|
Il servizio offre un sondaggio per la verifica della conformità di un’organizzazione al GDPR (General Data Protection... |
Il servizio analizza un log di richieste DNS e identifica se all’interno sono stati risolti dei nomi a dominio che... |
Il servizio utilizza una raccolta di tweet provenienti da utenti appartenenti a Twitter i cui tweet utilizzano parole... |
Il servizio offre la possibilità di cercare informazioni, note pubblicamente, relative a vulnerabilità di sicurezza... |
| Published | Description | |
|---|---|---|
| CVE-2019-19604 |
11-12-2019 00:15:00 |
Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository. |
| CVE-2019-14861 |
10-12-2019 23:15:00 |
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer. |
| CVE-2019-14870 |
10-12-2019 23:15:00 |
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set. |
| CVE-2019-14889 |
10-12-2019 23:15:00 |
A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target. |
| CVE-2019-13735 |
10-12-2019 22:15:00 |
Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. |
| Date | Title | Platform | Author |
|---|---|---|---|
|
05-11-2019 |
html5_snmp 1.11 - 'Remark' Persistent Cross-Site Scripting | php | cakes |
|
05-11-2019 |
thejshen Globitek CMS 1.4 - 'id' SQL Injection | php | cakes |
|
05-11-2019 |
html5_snmp 1.11 - 'Router_ID' SQL Injection | php | cakes |
|
05-11-2019 |
thrsrossi Millhouse-Project 1.414 - 'content' Persistent Cross-Site Scripting | php | cakes |
|
05-11-2019 |
FileOptimizer 14.00.2524 - Denial of Service (PoC) | windows | SYANiDE |
Italiano
English