NEWS

There are no events to display

SERVICES

The service offers a survey to check the compliance of an organization with the GDPR (General Data Protection...

The service offers a platform that allows Registrars to check for any performance and security problems present on...

The service shows a 3D representation of network traffic related to attacks on a honeypot in Pisa. In addition, the...

The service aims at offering a representation of the  Cybersecurity domain through the creation of a controlled...

LATEST CVE

Published Description
CVE-2018-16381
05-09-2018 17:29:03
e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter.
CVE-2018-16361
05-09-2018 17:29:03
An issue was discovered in BTITeam XBTIT 2.5.4. news.php allows XSS via the id parameter.
CVE-2018-16307
05-09-2018 17:29:03
An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi Xiaomi_55DD Version 2.8.50 devices. It is possible to induce the application to retrieve the contents of an arbitrary external URL and return those contents in its own response. If a domain name (containing a random string) is used in the HTTP Host header, the application performs an HTTP request to the specified domain. The response from that request is then included in the application's own response.
CVE-2018-16252
05-09-2018 17:29:03
FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML External Entity Injection.
CVE-2018-15918
05-09-2018 17:29:02
An issue was discovered in Jorani 0.6.5. SQL Injection (error-based) allows a user of the application without permissions to read and modify sensitive information from the database used by the application via the startdate or enddate parameter to leaves/validate.

Pages