Security
Piergiorgio Venuti
CVE-2017-7620 Mantis Bug Tracker
CVE-2017-7620 Mantis Bug Tracker 1.3.10 / v2.3.0 CSRF Permalink Injection
Piergiorgio Venuti
WordPress Newsletter Supsystic 1.1.7
WordPress Newsletter Supsystic 1.1.7 – Cross Site Scripting Vulnerability
Piergiorgio Venuti
[CVE-2017-5868] OpenVPN Access Server
[CVE-2017-5868] OpenVPN Access Server : CRLF injection with Session fixation
Piergiorgio Venuti
Linux Kernel Privilege Escalation
SSD Advisory – Linux Kernel XFRM Privilege Escalation
Piergiorgio Venuti
SSD Advisory – Linux Kernel AF_PACKET Use-After-Free
Piergiorgio Venuti
SSD Advisory – Webmin Multiple Vulnerabilities
Piergiorgio Venuti
SSD Advisory – PHP Melody Multiple Vulnerabilities
Piergiorgio Venuti
DefenseCode ThunderScan SAST Advisory: WordPress Ad Widget Plugin Local File Inclusion Security Vulnerability
Piergiorgio Venuti
DefenseCode ThunderScan SAST Advisory: WordPress Simple Login Log Plugin Multiple SQL Injection Security Vulnerabilities
Piergiorgio Venuti
WordPress does not hash or expire wp_signups.activation_key allowing an attacker with SQL injection to create accounts
Piergiorgio Venuti
DefenseCode Security Advisory: Magento Commerce CSRF, Stored Cross Site Scripting #1
Piergiorgio Venuti
Exploit toolkit for CVE-2017-8759 – Microsoft .NET Framework RCE (Builder + listener + video tutorial)
Piergiorgio Venuti
DefenseCode ThunderScan SAST Advisory: WordPress PressForward Plugin Security Vulnerability
Piergiorgio Venuti
DefenseCode ThunderScan SAST Advisory: WordPress Podlove Podcast Publisher Plugin Security Vulnerability
Piergiorgio Venuti
DefenseCode ThunderScan SAST Advisory: WordPress Easy Modal Plugin Multiple Security Vulnerabilities
Piergiorgio Venuti
Stop User Enumeration allows user enumeration via the REST API (WordPress plugin)
Piergiorgio Venuti
Defense in depth — the Microsoft way (part 48): privilege escalation for dummies — they didn’t make SUCH a stupid blunder?
Piergiorgio Venuti
Cyber Risk Insurance
Cyber Risk Insurance In the light of the recent cyber attacks and the rise of ransomware (like WannaCry and Petya), Secure Online Desktop in collaboration with Broker Busani Stefano of Union Brokers (see BROKER PRESENTATION) is pleased to present the Cyber Risk Assurance Guarantee as a valuable tool to increase The security of your data. Cyber Risk Insurance – Description…
Piergiorgio Venuti
Multiple Local Privilege Escalation Vulnerabilities in Acunetix Web Vulnerability Scanner 11
Piergiorgio Venuti
DefenseCode ThunderScan SAST Advisory: WordPress AffiliateWP Plugin Security Vulnerability
Piergiorgio Venuti
DefenseCode ThunderScan SAST Advisory: WordPress Huge-IT Video Gallery Plugin Security Vulnerability
Piergiorgio Venuti
Joomla com_tag v1.7.6 – (tag) SQL Injection Vulnerability
Piergiorgio Venuti
Qualys Security Advisory – CVE-2017-1000367 in Sudo’s get_process_ttyname() for Linux
Piergiorgio Venuti
Defense in depth — the Microsoft way (part 48): privilege escalation for dummies — they didn’t make SUCH a stupid blunder?
