NEWS

There are no events to display

SERVICES

This service analyses sets of email file in .eml format to identify the unsolicited ones (SPAM). Moreover, the service...

The service shows a 3D representation of network traffic related to attacks on a honeypot in Pisa. In addition, the...

This service shows statistics related to Tweets related to Cyber-Security, allowing to search them by keywords such as...

The service offers a survey to check the compliance of an organization with the GDPR (General Data Protection...

LATEST CVE

Published Description
CVE-2019-20801
18-05-2020 00:15:00
An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks authorization control. Any web site can execute JavaScript code (that accesses a user's data) via cross-origin requests.
CVE-2020-13128
18-05-2020 00:15:00
An issue was discovered in Manolo GWTUpload 1.0.3. server/UploadServlet.java (the servlet for handling file upload) accepts a delay parameter that causes a thread to sleep. It can be abused to cause all of a server's threads to sleep, leading to denial of service.
CVE-2019-20802
18-05-2020 00:15:00
An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server improperly displays directory names, leading to Stored XSS, which may be used to steal a user's data. This requires user interaction because there is no known direct way for an attacker to create a crafted directory name on a victim's device. However, a crafted directory name can occur if a victim extracts a ZIP archive that was provided by an attacker.
CVE-2020-4345
17-05-2020 14:15:00
IBM i 7.2, 7.3, and 7.4 users running complex SQL statements under a specific set of circumstances may allow a local user to obtain sensitive information that they should not have access to. IBM X-Force ID: 178318.
CVE-2020-13126
17-05-2020 01:15:00
An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve remote code execution. NOTE: the free Elementor plugin is unaffected.

Pages

LATEST EXPLOIT

Pages