NEWS & EVENTS

SERVICES

This service analyses sets of email file in .eml format to identify the unsolicited ones (SPAM). Moreover, the service...

This service shows statistics related to Tweets related to Cyber-Security, allowing to search them by keywords such as...

The service aims at offering a representation of the  Cybersecurity domain through the creation of a controlled...

The service shows a 3D representation of network traffic related to attacks on a honeypot in Pisa. In addition, the...

LATEST CVE

Published Description
CVE-2019-15792
24-04-2020 00:15:00
In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() calls fdget(oldfd), then without further checks passes the resulting file* into shiftfs_real_fdget(), which casts file->private_data, a void* that points to a filesystem-dependent type, to a "struct shiftfs_file_info *". As the private_data is not required to be a pointer, an attacker can use this to cause a denial of service or possibly execute arbitrary code.
CVE-2019-15794
24-04-2020 00:15:00
Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma->vm_file in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vm_file points. On upstream kernels this is not an issue, as no callers dereference vm_file following after call_mmap() returns an error. However, the aufs patchs change mmap_region() to replace the fput() using a local variable with vma_fput(), which will fput() vm_file, leading to a refcount underflow.
CVE-2020-12130
24-04-2020 00:15:00
The AirDisk Pro app 5.5.3 for iOS allows XSS via the deleteFile parameter of the Delete function.
CVE-2020-12132
24-04-2020 00:15:00
Fifthplay S.A.M.I before 2019.3_HP2 allows unauthenticated stored XSS via a POST request.
CVE-2020-12131
24-04-2020 00:15:00
The AirDisk Pro app 5.5.3 for iOS allows XSS via the devicename parameter (shown next to the UI logo).

Pages

LATEST EXPLOIT

Date Title Platform Author
28-05-2019
EquityPandit 1.0 - Password Disclosure android ManhNho
27-05-2019
Pidgin 2.13.0 - Denial of Service (PoC) windows Alejandra Sánchez
27-05-2019
Typora 0.9.9.24.6 - Directory Traversal macos Dhiraj Mishra
27-05-2019
Deltek Maconomy 2.2.5 - Local File Inclusion multiple JameelNabbo
24-05-2019
Cyberoam Transparent Authentication Suite 2.1.2.5 - 'NetBIOS Name' Denial of Service (PoC) windows Victor Mondragón

Pages