NEWS & EVENTS

SERVICES

The service offers a platform that allows Registrars to check for any performance and security problems present on...

The service analyzes a DNS request log and detects if there are domain names which can be generated by a Domain...

The service aims at offering a representation of the  Cybersecurity domain through the creation of a controlled...

The service detects malicious signatures in analysed files, by scanning it with 57 different commercial anti-malware....

LATEST CVE

Published Description
CVE-2020-11704
12-04-2020 03:15:00
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The Admin Web Interface has Multiple Stored and Reflected XSS. GetInheritedProperties is Reflected via the groups parameter. GetUserInfo is Reflected via POST data. SetUserInfo is Stored via the general parameter.
CVE-2020-11705
12-04-2020 03:15:00
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. /ajax/ImportCertificate allows an attacker to load an arbitrary certificate in .pfx format or overwrite arbitrary files via the fileName parameter.
CVE-2020-11702
12-04-2020 03:15:00
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The User Web Interface has Multiple Stored and Reflected XSS issues. Collaborate is Reflected via the filename parameter. Collaborate is Stored via the displayname parameter. Deletemultiple is Reflected via the files parameter. Share is Reflected via the target parameter. Share is Stored via the displayname parameter. Waitedit is Reflected via the Host header.
CVE-2020-11708
12-04-2020 03:15:00
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. Privilege escalation can occur via the /ajax/SetUserInfo messages parameter because of the EXECUTE() feature, which is for executing programs when certain events are triggered.
CVE-2020-11703
12-04-2020 03:15:00
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. /ajax/GetInheritedProperties allows HTTP Response Splitting via the language parameter.

Pages

LATEST EXPLOIT

Date Title Platform Author
25-10-2018
AjentiCP 1.2.23.13 - Cross-Site Scripting php Numan OZDEMIR
25-10-2018
Simple POS and Inventory 1.0 - 'cat' SQL Injection php Ihsan Sencan
25-10-2018
BORGChat 1.0.0 build 438 - Denial of Service (PoC) windows_x86-64 Ihsan Sencan
25-10-2018
MPS Box 0.1.8.0 - 'uuid' SQL Injection php Ihsan Sencan
24-10-2018
Fifa Master XLS 2.3.2 - 'usw' SQL Injection php Ihsan Sencan

Pages