWE-89 (SQL INJECTION) CWE-79 (XSS) CWE-119 (BUFFER OVERFLOW) CWE-22 (PATH
TRAVERSAL)
 
CHECK CWE DICTIONARY

--------------------------------------------------------------------------------



DONATE:

IS AN OPEN PROJECT DEVELOPED AND MODERATED FULLY BY ONE INDEPENDENT PERSON.

HELP DEVELOP THE PROJECT AND MAKE
DONATIONS



--------------------------------------------------------------------------------

Copyright 2024, cxsecurity.com

 

Back to Top