|
The main goal of the tool is to provide a simple and quick tool for cyber risk self-assessment. The tool requires two... |
The service analyzes a DNS request log and detects if there are domain names which can be generated by a Domain... |
The service detects malicious signatures in analysed files, by scanning it with 57 different commercial anti-malware.... |
This service offers the possibility of searching public domain information related to known security hardware and... |
| Published | Description | |
|---|---|---|
| CVE-2020-28490 |
18-02-2021 15:15:00 |
The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters (back-ticks). For example: git.reset('atouch HACKEDb') |
| CVE-2020-9306 |
18-02-2021 00:15:00 |
Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of Hard-coded Credentials" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account. |
| CVE-2020-12878 |
18-02-2021 00:15:00 |
Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory. |
| CVE-2020-8625 |
17-02-2021 23:15:00 |
BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch |
| CVE-2021-27138 |
17-02-2021 23:15:00 |
The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT. |
| Date | Title | Platform | Author |
|---|---|---|---|
|
01-12-2020 |
Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting | php | B3KC4T |
|
01-12-2020 |
LEPTON CMS 4.7.0 - 'URL' Persistent Cross-Site Scripting | php | Sagar Banwa |
|
01-12-2020 |
Setelsa Conacwin 3.7.1.2 - Local File Inclusion | multiple | Bryan Rodriguez Martin |
|
01-12-2020 |
Tendenci 12.3.1 - CSV/ Formula Injection | multiple | Mufaddal Masalawala |
|
01-12-2020 |
Social Networking Site - Authentication Bypass (SQli) | php | gh1mau |
Italiano
English