Technical Advisory

Through sharp, technical and insightful analysis, the Payatu Team is constantly on the lookout for vulnerabilities and threats. This section exhibits a few of our findings.

...
...

Technical Advisory

Through sharp, technical and insightful analysis, the Payatu Team is constantly on the lookout for vulnerabilities and threats. This section exhibits a few of our findings.

Close the overlay

I am looking for
Please click one!

Report ID Title Reporeted On Publish On CVE-ID
PS46 cross-site request forgery (CSRF) in PyroCMS 20-Jun-2020 10-Oct-2020 CVE-2020-25263
PS45 CSRF leads to pages deletion 20-Jun-2020 10-Oct-2020 CVE-2020-25262
PS44 HiveMQ MQTT broker - XSS Over MQTT 18-May-2020 25-Aug-2020 CVE-2020-13821
PS43 Unauthenticated telnet service in niscomed patient Monitor 22-Jun-2020 22-Jul-2020 CVE-2020-15482
PS42 Unauthenticated UART root shell in niscomed patient Monitor 22-Jun-2020 22-Jul-2020 CVE-2020-15483
PS41 Lack of medical data encryption in niscomed patient Monitor 22-Jun-2020 22-Jul-2020 CVE-2020-15484
PS40 Lack of Bluetooth LE Encryption and Access Control in Dr,Trust ECG/EKG Pen 22-Jun-2020 22-Jul-2020 CVE-2020-15486
PS39 Lack of Medical data encryption in Dr.Trust ECG-EKG Pen 22-Jun-2020 22-Jul-2020 CVE-2020-15485
PS38 Apache Artemis - XSS Over MQTT 20-May-2020 20-Jul-2020 CVE-2020-13932
PS37 Safari Login AutoFill 22-Mar-2020 15-Jul-2020 CVE-2020-9903
PS36 Safari reader same origin policy (SOP) bypass 19-Apr-2020 15-Jul-2020 CVE-2020-9911
PS35 Safari reader download permission bypass 19-Apr-2020 15-Jul-2020 CVE-2020-9912
PS34 DoS in aedes MQTT broker 18-May-2020 22-May-2020 CVE-2020-13410
PS33 TrendNet wireless camera buffer overflow vulneribility 13-Jan-2020 11-May-2020 CVE-2020-12763
PS32 Safari video permission spoof 05-Aug-2019 25-Mar-2020 CVE-2020-9781
PS31 WebKit - AXObjectCache - m_deferredFocusedNodeChange - UaF 19-Nov-2019 12-Mar-2020 CVE-2020-10018
PS30 Reflected XSS in GTranslate wordpress plugin 10-Feb-2020 18-Feb-2020 CVE-2020-11930
PS29 massCode Code execution 01-Feb-2020 04-Feb-2020 CVE-2020-8548
PS28 Safari Address Bar Spoof 11-Oct-2019 29-Jan-2020 CVE-2020-3833
PS27 Firefox IOS QR Code Reader XSS 18-Jul-2019 10-Dec-2019 CVE-2019-17003
PS26 Microsoft Edge Elevation of Privilege Vulnerability 28-Nov-2018 03-Dec-2019 CVE-2019-0678
PS25 Adobe Reader Out-Of-Bounds Read Information Disclosure Vulnerability 08-Jan-2018 01-Oct-2018 CVE-2018-15968
PS24 Opera Mini Location Permission Spoof 02-Aug-2018 18-Aug-2018 CVE-2018-16135
PS23 Foxit Reader - CPDF_Parser::m_pCryptoHandler - Use After Free - RCE 08-Jan-2018 16-Aug-2018 CVE-2018-14442
PS22 jscript.dll - ActiveXObject BSTR - Use After Free 09-Jan-2018 14-Aug-2018 CVE-2018-8389
PS21 Adobe Acrobat Reader Heap Overflow Remote Code Execution Vulnerability 08-Jan-2018 10-Jul-2018 CVE-2018-12798
PS20 Foxit Reader PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability 19-Jan-2018 20-Apr-2018 CVE-2018-9950
PS19 Foxit Reader CPDF_Object Use-After-Free Remote Code Execution Vulnerability 19-Jan-2018 20-Apr-2018 CVE-2018-9951
PS18 Foxit Reader – Uninitialized Memory – Arbitrary Write Vulnerability 05-May-2017 07-Jul-2017 CVE-2017-10994
PS17 Foxit Reader PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability 18-May-2017 07-Jul-2017 CVE-2017-10942
PS16 Foxit Reader PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability 01-Jun-2017 07-Jul-2017 CVE-2017-10944
PS15 Foxit Reader PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability 18-May-2017 07-Jul-2017 CVE-2017-10943
PS14 Foxit Reader Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability 03-Jan-2017 09-Mar-2017 CVE-2017-8453
PS13 Out of Bounds Write Heap Buffer Google Chrome PDFium 25-Nov-2016 09-Mar-2017 CVE-2017-5032
PS12 Foxit Reader PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability 22-Feb-2017 09-Mar-2017 CVE-2017-8455
PS11 Foxit Reader PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability 03-Jan-2017 09-Mar-2017 CVE-2017-8454
PS10 Memory Corruption Mach-O 2 25-Jun-2016 05-Aug-2016 CVE-2017-8775
PS9 Non-ASLR & DEP Modules 09-Jun-2016 01-Aug-2016 CVE-2017-8776
PS8 Insecure Libray Loading 09-Jun-2016 01-Aug-2016
PS7 OOB Write Heap Buffer dwCompressionSize MS-WIM 13-Jul-2016 20-Jul-2016 CVE-2017-8773
PS6 Memory Corruption Mach-O 1 25-Jun-2016 11-Jul-2016 CVE-2017-8774
PS5 OOB Write Stack Buffer LC_UNIXTHREAD.cmdsize Mach-O 09-Jun-2016 11-Jun-2016 CVE-2017-5005
PS4 Adobe Reader Type Confusion - Memory Corruption Vulnerability 05-Dec-2016 06-Apr-2016 CVE-2017-3038
PS3 Microsoft Internet Explorer CDOMStringDataList::InitFromString Out-Of-Bounds Indexing Information Disclosure Vulnerability 08-Sep-2015 10-Nov-2015 CVE-2015-6086
PS2 Hardcoded AES 256 bit key used in Kankun Smart socket and its mobile App 25-May-2015 05-Jun-2015 CVE-2015-4080
PS1 CVE-2014-8446 – Adobe Acrobat/Reader – Memory Corruption 15-May-2014 09-Dec-2014 CVE-2014-8446

All Blogs ›  Latest Blogs

23/11/2020
surendra

Strengthening Cybersecurity in a Remote Work Environment

14/10/2020
asmita-jha

IoT Security - Part 18 (101 - Hardware Attack Surface: JTAG, SWD)

14/10/2020
surendra

How to get maximum value out of your security investment

All News ›  Latest News

Webinar, Online
27-November-2020

Munawwar Hussain Shelia will be giving a talk on “The Art & Craft of writing ARM shellcode”.

Talk, Online
26-November-2020

Asmita Jha will be giving a talk on “Secure IoT product development with an understanding of the attacker’s perspective” at Nullcon Masterclass for Developers

Virtual Event
18-November-2020

Munawwar Hussain Shelia will be speaking at HITB Cyber Week on the topic Writing Bare-Metal ARM Shellcode