Piergiorgio Venuti
Microsoft Dynamic CRM 2016 – Cross-Site Scripting vulnerability
Piergiorgio Venuti
Executable installers are vulnerable^WEVIL (case 52): escalation of privilege with Microsoft’s .NET Framework installers
Piergiorgio Venuti
Reflected XSS in WordPress Download Manager could allow an attacker to do almost anything an admin can (WordPress plugin)
Piergiorgio Venuti
DefenseCode ThunderScan SAST Advisory: WordPress All In One Schema.org Rich Snippets Plugin Security Vulnerability
Piergiorgio Venuti
[CVE-2017-5868] OpenVPN Access Server : CRLF injection with Session fixation
Piergiorgio Venuti
Stealing Windows Credentials Using Google Chrome
Piergiorgio Venuti
WordPress EELV Newsletter v4.5 – Multiple Vulnerabilities
Piergiorgio Venuti
Ransomware & BaaS
Episodes like the one that happened yesterday remind us more and more of the importance of having a backup. Backup in Cloud can be a valuable countermeasure to Ransomware (to know more about Ransomware see the comprehensive guide about Ransomware from Cloudwards). https://www.nytimes.com/2017/05/13/world/asia/cyberattacks-online-security-.html?hp&action=click&pgtype=Homepage&clickSource=story-heading&module=first-column-region®ion=top-news&WT.nav=top-news&_r=0
Piergiorgio Venuti
DefenseCode ThunderScan SAST Advisory: GOOGLE google-api-php-client Multiple Security Vulnerabilities
Piergiorgio Venuti
DefenseCode WebScanner DAST Advisory: WordPress User Access Manager Plugin Security Vulnerability
Piergiorgio Venuti
DefenseCode ThunderScan SAST Advisory: WordPress Tracking Code Manager Plugin Multiple Security Vulnerabilities
Piergiorgio Venuti
CSRF in wordpress plugin clean login allows remote attacker change wordpress login redirect url or logout redirect url to evil address
Piergiorgio Venuti
DefenseCode ThunderScan SAST Advisory: WordPress WebDorado Gallery Plugin SQL Injection Vulnerability
Piergiorgio Venuti
DefenseCode ThunderScan SAST Advisory: WordPress Spider Event Calendar Plugin SQL Injection Vulnerability
Piergiorgio Venuti
DefenseCode ThunderScan SAST Advisory: WordPress Facebook Plugin SQL Injection Vulnerability
Piergiorgio Venuti
Two Factor Authentication
Two Factor Authentication Protect your Client Area with Two Factor Authentication via Google Authenticator Now you can protect your Client Area login with Google Authenticator so you will add and extra layer of security on your Cloud Account. Two Factor Authentication How to enable Google Authenticator on Secure Online Desktop account 1 Access to your Client Area and log in with your…
Alessandro Stesi
Cross-Site Scripting vulnerability in Trust Form WordPress Plugin
Piergiorgio Venuti
Popup by Supsystic WordPress plugin vulnerable to Cross-Site Request Forgery
Piergiorgio Venuti
Stored Cross-Site Scripting vulnerability in User Login Log WordPress Plugin
Piergiorgio Venuti
Cross-Site Request Forgery & Cross-Site Scripting in Contact Form Manager WordPress Plugin
Piergiorgio Venuti
Stored Cross-Site Scripting vulnerability in Contact Form WordPress Plugin
Piergiorgio Venuti
Remote file upload vulnerability in WordPress Plugin Mobile App Native 3.0
Piergiorgio Venuti
Cross-Site Request Forgery in WordPress Press This function allows DoS
Alessandro Stesi
Persistent Cross-Site Scripting in the WordPress NewStatPress plugin
Alessandro Stesi
Cross-Site Request Forgery in Atahualpa WordPress Theme
