NEWS & EVENTS

  • Fabio Martinelli at Cyrano event
    09/12/2020 13:02:00

    Cyrano event will be held on December 16th, 2020 form 10 to 12 am, to share ideas about the sectorial challenges in cyber security.

    During this event Fabio Martinelli will introduce the cyber security observatory, also promoted by E-CORRIDOR. All the stakeholders...

    Read More
  • Cybersecurity day 2020 - 9 ottobre 2020
    06/10/2020 18:01:22

    Il 9 ottobre, durante Internet Festival, avra’ luogo il Cybersecurity Day ( dell’Istituto di Informatica e Telematica del Cnr (IIT).

    All’evento parteciperanno esperti di settore, ricercatori, rappresentanti del mondo delle imprese. Nel corso della giornata saranno presentate le attività...

    Read More
  • Il Cyber Lab del Cnr si presenta alla Commissione Europea
    29/09/2020 11:45:53

    Il 24 settembre scorso Fabio Martinelli è stato invitato dalla Commissione Europea a parlare delle prossime sfide in cyber security nell'ambito degli European research and innovation days 2020.

    In questa occasione ha avuto cosi modo di illustrare le prossime attivita' di ricerca del Cyber...

    Read More
  • Uscito il bando di iscrizione per l'edizione 2020-2021 del Master in Cybersecurity
    04/09/2020 13:57:59

    Pubblicato il bando per la quinta edizione del Master in Cybersecurity dell'Università di Pisa, anno accademico 2020/21.

    Per immatricolarsi al Master, l’interessato deve collegarsi al Portale Alice all’indirizzo https://www.studenti.unipi.it...

    Read More

BLOGS & VIDEOS

Istituto di Informatica e Telematica
Cyber Security Day 2020
Lezioni di Scienza - Sicurezza Informatica di Fabio Martinelli
Ma Internet può rompersi?

SERVICES

Onthology

An onthology represents an important resource for the organisation of a domain's knowledge in a more detailed way by...

Read More
Vulnerability report

This service offers the possibility of searching public domain information related to known security hardware and...

Read More
3D maps attack

The service shows a 3D representation of network traffic related to attacks on a honeypot in Pisa. In addition, the...

Read More
Tweets analysis

This service shows statistics related to Tweets related to Cyber-Security, allowing to search them by keywords such as...

Read More

LATEST CVE

Published Description
CVE-2021-27581
05-03-2021 23:15:00
 The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter.
CVE-2021-28042
05-03-2021 22:15:00
 Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution.
CVE-2021-3420
05-03-2021 21:15:00
 A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow.
CVE-2020-29028
05-03-2021 21:15:00
 Cross-site Scripting (XSS) vulnerability in web GUI of Secomea GateManager allows an attacker to inject arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4.
CVE-2020-29020
05-03-2021 21:15:00
 Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware.

Pages

LATEST EXPLOIT

Date Title Platform Author
05-03-2021
 CatDV 9.2 - RMI Authentication Bypass java Christopher Ellis
05-03-2021
 Fluig 1.7.0 - Path Traversal multiple Lucas Souza
04-03-2021
 Online Ordering System 1.0 - Blind SQL Injection (Unauthenticated) php Suraj Bhosale
04-03-2021
 Textpattern CMS 4.9.0-dev - 'Excerpt' Persistent Cross-Site Scripting (XSS) php Tushar Vaidya
04-03-2021
 Textpattern CMS 4.8.4 - 'Comments' Persistent Cross-Site Scripting (XSS) php Tushar Vaidya

Pages

CERT feeds

Published Title URL
05-03-2021 Vulnerabilità su VMware View Planner (AL01/210305/CSIRT-ITA) CERT LINK
04-03-2021 Aggiornamento Google Chrome sana vulnerabilità 0-day (AL01/210304/CSIRT-ITA) CERT LINK
03-03-2021 Sfruttate vulnerabilità 0-day su Exchange Server (AL01/210303/CSIRT-ITA) CERT LINK
03-03-2021 Campagna phishing sfrutta ambienti di Rapid Web Development (AL02/210303/CSIRT-ITA) CERT LINK
02-03-2021 Campagna sLoad veicolata tramite PEC (AL01/210302/CSIRT-ITA) CERT LINK

Pages