Italiano
English
La cybersecurity si impara da piccoli. Più di 1000 bambini (1007 per l’esattezza) delle scuole primarie e delle scuole secondarie di primo grado di tutta Italia durante quest’anno scolastico hanno potuto scoprire come navigare in maniera sicura e consapevole in Rete grazie ai laboratori sulla...
NEWS
SERVICES
|
The service offers a platform that allows Registrars to check for any performance and security problems present on... |
This service collects data related to public available exploits. The database is updated daily through the official... |
An onthology represents an important resource for the organisation of a domain's knowledge in a more detailed way by... |
This service analyses sets of email file in .eml format to identify the unsolicited ones (SPAM). Moreover, the service... |
LATEST CVE
| Published | Description | |
|---|---|---|
| CVE-2019-9892 |
21-05-2019 20:29:02 |
An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files on the OTRS filesystem. |
| CVE-2019-10067 |
21-05-2019 20:29:00 |
An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the context of OTRS. |
| CVE-2019-10066 |
21-05-2019 20:29:00 |
An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar 5.0.x through 5.0.12. An attacker who is logged into OTRS as an agent with appropriate permissions may create a carefully crafted calendar appointment in order to cause execution of JavaScript in the context of OTRS. |
| CVE-2019-6513 |
21-05-2019 18:29:19 |
An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one. |
| CVE-2019-12270 |
21-05-2019 17:29:00 |
OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configure excessive permissions by default on Windows. During installation, a displaylistcache file share is created on the Windows server with full read and write permissions for the Everyone group at both the NTFS and Share levels. The share is used to retrieve documents for processing, and to store processed documents for display in the browser. The only required share level access is read/write by the JobProcessor service account. At the local filesystem level, the only additional required permissions would be read/write from the servlet engine, such as Tomcat. (The affected server components are not installed with Content Server by default, and must be installed separately.) NOTE: the vendor's position is that customers are not supposed to use this default setting without consulting the documentation. |
Pages
LATEST EXPLOIT
| Date | Title | Platform | Author |
|---|---|---|---|
|
21-05-2019 |
Moodle Jmol Filter 6.1 - Directory Traversal / Cross-Site Scripting | php | Dionach Ltd |
|
21-05-2019 |
macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized | multiple | Google Security Research |
|
21-05-2019 |
macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register | multiple | Google Security Research |
|
21-05-2019 |
macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl | multiple | Google Security Research |
|
21-05-2019 |
TP-LINK TL-WR840N v5 00000005 - Cross-Site Scripting | hardware | purnendu ghosh |