NEWS & EVENTS

SERVICES

The service analyzes a DNS request log and detects if there are domain names which can be generated by a Domain...

This service shows statistics related to Tweets related to Cyber-Security, allowing to search them by keywords such as...

An onthology represents an important resource for the organisation of a domain's knowledge in a more detailed way by...

The service offers a platform that allows Registrars to check for any performance and security problems present on...

LATEST CVE

Published Description
CVE-2018-17088
16-09-2018 13:29:00
The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check for whether a location exceeds the EXIF data length. This is analogous to the CVE-2016-3822 integer overflow in exif.c. This gpsinfo.c vulnerability is unrelated to the CVE-2018-16554 gpsinfo.c vulnerability.
CVE-2018-16459
06-09-2018 09:29:00
An unescaped payload in exceljs <v1.6 allows a possible XSS via cell value when worksheet is displayed in browser.
CVE-2018-1000673
06-09-2018 08:29:00
WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution due to an incomplete fix for CVE-2017-1000600. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time.
CVE-2017-1000600
06-09-2018 08:29:00
WordPress version <4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time. This issue appears to have been partially, but not completely fixed in WordPress 4.9
CVE-2018-16550
05-09-2018 18:29:00
TeamViewer 10.x through 13.x allows remote attackers to bypass the brute-force authentication protection mechanism by skipping the "Cancel" step, which makes it easier to determine the correct value of the default 4-digit PIN.

Pages