NEWS

  • 05/08/2019 11:05:33

    Futuro 24 è rubrica di RaiNews24 dedicata a scienza e tecnologia, curata da Andrea Bettini e Marco Dedola. 

    Ogni settimana un viaggio verso il domani, alla scoperta dei luoghi dove si fa ricerca, dei protagonisti che vi lavorano e delle novità che promettono di cambiare...

  • 27/06/2019 12:54:04

    Esce oggi il Cybersecurity Act, nuovo strumento normativo europeo che punta a stabilire delle regole per una sicurezza informatica più coesa e comunitaria. Si tratta di un Regolamento che ha lo scopo di creare un quadro europeo ben definito sulla certificazione della sicurezza informatica di...

  • 20/06/2019 10:34:54

    Mozilla ha corretto Type Confusion, un bug che consentiva attacchi in remoto di un'efficacia devastante.

    SI trattava di una vulnerabilità zero-day che consentiva di avviare esecuzione di codice in remoto semplicemente attirando le vittime su un sito Internet sotto il controllo dei pirati...

  • 12/06/2019 12:16:12

    Niccolò Maggioni (corso di laurea in Informatica UniFi),  Ion Farima  (corso di laurea in Informatica UniFi), Lorenzo Coppi (ITIS Antonio Meucci, Firenze), Riccardo Degli Esposti (ITIS Antonio Meucci, Firenze) sono i quattro “hacker” toscani che hanno vinto le selezioni regionali per partecipare...

There are no events to display

SERVICES

The service detects malicious signatures in analysed files, by scanning it with 57 different commercial anti-malware....

This service analyses sets of email file in .eml format to identify the unsolicited ones (SPAM). Moreover, the service...

An onthology represents an important resource for the organisation of a domain's knowledge in a more detailed way by...

This service collects data related to public available exploits. The database is updated daily through the official...

LATEST CVE

Published Description
CVE-2019-0374
08-10-2019 16:15:11
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the chart title resulting in reflected Cross-Site Scripting
CVE-2019-0378
08-10-2019 16:15:11
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before version 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the file name of the background image resulting in Stored Cross-Site Scripting.
CVE-2019-0370
08-10-2019 16:15:11
Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection.
CVE-2019-10757
08-10-2019 16:15:11
knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB.
CVE-2019-0377
08-10-2019 16:15:11
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the input controls, resulting in Stored Cross-Site Scripting.

Pages

LATEST EXPLOIT

Date Title Platform Author
13-09-2019
Folder Lock 7.7.9 - Denial of Service windows Achilles
13-09-2019
LimeSurvey 3.17.13 - Cross-Site Scripting php SEC Consult
13-09-2019
Dolibarr ERP-CRM 10.0.1 - 'User-Agent' Cross-Site Scripting php Metin Yunus Kandemir
13-09-2019
phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery php Manuel García Cárdenas
12-09-2019
Microsoft DirectWrite - Invalid Read in SplicePixel While Processing OTF Fonts windows Google Security Research

Pages