Cybersecurity Research Center
CyRC Vulnerability Advisory: CVE-2023-2453 Local File Inclusion in Forum Infusion and CVE-2023-4480 Arbitrary File Read in Fusion File Manager
Synopsys researcher discovers vulnerabilities CVE-2023-2453, CVE-2023-4480 in PHPFusion. ...
CyRC Vulnerability Advisory: CVE-2023-0871 Vulnerability in OpenNMS Horizon
CVE-2023-0871 is an XML External Entity injection vulnerability in OpenNMS Horizon. Overview The Synopsys Cybersecurity Research Center (CyRC) has discovered CVE-2023-0871, an XML External Entity injection vulnerability, in OpenNMS Horizon ...
CyRC Vulnerability Advisory: CVE-2023-32353, Apple iTunes local privilege escalation on Windows
Synopsys Cybersecurity Research Center has discovered a local privilege escalation vulnerability in Apple iTunes on Microsoft Windows. Overview The Synopsys Cybersecurity Research Center (CyRC) has discovered CVE-2023-32353, a local privilege escalation vulnerability ...
A deep-dive on Pluck CMS vulnerability CVE-2023-25828
CVE-2023-25828 vulnerability; history, mitigation analysis, and everything you need to know about the remote code execution (RCE) vulnerability in Pluck CMS. Summary CVE-2023-25828, tracked in the Black Duck KnowledgeBase™ as BDSA-2023-0370, is an ...
CyRC Vulnerability Advisory: CVE-2023-25826 and CVE-2023-25827 in OpenTSDB
Synopsys Cybersecurity Research Center discovers new RCE vulnerability and cross-site scripting vulnerability in OpenTSDB. Overview The Synopsys Cybersecurity Research Center (CyRC) has discovered a remote command execution vulnerability (CVE-2023-25826), and a reflected ...
OWASP Top 10: Security misconfiguration
Listed at #5 in the OWASP Top 10 list, security misconfiguration refers to vulnerabilities that result from an application’s configuration. ...
CyRC Vulnerability Advisory: CVE-2023-25828 Authenticated Remote Code Execution in Pluck CMS
Synopsys Cybersecurity Research Center discovers new RCE vulnerability that can leave Pluck Content Management System vulnerable ...
OWASP Top 10: Cryptographic failures
Listed as #2 on the OWASP Top 10 list, cryptographic failures expose sensitive data due to a lack of or weak encryption ...
CyRC special report: Secure apps? Don’t bet on it
The Cybersecurity Research Center conducted a security analysis of the 10 most popular Android sports and betting apps ...
CyRC Special Report: How companies fared in the aftermath of Log4Shell
We examine the Log4Shell disclosure through the lens of the Black Duck Knowledge Base to understand how organizations respond to high-profile vulnerabilities ...