Alessandro Stesi
Cross-Site Scripting in Magic Fields 1 WordPress Plugin
Alessandro Stesi
Cross-Site Scripting in Google Analytics Dashboard WordPress Plugin
Alessandro Stesi
WordPress Adminer plugin allows public (local) database login
Alessandro Stesi
Cross-Site Request Forgery in WordPress Download Manager Plugin
Alessandro Stesi
Simple Ads Manager WordPress plugin unauthenticated PHP Object injection vulnerability
Alessandro Stesi
Cross-Site Request Forgery in Global Content Blocks WordPress Plugin
Alessandro Stesi
Cross-Site Request Forgery in File Manager WordPress plugin
Alessandro Stesi
Cross-Site Scripting vulnerability in WP-Filebase Download Manager WordPress Plugin
Alessandro Stesi
Admin Custom Login WordPress plugin custom login page affected by persistent Cross-Site Scripting
Alessandro Stesi
Admin Custom Login WordPress plugin affected by persistent Cross-Site Scripting via Logo URL field
Alessandro Stesi
Analytics Stats Counter Statistics WordPress Plugin unauthenticated PHP Object injection vulnerability
Alessandro Stesi
WordPress Plugin Kama Click Counter 3.4.9 – Blind SQL Injection
Alessandro Stesi
WordPress Plugin Easy Table 1.6 – Persistent Cross-Site Scripting
Alessandro Stesi
Persistent Cross-Site Scripting vulnerability in User Access Manager WordPress Plugin
Alessandro Stesi
Cross-Site Request Forgery vulnerability in FormBuilder WordPress Plugin allows plugin permissions modification
Alessandro Stesi
CMS Commander Client WordPress Plugin unauthenticated PHP Object injection vulnerability
Alessandro Stesi
New exploit for new vulnerability in WordPress Plugin + tutorial
Alessandro Stesi
Nginx (Debian-based + Gentoo distros) – Root Privilege Escalation [CVE-2016-1247 UPDATE]
Alessandro Stesi
Multiple vulnerabilities in cPanel <= 60.0.34
Piergiorgio Venuti
MySQL / MariaDB / PerconaDB – Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616]
Piergiorgio Venuti
Cross-Site Scripting in Check Email WordPress Plugin
Piergiorgio Venuti
Cross-Site Scripting in All In One WP Security & Firewall WordPress Plugin
Piergiorgio Venuti
Nginx (Debian-based distros) – Root Privilege Escalation Vulnerability (CVE-2016-1247)
Piergiorgio Venuti
Stored Cross-Site Scripting vulnerability in 404 to 301 WordPress Plugin
Piergiorgio Venuti
Cross-Site Scripting in Calendar WordPress Plugin
Piergiorgio Venuti
Cross-Site Scripting vulnerability in Caldera Forms WordPress Plugin
Piergiorgio Venuti
Cross-Site Scripting vulnerability in Quotes Collection WordPress Plugin
Piergiorgio Venuti
MySQL / MariaDB / PerconaDB – Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 )
Piergiorgio Venuti
[oss-security] CVE request:Lynx invalid URL parsing with ‘?’
Share
RSS
More Articles…
- From Secure Online Desktop to Cyberfero: rebranding of the leading cybersecurity company
- NIS: what it is and how it protects cybersecurity
- Advanced persistent threats (APTs): what they are and how to defend yourself
- Penetration Testing and MFA: A Dual Strategy to Maximize Security
- Penetration Testing: Where to Strike to Protect Your IT Network
- Ransomware: a plague that brings companies and institutions to their knees. Should you pay the ransom? Here is the answer.
- Why IT audit and log management are important for Cybersecurity
- Red Team, Blue Team and Purple Team: what are the differences?
