NEWS & EVENTS

SERVICES

The service offers a platform that allows Registrars to check for any performance and security problems present on...

The main goal of the tool is to provide a simple and quick tool for cyber risk self-assessment. The tool requires two...

An onthology represents an important resource for the organisation of a domain's knowledge in a more detailed way by...

The service detects malicious signatures in analysed files, by scanning it with 57 different commercial anti-malware....

LATEST CVE

Published Description
CVE-2020-24847
23-10-2020 19:15:00
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticated attacker can change the newSSID and hostapd_wpa_passphrase.
CVE-2020-24848
23-10-2020 19:15:00
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
CVE-2020-25483
23-10-2020 18:15:00
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
CVE-2020-5990
23-10-2020 18:15:00
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
CVE-2020-5977
23-10-2020 18:15:00
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.

Pages

LATEST EXPLOIT

Pages