|
This service offers the possibility of searching public domain information related to known security hardware and... |
This service identifies typical ransomware behaviours such as file ciphering. Differently from signature-based anti-... |
The service shows a 3D representation of network traffic related to attacks on a honeypot in Pisa. In addition, the... |
The service offers a survey to check the compliance of an organization with the GDPR (General Data Protection... |
| Published | Description | |
|---|---|---|
| CVE-2019-12756 |
15-11-2019 17:15:00 |
Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights. |
| CVE-2019-11931 |
14-11-2019 23:15:00 |
A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100. |
| CVE-2019-18980 |
14-11-2019 22:15:00 |
On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation. Anyone can turn the bulb on or off, or change its color or brightness remotely. There is no authentication or encryption to use the control API. The only requirement is that the attacker have network access to the bulb. |
| CVE-2019-15799 |
14-11-2019 21:15:00 |
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained. |
| CVE-2019-15803 |
14-11-2019 21:15:00 |
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips. |
| Date | Title | Platform | Author |
|---|---|---|---|
|
05-11-2019 |
html5_snmp 1.11 - 'Remark' Persistent Cross-Site Scripting | php | cakes |
|
05-11-2019 |
thejshen Globitek CMS 1.4 - 'id' SQL Injection | php | cakes |
|
05-11-2019 |
html5_snmp 1.11 - 'Router_ID' SQL Injection | php | cakes |
|
05-11-2019 |
thrsrossi Millhouse-Project 1.414 - 'content' Persistent Cross-Site Scripting | php | cakes |
|
05-11-2019 |
FileOptimizer 14.00.2524 - Denial of Service (PoC) | windows | SYANiDE |
Italiano
English