Categories …
- Backup as a Service (18)
- Acronis Cloud Backup (11)
- Veeam Cloud Connect (4)
- Cloud Conference (3)
- Cloud CRM (1)
- Cloud Server/VPS (22)
- Conferenza Cloud (4)
- Cyberfero (15)
- ICT Monitoring (5)
- Log Management (2)
- News (25)
- ownCloud (4)
- Privacy (7)
- Security (203)
- Cyber Threat Intelligence (CTI) (8)
- Deception (4)
- Ethical Phishing (11)
- Netwrix Auditor (2)
- Penetration Test (11)
- Posture Guard (3)
- SOCaaS (65)
- Vulnerabilities (84)
- Web Hosting (15)
Tags
Acronis Cloud Backup
BaaS
Backup
cloud
cloud computing
Cloud Conference
cloud provider reggio emilia
cloud server
cloud services
CTI
cyber security
cyber security
cyber threat
Cyber Threat Hunter
Data Exfiltration
GDPR
Machine Learning
Monitoraggio infrastruttura ICT
Next Generation SIEM
nextgen siem
online hosting
owncloud
owncloud
pentest
Phishing
Plesk
Ransomware
Ransomware
security
server virtuale
sicurezza
siem
Smart Working
SOAR
SOCaaS
Threat intelligence
UEBA
VDS
Virtual Machine
vps
vulnerability assessment
web hosting
webinar
Zabbix
Zabbix as a Service
Unknown Feed
Full Disclosure
- ESP-RFID-Tool v2 PRO — Full Public Disclosure April 29, 2026Posted by Milan Berger via Fulldisclosure on Apr 29# Security Advisory: ESP-RFID-Tool v2 PRO **Product:** ESP-RFID-Tool v2 PRO **Vendor:** Raik Schneider (Einstein2150), foto-video-it.de **Repository:** https://github.com/Einstein2150/ESP-RFID-Tool-v2 **Affected Version:** v2.2.1 (latest as of 2026-04-28) **Severity:** CRITICAL **Disclosure Type:** Full Public Disclosure **Disclosure Date:** 2026-04-28 **Researcher:** Milan 't4c' Berger --- ## Disclosure Timeline | Date | Event |...
- Re: SEC Consult SA-20260427-0 :: Missing TLS Certificate Validation leading to RCE in DeskTime Time Tracking App April 29, 2026Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 29*Update 2026-04-28:* The vendor contacted us and now provides a patched version v1.3.674 which can be obtained at the following URL: https://desktime.com/download
- SEC Consult SA-20260427-0 :: Missing TLS Certificate Validation leading to RCE in DeskTime Time Tracking App April 29, 2026Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 29SEC Consult Vulnerability Lab Security Advisory < 20260427-0 > ======================================================================= title: Missing TLS Certificate Validation leading to RCE product: DeskTime Time Tracking App vulnerable version: 1.3.671 fixed version: - CVE number: CVE-2025-10539 impact: medium homepage:https://desktime.com...
- SEC Consult SA-20260423-0 :: DLL Hijacking in EfficientLab Controlio (cloud-based employee monitoring service) April 29, 2026Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 29SEC Consult Vulnerability Lab Security Advisory < 20260423-0 > ======================================================================= title: DLL Hijacking product: EfficientLab Controlio (cloud-based employee monitoring service) vulnerable version:
- SEC Consult SA-20260421-0 :: Broken Access Control in Config Endpoint in LiteLLM April 29, 2026Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 29SEC Consult Vulnerability Lab Security Advisory < 20260421-0 > ======================================================================= title: Broken Access Control in Config Endpoint product: LiteLLM vulnerable version:
- SEC Consult SA-20260415-0 :: Exposed Private Key of X.509 Certificate in SAP HANA Cockpit & SAP HANA Database Explorer April 29, 2026Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 29SEC Consult Vulnerability Lab Security Advisory < 20260415-0 > ======================================================================= title: Exposed Private Key of X.509 Certificate product: SAP HANA Cockpit & SAP HANA Database Explorer vulnerable version: HANA Cockpit
- APPLE-SA-04-22-2026-2 iOS 18.7.8 and iPadOS 18.7.8 April 29, 2026Posted by Apple Product Security via Fulldisclosure on Apr 29APPLE-SA-04-22-2026-2 iOS 18.7.8 and iPadOS 18.7.8 iOS 18.7.8 and iPadOS 18.7.8 addresses the following issues. Information about the security content is also available at https://support.apple.com/en-us/127003. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Notification Services Available for: iPhone […]
