NEWS & EVENTS

  • 09/12/2020 13:02:00

    Cyrano event will be held on December 16th, 2020 form 10 to 12 am, to share ideas about the sectorial challenges in cyber security.

    During this event Fabio Martinelli will introduce the cyber security observatory, also promoted by E-CORRIDOR. All the stakeholders...

  • 06/10/2020 18:01:22

    Il 9 ottobre, durante Internet Festival, avra’ luogo il Cybersecurity Day ( dell’Istituto di Informatica e Telematica del Cnr (IIT).

    All’evento parteciperanno esperti di settore, ricercatori, rappresentanti del mondo delle imprese. Nel corso della giornata saranno presentate le attività...

  • 29/09/2020 11:45:53

    Il 24 settembre scorso Fabio Martinelli è stato invitato dalla Commissione Europea a parlare delle prossime sfide in cyber security nell'ambito degli European research and innovation days 2020.

    In questa occasione ha avuto cosi modo di illustrare le prossime attivita' di ricerca del Cyber...

  • 04/09/2020 13:57:59

    Pubblicato il bando per la quinta edizione del Master in Cybersecurity dell'Università di Pisa, anno accademico 2020/21.

    Per immatricolarsi al Master, l’interessato deve collegarsi al Portale Alice all’indirizzo https://www.studenti.unipi.it...

SERVICES

This service shows statistics related to Tweets related to Cyber-Security, allowing to search them by keywords such as...

The main goal of the tool is to provide a simple and quick tool for cyber risk self-assessment. The tool requires two...

The service offers a platform that allows Registrars to check for any performance and security problems present on...

The service shows a 3D representation of network traffic related to attacks on a honeypot in Pisa. In addition, the...

LATEST CVE

Published Description
CVE-2020-11476
28-07-2020 21:15:00
Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file.
CVE-2020-13997
28-07-2020 21:15:00
In Shopware before 6.2.3, the database password is leaked to an unauthenticated user when a DriverException occurs and verbose error handling is enabled.
CVE-2020-16094
28-07-2020 19:15:00
In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree.
CVE-2020-15417
28-07-2020 18:15:00
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. A crafted gui_region in a string table file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-9756.
CVE-2020-10924
28-07-2020 18:15:00
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9643.

Pages

LATEST EXPLOIT

Date Title Platform Author
14-09-2018
CdBurnerXP 4.5.8.6795 - 'File Name' Denial of Service (PoC) windows_x86-64 Alan Joaquín Baeza Meza
14-09-2018
Wordpress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection php Ceylan BOZOĞULLARINDAN
14-09-2018
InfraRecorder 0.53 - '.txt' Denial of Service (PoC) windows_x86 Gionathan Reale
14-09-2018
Faleemi Plus 1.0.2 - Denial of Service (PoC) windows_x86-64 Gionathan Reale
14-09-2018
Free MP3 CD Ripper 2.6 - '.wma' Local Buffer Overflow (SEH) windows_x86 Gionathan Reale

Pages