News
Advisory
Hardware Lab
Career
Products
EXPLIoT CloudFuzz

Technical Advisory

Through sharp, technical and insightful analysis, the Payatu Team is constantly on the lookout for vulnerabilities and threats. This section exhibits a few of our findings.

...
...

Technical Advisory

Through sharp, technical and insightful analysis, the Payatu Team is constantly on the lookout for vulnerabilities and threats. This section exhibits a few of our findings.

Close the overlay

I am looking for
Please click one!

Report ID Title Reported On Publish On CVE-ID
PS54 Command Injection in GitHub repository Nuitka/Nuitka prior to 0.9. 04-Jun-2022 05-Jun-2022 CVE-2022-2054
PS53 Privilege Escalation in Konga v0.14.9 16-Oct-2021 04-May-2022 CVE-2021-42192
PS52 Code Injection in pytorch-lightning prior to 1.6.0 03-Mar-2022 04-Mar-2022 CVE-2022-0845
PS51 Lack of Bluetooth LE pairing and access control in Fastrack reflex 2.0 activity tracker 17-Nov-2020 30-Jun-2021 CVE-2021-35952
PS50 Open Serial debug port Allows Dumping, and re- flashing Firmware in Fastrack reflex 2.0 activity tracker 17-Nov-2020 30-Jun-2021 CVE-2021-35954.
PS49 Denial of service (Device Crashing) on Fastrack reflex 2.0 activity tracker 17-Nov-2020 30-Jun-2021 CVE-2021-35953
PS48 Unauthenticated Firmware Update in Fastrack Reflex 2.0 Activity Tracker 17-Nov-2020 30-Jun-2021 CVE-2021-35951
PS47 Remote Code Execution In JsonPickle Python Module 13-Aug-2020 17-Dec-2020 CVE-2020-22083
PS46 CSRF leads to pages deletion 20-Jun-2020 10-Oct-2020 CVE-2020-25262
PS45 CSRF leads to plugin's deletion 20-Jun-2020 10-Oct-2020 CVE-2020-25263
PS44 HiveMQ MQTT broker - XSS Over MQTT 18-May-2020 25-Aug-2020 CVE-2020-13821
PS43 Lack of Bluetooth LE Encryption and Access Control in Dr,Trust ECG/EKG Pen 22-Jun-2020 22-Jul-2020 CVE-2020-15486
PS42 Lack of Medical data encryption in Dr.Trust ECG-EKG Pen 22-Jun-2020 22-Jul-2020 CVE-2020-15485
PS41 Unauthenticated UART root shell in niscomed patient Monitor 22-Jun-2020 22-Jul-2020 CVE-2020-15483
PS40 Unauthenticated telnet service in niscomed patient Monitor 22-Jun-2020 22-Jul-2020 CVE-2020-15482
PS39 Lack of medical data encryption in niscomed patient Monitor 22-Jun-2020 22-Jul-2020 CVE-2020-15484
PS38 Apache Artemis - XSS Over MQTT 20-May-2020 20-Jul-2020 CVE-2020-13932
PS37 Safari reader same origin policy (SOP) bypass 19-Apr-2020 15-Jul-2020 CVE-2020-9911
PS36 Safari reader download permission bypass 19-Apr-2020 15-Jul-2020 CVE-2020-9912
PS35 Safari Login AutoFill 22-Mar-2020 15-Jul-2020 CVE-2020-9903
PS34 DoS in aedes MQTT broker 18-May-2020 22-May-2020 CVE-2020-13410
PS33 TrendNet wireless camera buffer overflow vulneribility 13-Jan-2020 11-May-2020 CVE-2020-12763
PS32 Safari video permission spoof 05-Aug-2019 25-Mar-2020 CVE-2020-9781
PS31 WebKit - AXObjectCache - m_deferredFocusedNodeChange - UaF 19-Nov-2019 12-Mar-2020 CVE-2020-10018
PS30 Reflected XSS in GTranslate wordpress plugin 10-Feb-2020 18-Feb-2020 CVE-2020-11930
PS29 massCode Code execution 01-Feb-2020 04-Feb-2020 CVE-2020-8548
PS28 Safari Address Bar Spoof 11-Oct-2019 29-Jan-2020 CVE-2020-3833
PS27 Firefox IOS QR Code Reader XSS 18-Jul-2019 10-Dec-2019 CVE-2019-17003
PS26 Microsoft Edge Elevation of Privilege Vulnerability 28-Nov-2018 03-Dec-2019 CVE-2019-0678
PS25 Adobe Reader Out-Of-Bounds Read Information Disclosure Vulnerability 08-Jan-2018 01-Oct-2018 CVE-2018-15968
