|
The service detects malicious signatures in analysed files, by scanning it with 57 different commercial anti-malware.... |
This service shows statistics related to Tweets related to Cyber-Security, allowing to search them by keywords such as... |
This service collects data related to public available exploits. The database is updated daily through the official... |
This service identifies typical ransomware behaviours such as file ciphering. Differently from signature-based anti-... |
| Published | Description | |
|---|---|---|
| CVE-2020-14190 |
25-11-2020 23:15:00 |
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4. |
| CVE-2020-29074 |
25-11-2020 23:15:00 |
scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user. |
| CVE-2020-14191 |
25-11-2020 22:15:00 |
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4. |
| CVE-2020-29070 |
25-11-2020 20:15:00 |
osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters. |
| CVE-2020-26212 |
25-11-2020 17:15:00 |
GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.3, any authenticated user has read-only permissions to the planning of every other user, even admin ones. Steps to reproduce the behavior: 1. Create a new planning with 'eduardo.mozart' user (from 'IT' group that belongs to 'Super-admin') into it's personal planning at 'Assistance' > 'Planning'. 2. Copy the CalDAV url and use a CalDAV client (e.g. Thunderbird) to sync the planning with the provided URL. 3. Inform the username and password from any valid user (e.g. 'camila' from 'Proativa' group). 4. 'Camila' has read-only access to 'eduardo.mozart' personal planning. The same behavior happens to any group. E.g. 'Camila' has access to 'IT' group planning, even if she doesn't belong to this group and has a 'Self-service' profile permission). This issue is fixed in version 9.5.3. As a workaround, one can remove the `caldav.php` file to block access to CalDAV server. |
| Date | Title | Platform | Author |
|---|---|---|---|
|
25-11-2020 |
osCommerce 2.3.4.1 - 'title' Persistent Cross-Site Scripting | php | Emre Aslan |
|
25-11-2020 |
SyncBreeze 10.0.28 - 'password' Remote Buffer Overflow | windows | Abdessalam king |
|
25-11-2020 |
Wondershare Driver Install Service help 10.7.1.321 - 'ElevationService' Unquote Service Path | windows | Luis Sandoval |
|
25-11-2020 |
WonderCMS 3.1.3 - 'page' Persistent Cross-Site Scripting | php | Mayur Parmar |
|
24-11-2020 |
docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter) | windows | MasterVlad |
Italiano
English