NEWS

  • 05/08/2019 11:05:33

    Futuro 24 è rubrica di RaiNews24 dedicata a scienza e tecnologia, curata da Andrea Bettini e Marco Dedola. 

    Ogni settimana un viaggio verso il domani, alla scoperta dei luoghi dove si fa ricerca, dei protagonisti che vi lavorano e delle novità che promettono di cambiare...

  • 27/06/2019 12:54:04

    Esce oggi il Cybersecurity Act, nuovo strumento normativo europeo che punta a stabilire delle regole per una sicurezza informatica più coesa e comunitaria. Si tratta di un Regolamento che ha lo scopo di creare un quadro europeo ben definito sulla certificazione della sicurezza informatica di...

  • 20/06/2019 10:34:54

    Mozilla ha corretto Type Confusion, un bug che consentiva attacchi in remoto di un'efficacia devastante.

    SI trattava di una vulnerabilità zero-day che consentiva di avviare esecuzione di codice in remoto semplicemente attirando le vittime su un sito Internet sotto il controllo dei pirati...

  • 12/06/2019 12:16:12

    Niccolò Maggioni (corso di laurea in Informatica UniFi),  Ion Farima  (corso di laurea in Informatica UniFi), Lorenzo Coppi (ITIS Antonio Meucci, Firenze), Riccardo Degli Esposti (ITIS Antonio Meucci, Firenze) sono i quattro “hacker” toscani che hanno vinto le selezioni regionali per partecipare...

There are no events to display

SERVICES

The service shows a 3D representation of network traffic related to attacks on a honeypot in Pisa. In addition, the...

This service analyses sets of email file in .eml format to identify the unsolicited ones (SPAM). Moreover, the service...

This service identifies typical ransomware behaviours such as file ciphering. Differently from signature-based anti-...

An onthology represents an important resource for the organisation of a domain's knowledge in a more detailed way by...

LATEST CVE

Published Description
CVE-2019-17362
08-10-2019 21:15:10
In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.
CVE-2019-3980
08-10-2019 16:15:12
The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run under the Local System account.
CVE-2019-0380
08-10-2019 16:15:11
Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters? default values to be part of the application logs leading to Information Disclosure.
CVE-2019-0375
08-10-2019 16:15:11
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the export dialog box of the report name resulting in reflected Cross-Site Scripting.
CVE-2019-0379
08-10-2019 16:15:11
In SAP NetWeaver Process Integration (AS2 Adapter), before versions 1.0 and 2.0, the attacker is able to consistently bypass the authenticity check by crafting ad-hoc public certificates based on arbitrary key-pairs leading to Missing Authentication Check.

Pages

LATEST EXPLOIT

Date Title Platform Author
16-09-2019
docPrint Pro 8.0 - SEH Buffer Overflow windows Connor McGarr
16-09-2019
AppXSvc - Privilege Escalation windows Gabor Seljan
16-09-2019
Inteno IOPSYS Gateway - Improper Access Restrictions hardware Gerard Fuguet
14-09-2019
College-Management-System 1.2 - Authentication Bypass php cakes
14-09-2019
Ticket-Booking 1.4 - Authentication Bypass php cakes

Pages