PS24 Opera Mini Location Permission Spoof 02-Aug-2018 18-Aug-2018 CVE-2018-16135
PS23 Foxit Reader - CPDF_Parser::m_pCryptoHandler - Use After Free - RCE 08-Jan-2018 16-Aug-2018 CVE-2018-14442
PS22 jscript.dll - ActiveXObject BSTR - Use After Free 09-Jan-2018 14-Aug-2018 CVE-2018-8389
PS21 Adobe Acrobat Reader Heap Overflow Remote Code Execution Vulnerability 08-Jan-2018 10-Jul-2018 CVE-2018-12798
PS20 Foxit Reader CPDF_Object Use-After-Free Remote Code Execution Vulnerability 19-Jan-2018 20-Apr-2018 CVE-2018-9951
PS19 Foxit Reader PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability 19-Jan-2018 20-Apr-2018 CVE-2018-9950
PS18 Foxit Reader PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability 18-May-2017 07-Jul-2017 CVE-2017-10943
PS17 Foxit Reader PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability 01-Jun-2017 07-Jul-2017 CVE-2017-10944
PS16 Foxit Reader – Uninitialized Memory – Arbitrary Write Vulnerability 05-May-2017 07-Jul-2017 CVE-2017-10994
PS15 Foxit Reader PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability 18-May-2017 07-Jul-2017 CVE-2017-10942
PS14 Foxit Reader PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability 22-Feb-2017 09-Mar-2017 CVE-2017-8455
PS13 Foxit Reader Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability 03-Jan-2017 09-Mar-2017 CVE-2017-8453
PS12 Out of Bounds Write Heap Buffer Google Chrome PDFium 25-Nov-2016 09-Mar-2017 CVE-2017-5032
PS11 Foxit Reader PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability 03-Jan-2017 09-Mar-2017 CVE-2017-8454
PS10 Memory Corruption Mach-O 2 25-Jun-2016 05-Aug-2016 CVE-2017-8775
PS9 Non-ASLR & DEP Modules 09-Jun-2016 01-Aug-2016 CVE-2017-8776
PS8 Insecure Libray Loading 09-Jun-2016 01-Aug-2016
PS7 OOB Write Heap Buffer dwCompressionSize MS-WIM 13-Jul-2016 20-Jul-2016 CVE-2017-8773
PS6 Memory Corruption Mach-O 1 25-Jun-2016 11-Jul-2016 CVE-2017-8774
PS5 OOB Write Stack Buffer LC_UNIXTHREAD.cmdsize Mach-O 09-Jun-2016 11-Jun-2016 CVE-2017-5005
PS4 Adobe Reader Type Confusion - Memory Corruption Vulnerability 05-Dec-2016 06-Apr-2016 CVE-2017-3038
PS3 Microsoft Internet Explorer CDOMStringDataList::InitFromString Out-Of-Bounds Indexing Information Disclosure Vulnerability 08-Sep-2015 10-Nov-2015 CVE-2015-6086
PS2 Hardcoded AES 256 bit key used in Kankun Smart socket and its mobile App 25-May-2015 05-Jun-2015 CVE-2015-4080
PS1 CVE-2014-8446 – Adobe Acrobat/Reader – Memory Corruption 15-May-2014 09-Dec-2014 CVE-2014-8446

All Blogs ›  Latest Blogs

gagan.aggarwal
24/11/2022

Understand the Data Protection Bill 2022 in under 5 minutes

This blog contains a summary of the bill and what organizations need to keep in mind before collecting personal data of their customers....
p3n7a90n
14/10/2022

Code Injection and SQLi in WP ALL Export Pro

This blog contains details on finding Code Injection and SQLi in WP All Export Pro(CVE-2022-3394 and CVE-2022-3395). ...
gagan.aggarwal
03/10/2022

Starters Guide To Cyber Threat Intelligence

This blog explains what CTI is and how it works and its basic components...

All News ›  Latest News

Talk, Online
28-May-2022

Aseem Jakhar will be giving a talk at cyberstartersconference.
Workshop, Online
13-May-2022

Kartheek Lade will be conducting a workshop on “Car hacking 101”
Webinar, Online
29-April-2022

Amit prajapat will be delivering a webinar on “Gaining Access to Protected Components In Android”.