What is SMBGhost SMBGhost (CVE-2020-0796) is a vulnerability affecting SMB 3.1, and more precisely one of its decompression function. As SMB 3.1 added support for data compression in order to save bandwidth, it added a decompression function presenting an integer overflow resulting in multiple subsequent buffer overflows. Those buffer overflows are exploitable in a way […]
The open-source e-commerce platform PrestaShop has released a new version that addresses a critical-severity vulnerability allowing any back-office user to write, update, or delete SQL databases regardless of their permissions.
ollowed by repeatedly spoofing a request to that service with a victim's IP as the source address.
Sophos addressed three vulnerabilities in Sophos Web Appliance, including a critical flaw that can lead to code execution.
Latest Research by our Team
Une version tojanisée du logiciel populaire VOIP/PBX fait actuellement la une de l’actualité : voici les actions menées par les chasseurs et les défenseurs.
A recently patched security vulnerability in the Elementor Pro website builder plugin for WordPress is being exploited.
Un défaut de contrôle des données saisies par l’utilisateur dans OpenSSH permet à un attaquant non authentifié, en envoyant des requêtes spécifiquement forgées, de téléverser sa clé SSH privée
We break down the basic information of CVE-2023-23397, the zero-day, zero-touch vulnerability that was rated 9.8 on the Common Vulnerability Scoring System (CVSS) scale.
In late 2022 and early 2023, Project Zero reported eighteen 0-day vulnerabilities in Exynos Modems produced by Samsung Semiconductor.
Yesterday Microsoft dropped a patch for a vulnerability found by @hexnomad@infosec.exchange. It’s a great vuln, in theory allowing code execution over ICMP. It also sounds really scary, as it’s a…
Security researchers have shared technical details for exploiting a critical Microsoft Outlook vulnerability for Windows (CVE-2023-23397) that allows hackers to remotely steal hashed passwords by simply receiving an email.
