|
The service aims at offering a representation of the Cybersecurity domain through the creation of a controlled... |
The service analyzes a DNS request log and detects if there are domain names which can be generated by a Domain... |
This service identifies typical ransomware behaviours such as file ciphering. Differently from signature-based anti-... |
This service analyses sets of email file in .eml format to identify the unsolicited ones (SPAM). Moreover, the service... |
| Published | Description | |
|---|---|---|
| CVE-2020-13643 |
28-05-2020 04:15:00 |
An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The live editor feature did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The live_editor_panels_data $_POST variable allows for malicious JavaScript to be executed in the victim's browser. |
| CVE-2020-13641 |
28-05-2020 04:15:00 |
An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. The far_options_page function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The find and replace rules could be updated with malicious JavaScript, allowing for that be executed later in the victims browser. |
| CVE-2020-13642 |
28-05-2020 04:15:00 |
An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The action_builder_content function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The panels_data $_POST variable allows for malicious JavaScript to be executed in the victim's browser. |
| CVE-2020-13644 |
28-05-2020 04:15:00 |
An issue was discovered in the Accordion plugin before 2.2.9 for WordPress. The unprotected AJAX wp_ajax_accordions_ajax_import_json action allowed any authenticated user with Subscriber or higher permissions the ability to import a new accordion and inject malicious JavaScript as part of the accordion. |
| CVE-2020-8603 |
27-05-2020 23:15:00 |
A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to tamper with the web interface of affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
| Date | Title | Platform | Author |
|---|---|---|---|
|
25-05-2020 |
GoldWave - Buffer Overflow (SEH Unicode) | windows | Andy Bowden |
|
25-05-2020 |
Wordpress Plugin Form Maker 5.4.1 - 's' SQL Injection (Authenticated) | php | SunCSR |
|
25-05-2020 |
Synology DiskStation Manager - smart.cgi Remote Command Execution (Metasploit) | hardware | Metasploit |
|
25-05-2020 |
Online Discussion Forum Site 1.0 - Remote Code Execution | php | Enesdex |
|
22-05-2020 |
WebLogic Server - Deserialization RCE - BadAttributeValueExpException (Metasploit) | multiple | Metasploit |
| Published | Title | URL |
|---|---|---|
| 14-04-2020 | Vulnerabilità critica in VMware vCenter Server | CERT LINK |
| 10-04-2020 | Aggiornamenti di sicurezza per prodotti Juniper Networks (aprile 2020) | CERT LINK |
| 08-04-2020 | Risolte gravi vulnerabilità in Mozilla Firefox 75 | CERT LINK |
| 08-04-2020 | Google risolve diverse vulnerabilità in Chrome 81 | CERT LINK |
| 07-04-2020 | Aggiornamento di sicurezza Android (aprile 2020) | CERT LINK |
Italiano
English