• 09/12/2020 13:02:00

    Cyrano event will be held on December 16th, 2020 form 10 to 12 am, to share ideas about the sectorial challenges in cyber security.

    During this event Fabio Martinelli will introduce the cyber security observatory, also promoted by E-CORRIDOR. All the stakeholders...

  • 06/10/2020 18:01:22

    Il 9 ottobre, durante Internet Festival, avra’ luogo il Cybersecurity Day ( dell’Istituto di Informatica e Telematica del Cnr (IIT).

    All’evento parteciperanno esperti di settore, ricercatori, rappresentanti del mondo delle imprese. Nel corso della giornata saranno presentate le attività...

  • 29/09/2020 11:45:53

    Il 24 settembre scorso Fabio Martinelli è stato invitato dalla Commissione Europea a parlare delle prossime sfide in cyber security nell'ambito degli European research and innovation days 2020.

    In questa occasione ha avuto cosi modo di illustrare le prossime attivita' di ricerca del Cyber...

  • 04/09/2020 13:57:59

    Pubblicato il bando per la quinta edizione del Master in Cybersecurity dell'Università di Pisa, anno accademico 2020/21.

    Per immatricolarsi al Master, l’interessato deve collegarsi al Portale Alice all’indirizzo


The main goal of the tool is to provide a simple and quick tool for cyber risk self-assessment. The tool requires two...

The service analyzes a DNS request log and detects if there are domain names which can be generated by a Domain...

The service detects malicious signatures in analysed files, by scanning it with 57 different commercial anti-malware....

This service offers the possibility of searching public domain information related to known security hardware and...


Published Description
18-02-2021 15:15:00
The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters (back-ticks). For example: git.reset('atouch HACKEDb')
18-02-2021 00:15:00
Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of Hard-coded Credentials" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account.
18-02-2021 00:15:00
Digi ConnectPort X2e before allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/ and the /WEB/python/.ssh directory.
17-02-2021 23:15:00
BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch
17-02-2021 23:15:00
The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT.



Date Title Platform Author
Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting php B3KC4T
LEPTON CMS 4.7.0 - 'URL' Persistent Cross-Site Scripting php Sagar Banwa
Setelsa Conacwin - Local File Inclusion multiple Bryan Rodriguez Martin
Tendenci 12.3.1 - CSV/ Formula Injection multiple Mufaddal Masalawala
Social Networking Site - Authentication Bypass (SQli) php gh1mau