NEWS & EVENTS

SERVICES

The main goal of the tool is to provide a simple and quick tool for cyber risk self-assessment. The tool requires two...

The service shows a 3D representation of network traffic related to attacks on a honeypot in Pisa. In addition, the...

This service identifies typical ransomware behaviours such as file ciphering. Differently from signature-based anti-...

This service analyses sets of email file in .eml format to identify the unsolicited ones (SPAM). Moreover, the service...

LATEST CVE

Published Description
CVE-2019-12091
26-09-2019 12:15:11
The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from command injection vulnerability. Local users can use this vulnerability to execute code with NT\SYSTEM privilege.
CVE-2019-16755
26-09-2019 12:15:11
A vulnerability was discovered in BMC MyIT Digital Workplace DWP before 18.11. The DWP component sso.session.restore.cookies stores data using java serialization method. The vulnerability can be triggered by using an ivalid cookie that contains an embedded system command within a DWP API call, as demonstrated by the /dwp/rest/v2/administrator URI.
CVE-2019-16532
26-09-2019 12:15:11
An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A malicious user can poison a web cache or trigger redirections.
CVE-2019-6161
26-09-2019 12:15:11
An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the BMC under certain circumstances. This vulnerability does not affect ThinkSystem XCC, System x IMM2, or other BMCs.
CVE-2019-16524
26-09-2019 12:15:11
The easy-fancybox plugin before 1.8.18 for WordPress (aka Easy FancyBox) is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. This occurs because there is no inline styles output filter.

Pages