|
This service identifies typical ransomware behaviours such as file ciphering. Differently from signature-based anti-... |
This service offers the possibility of searching public domain information related to known security hardware and... |
The service detects malicious signatures in analysed files, by scanning it with 57 different commercial anti-malware.... |
This service collects data related to public available exploits. The database is updated daily through the official... |
| Published | Description | |
|---|---|---|
| CVE-2020-15864 |
17-01-2021 20:15:00 |
An issue was discovered in Quali CloudShell 9.3. An XSS vulnerability in the login page allows an attacker to craft a URL, with a constructor.constructor substring in the username field, that executes a payload when the user visits the /Account/Login page. |
| CVE-2021-3113 |
17-01-2021 03:15:00 |
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and can then use that cookie immediately for admin access, |
| CVE-2021-3162 |
15-01-2021 22:15:00 |
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation. |
| CVE-2020-25533 |
15-01-2021 22:15:00 |
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct a situation where the same PID is used for running two different programs at different times, by leveraging a race condition during crafted use of posix_spawn. |
| CVE-2021-21245 |
15-01-2021 21:15:00 |
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to upload a WebShell to OneDev server. This issue is addressed in 4.0.3 by only allowing uploaded file to be in attachments folder. The webshell issue is not possible as OneDev never executes files in attachments folder. |
| Date | Title | Platform | Author |
|---|---|---|---|
|
15-01-2021 |
Online Hotel Reservation System 1.0 - 'description' Stored Cross-site Scripting | php | Mesut Cetin |
|
15-01-2021 |
WordPress Plugin Easy Contact Form 1.1.7 - 'Name' Stored Cross-Site Scripting (XSS) | php | Rahul Ramakant Singh |
|
15-01-2021 |
Alumni Management System 1.0 - _Last Name field in Registration page_ Stored XSS | php | Siva Rajendran |
|
15-01-2021 |
PHP-Fusion CMS 9.03.90 - Cross-Site Request Forgery (Delete admin shoutbox message) | php | Mohamed Oosman |
|
15-01-2021 |
EyesOfNetwork 5.3 - File Upload Remote Code Execution | multiple | Audencia Business SCHOOL Red Team |
Italiano
English