- APPLE-SA-04-22-2026-1 iOS 26.4.2 and iPadOS 26.4.2 April 29, 2026Posted by Apple Product Security via Fulldisclosure on Apr 29APPLE-SA-04-22-2026-1 iOS 26.4.2 and iPadOS 26.4.2 iOS 26.4.2 and iPadOS 26.4.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/en-us/127002. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Notification Services Available for: iPhone […]
- Research: When Trusted Tools Become Attack Primitives April 29, 2026Posted by Nir Yehoshua on Apr 29Hi Full Disclosure list, I published a technical research article titled: When Trusted Tools Become Attack Primitives The article examines how trusted local utilities can become security-relevant primitives when used inside automated processing pipelines. It covers two case studies: 1. macOS textutil resolving remote resources during HTML-to-text conversion. 2. […]
- [KIS-2026-08] SocialEngine <= 7.8.0 (get-memberall) SQL Injection Vulnerability April 29, 2026Posted by Egidio Romano on Apr 29----------------------------------------------------------------- SocialEngine
Customers
Twitter FEED
Recent activity
-
SecureOnlineDesktop
Estimated reading time: 6 minutes L'impatto crescente delle minacce informatiche, su sistemi operativi privati op… https://t.co/FimxTS4o9G
-
SecureOnlineDesktop
Estimated reading time: 6 minutes The growing impact of cyber threats, on private or corporate operating systems… https://t.co/y6G6RYA9n1
-
SecureOnlineDesktop
Tempo di lettura stimato: 6 minuti Today we are talking about the CTI update of our services. Data security is… https://t.co/YAZkn7iFqa
-
SecureOnlineDesktop
Estimated reading time: 6 minutes Il tema della sicurezza delle informazioni è di grande attualità in questo peri… https://t.co/tfve5Kzr09
-
SecureOnlineDesktop
Estimated reading time: 6 minutes The issue of information security is very topical in this historical period ch… https://t.co/TP8gvdRcrF
Newsletter
{subscription_form_1}Products and Solutions
Partners
Cloud Models
News
- From Secure Online Desktop to Cyberfero: rebranding of the leading cybersecurity company May 6, 2024
- NIS: what it is and how it protects cybersecurity April 22, 2024
- Advanced persistent threats (APTs): what they are and how to defend yourself April 17, 2024
- Penetration Testing and MFA: A Dual Strategy to Maximize Security April 15, 2024
- Penetration Testing: Where to Strike to Protect Your IT Network March 25, 2024
Google Reviews
Riccardo Crocilli
14:02 22 Mar 19
Ho collaborato con Secure Online Desktop per importanti progetti IT. Si sono dimostrati negli anni partner seri, competenti e professionali , l' Azienda dimostra una grande esperienza maturata in tanti anni di consulenza e lavoro su contesti IT innovativi.
Davvero consigliata !!!!!
In particolare vorrei sottolineare la figura che piu’ racchiude e sintetizza le qualità della Secure Online Desktop , il suo AD Ing. Piergiorgio Venuti, professionista impagabile , sia dal punto di vista tecnico/organizzativo che soprattutto (e non dimeno) come persona , capace di gestire , risolvere e approcciare qualsivoglia attività/problematica, davvero un grande !!!!
Davvero consigliata !!!!!
In particolare vorrei sottolineare la figura che piu’ racchiude e sintetizza le qualità della Secure Online Desktop , il suo AD Ing. Piergiorgio Venuti, professionista impagabile , sia dal punto di vista tecnico/organizzativo che soprattutto (e non dimeno) come persona , capace di gestire , risolvere e approcciare qualsivoglia attività/problematica, davvero un grande !!!!
Filippo Scavone
13:39 22 Mar 19
Dopo anni di collaborazione confermo la professionalità, competenza ed affidabilità
clickday at2016
13:36 22 Mar 19
Con lo studio di consulenza di cui sono socio, ATS – CONSULENTI ASSOCIATI S.r.l., collaboriamo già da alcuni anni, in materia di Sicurezza informatica in ambito GDPR, con la Secure Online Desktop. Si sono dimostrati partner seri, competenti e professionali sia su clienti PMI sia su Grandi imprese.
