NOTIZIE

Non ci sono eventi da visualizzare

SERVIZI

Il servizio offre un sondaggio per la verifica della conformità di un’organizzazione al GDPR (General Data Protection...

Il Thesaurus offre una rappresentazione della conoscenza di un insieme di termini relativi alla Cybersecurity,...

Il servizio analizza un log di richieste DNS e identifica se all’interno sono stati risolti dei nomi a dominio che...

Il servizio mostra una rappresentazione 3D del traffico di rete relativo ad attacchi ad una honeypot a Pisa. Inoltre,...

ULTIMI CVE

Published Description
CVE-2018-15497
23-10-2018 17:30:52
The Mitel MiVoice 5330e VoIP device is affected by memory corruption flaws in the SIP/SDP packet handling functionality. An attacker can exploit this issue remotely, by sending a particular pattern of SIP/SDP packets, to cause a denial of service state in the affected devices and probably remote code execution.
CVE-2018-12901
23-10-2018 17:30:52
A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 (19.49.9400.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. A successful exploit could allow an attacker to execute arbitrary scripts.
CVE-2018-16226
23-10-2018 17:30:52
A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 (v8839a1) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack, due to insufficient validation for the start.asp page. A successful exploit could allow the attacker to execute arbitrary scripts to access sensitive browser-based information.
CVE-2018-18628
23-10-2018 16:29:00
An issue was discovered in Pippo 1.11.0. The function SerializationSessionDataTranscoder.decode() calls ObjectInputStream.readObject() to deserialize a SessionData object without checking the object types. An attacker can create a malicious object, base64 encode it, and place it in the PIPPO_SESSION field of a cookie. Sending this cookie may lead to remote code execution.
CVE-2018-18586
22-10-2018 22:29:00
** DISPUTED ** chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended as a source-code example, not a supported application.

Pages