NOTIZIE & EVENTI

SERVIZI

Servizio Rilevazione Malware. Il servizio permette di rilevare comportamenti malevoli in file (ad esempio, eseguibili o...

Un’ontologia rappresenta una risorsa per organizzare la conoscenza di un dominio in maniera più dettagliata attraverso...

Il servizio analizza gruppi di email file (formato .eml) per identificare le email indesiderate (SPAM). Il servizio...

Il servizio offre una piattaforma che consente ai Registrar di verificare eventuali problemi di performance e sicurezza...

ULTIMI CVE

Published Description
CVE-2020-28490
18-02-2021 15:15:00
The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters (back-ticks). For example: git.reset('atouch HACKEDb')
CVE-2020-9306
18-02-2021 00:15:00
Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of Hard-coded Credentials" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account.
CVE-2020-12878
18-02-2021 00:15:00
Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory.
CVE-2021-27097
17-02-2021 23:15:00
The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT.
CVE-2020-8625
17-02-2021 23:15:00
BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch

Pages

ULTIMI EXPLOIT

Date Title Platform Author
01-12-2020
Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting php B3KC4T
01-12-2020
LEPTON CMS 4.7.0 - 'URL' Persistent Cross-Site Scripting php Sagar Banwa
01-12-2020
Setelsa Conacwin 3.7.1.2 - Local File Inclusion multiple Bryan Rodriguez Martin
01-12-2020
Tendenci 12.3.1 - CSV/ Formula Injection multiple Mufaddal Masalawala
01-12-2020
Social Networking Site - Authentication Bypass (SQli) php gh1mau

Pages