Paolo Raimondi
11:08 21 Apr 18
La Polimatica Progetti Srl, azienda di cui sono titolare, collabora con soddisfazione da alcuni anni con Secure Online Desktop. L'Azienda è costituita da professionisti seri e competenti. Insieme a loro abbiamo costruito un sistema organizzato di soluzioni ICT, servizi e attività di consulenza per la compliance alla normativa in materia di protezione dei dati personali (GDPR)
Claudia Cavatorta
21:45 20 Apr 18
Ormai da anni lavoriamo con Secure Online Desktop e ci siamo trovati sempre molto bene. L'Azienda ha dimostrato disponibilità costante nel risolvere problemi ed esigenze che nel nostro tipo di lavoro si presentano molto frequentemente. Sempre puntuali nell'implementare le modifiche richieste e propositivi riguardo a soluzioni che possano apportare migliorie ad un sistema già ottimale. Per quanto riguarda il prodotto: la piattaforma che abbiamo a disposizione funziona molto bene, la connessione è veloce e siamo sicuri di conservare i nostri dati in assoluta sicurezza.
Omid Fazeli
06:59 20 Apr 18
They have a lot of solutions for any kind of business. Lower prices than many others. The support service is always active and efficient.
Miki A.
13:47 16 Apr 18
Prodotti eccellenti, a partire dai classici hosting, sino a VPS e cloud strutturati.
Tempi veloci e staff preparato!
Tempi veloci e staff preparato!
Paolo Raimondi
11:06 21 Apr 18
recommendsLa Polimatica Progetti Srl, azienda di... cui sono titolare, collabora con soddisfazione da alcuni anni con Secure Online Desktop. L'Azienda è costituita da professionisti seri e competenti. Insieme a loro abbiamo costruito un sistema organizzato di soluzioni ICT, servizi e attività di consulenza per la compliance alla normativa in materia di protezione dei dati personali (GDPR).read more
Ilaria Miglietta
04:16 21 Apr 18
recommendsServizi affidabili e di semplice... utilizzo. I loro tecnici molto attenti alle esigenze del cliente, continuate cosìread more
Francesca Marastoni
11:41 20 Apr 18
recommendsExcellent service company with... wonderful stuff. Highly recommended.
Ottima azienda, servizi molto utili, staff qualificato e competente. Raccomandata!read more
Ottima azienda, servizi molto utili, staff qualificato e competente. Raccomandata!read more
Alessio Liga
08:25 20 Apr 18
recommendsServizi di alto livello, competenti e... disponibili a accettare nuove sfide per sviluppare business
Ottimo supportoread more
Ottimo supportoread more
Matteo Revelli
22:39 19 Apr 18
recommendsOttima azienda, offre servizi di alta... qualità con personale competente e disponibile.read more
Lorenzo Munari
16:25 19 Apr 18
recommendsAzienda molto seria e... affidabile.
E' un piacere poter collaborare con realtà di questo tiporead more
E' un piacere poter collaborare con realtà di questo tiporead more
Francisco Amadi
10:41 19 Apr 18
recommendsHo avuto il piacere di collaborare con... loro e spero vivamente che succeda di nuovo. Competenti, professionali, precisi e cordiali!read more
Davide Michelotto
07:42 19 Apr 18
recommendsOttimo servizio, seri professionisti al... timone della società e celerità nei tempi di risposta, oltre ogni aspettativa.read more
Luca Prati
10:12 18 Apr 18
recommendsAzienda eccellente, consulenza... customizzata e puntuale.
Un ottimo fornitore.
Io personalmente ho parlato con l' Ing. Venuti, valore aggiunto indubbiamente.read more
Un ottimo fornitore.
Io personalmente ho parlato con l' Ing. Venuti, valore aggiunto indubbiamente.read more
About
© 2024 Cyberfero s.r.l. All Rights Reserved. Sede Legale: via Statuto 3 - 42121 Reggio Emilia (RE) – PEC [email protected] Cod. fiscale e P.IVA 03058120357 – R.E.A. 356650 Informativa Privacy - Certificazioni ISO