NOTIZIE

SERVIZI

Il servizio offre la possibilità di cercare informazioni, note pubblicamente, relative a vulnerabilità di sicurezza...

Il servizio raccoglie informazioni relative ad exploit pubblici aggiornati giornalmente attraverso il repository...

Il servizio offre un sondaggio per la verifica della conformità di un’organizzazione al GDPR (General Data Protection...

Il servizio si prefigge di individuare comportamenti tipici dei ransomware quali, ad esempio, la cifratura di una...

ULTIMI CVE

Published Description
CVE-2018-14703
03-12-2018 17:29:00
Incorrect access control in the /mysql/api/droboapp/data endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve the MySQL database root password.
CVE-2018-14698
03-12-2018 17:29:00
Cross-site scripting in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the "username" URL parameter.
CVE-2018-4021
03-12-2018 17:29:00
An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_battery_mode` POST parameter.
CVE-2018-14708
03-12-2018 17:29:00
An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network traffic.
CVE-2018-14702
03-12-2018 17:29:00
Incorrect access control in the /drobopix/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information.

Pages