NEWS & EVENTS

SERVICES

This service identifies typical ransomware behaviours such as file ciphering. Differently from signature-based anti-...

The service aims at offering a representation of the  Cybersecurity domain through the creation of a controlled...

The main goal of the tool is to provide a simple and quick tool for cyber risk self-assessment. The tool requires two...

The service detects malicious signatures in analysed files, by scanning it with 57 different commercial anti-malware....

LATEST CVE

Published Description
CVE-2020-13963
21-03-2021 21:15:00
SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and there is no key for publicsp (which is a guest account).
CVE-2021-23360
21-03-2021 16:15:00
This affects the package killport before 1.0.2. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. Running this PoC will cause the command touch success to be executed, leading to the creation of a file called success.
CVE-2021-28961
21-03-2021 06:15:00
applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests.
CVE-2021-28954
21-03-2021 05:15:00
In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary code via a .exe file in a crafted repository.
CVE-2021-28957
21-03-2021 05:15:00
lxml 4.6.2 allows XSS. It places the HTML action attribute into defs.link_attrs (in html/defs.py) for later use in input sanitization, but does not do the same for the HTML5 formaction attribute.

Pages