SOTTO ATTACCO?
POSSIAMO AIUTARTI

Security Advisory: Solar-Log (CVE-2022-47767)

Tinexta Cyber ha scoperto una backdoor nei dispositivi di monitoraggio fotovoltaico (PV) di Solar-Log GmbH con un impatto su migliaia di clienti. La backdoor consente, in maniera non autenticata, di accedere da remoto alle funzionalità di super admin nell’area riservata del dispositivo.

Security Advisory: Docebo Community Edition <= 4.0.5 (CVE-2022-31361, CVE-2022-31362)

Product description Tinexta Cyber Offensive Security Team has identified multiple vulnerabilities on Docebo Community Edition 4.0.5, an open source e-learning platform also defined as Learning Management System. Technical summary Tinexta Cyber’s Cyber Security Team discovered important vulnerabilities on Docebo CE <= v.4.0.5 Vulnerability CVSS 3.1 Docebo CE <= 4.0.5 – SQL Injection (unauthenticated) 8.6 – High[AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L] […]

Security Advisory: Libnmap <= 0.7.2

Tinexta Cyber Offensive Security Team has identified a severe vulnerability on the python-libnmap Python library (https://pypi.org/project/python-libnmap/).

Security Advisory: Forma LMS (CVE-2022-27104)

Unauthenticated SQL Injection in forma Lms <= 1.4.3 Il Cyber Security Team di Tinexta Cyber ha identificato una vulnerabilità sulle risorse digitali di Forma LMS. Forma Lms Forma Lms è la naturale evoluzione, o un “fork”, dell’ultima versione open source della piattaforma LMS Docebo. Forma Lms è una piattaforma e-learning open source, orientata alle esigenze aziendali: […]

Security Advisory: Emerson – Dixell XWEB-500 Multiple Vulnerabilities (CVE-2021-45420)

1.Technical Summary Tinexta Cyber Offensive Security Team detected some important potential vulnerabilities on: Detected vulnerabilities were: Vulnerability Assets CVSSv3 Severity Arbitrary File Write http://<target>/cgi-bin/logo_extra_upload.cgihttp://<target>/cgi-bin/cal_save.cgihttp://<target>/cgi-bin/lo_utils.cgi 7.5 HIGH Directory Listing http://<target>/cgi-bin/lo_utils.cgi 5.3 MEDIUM In the following section we are reporting some technical details on these vulnerabilities including evidences and proof-of-concepts. 2.Vulnerability details Arbitrary File Write CWE-73: External Control […]

Security Advisory: Solari di Udine (CVE-2021-35380)

Introduction During a Penetration Testing activity, the Italian company Tinexta Cyber has identified a new Zero Day relating to an attendance management service that potentially impacts the over 40 devices installed. TermTalk’ is responsible for transferring information from the network of terminals and concentrators to the database of the various application software, for configuring and […]

Security Advisory: Visual Tools DVR (CVE-2021-42071)

Visual Tools DVR VX16 4.2.28.0 – OS Command Injection (unauthenticated) Tinexta Cyber Offensive Security Team identified a critical vulnerability during regular penetration testing on a client related to Visual Tools (trademark) a software from AX Solution LA (https://visual-tools.com). At the time of publication (see the timeline at the bottom of the article), Swascan informed AX Solution […]

Cyber Incident Emergency Contact

Contact us for immediate support

Abilita JavaScript nel browser per completare questo modulo.
Accettazione GDPR