dimanche 21 juillet 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Microsoft File Checksum Integrity Verifier 2.05 DLL Loader fciv.exe privilege escalation

A vulnerability was found in Microsoft File Checksum Integrity Verifier 2.05. It has been classified as critical. Affected is an unknown function of the file fciv.exe of the component DLL Loader. The manipulation with an unknown input leads to a...
Auteur: VulDB

AudioCodes Mediant 500L-MSBR F7.20A Remote Services denial of service [Disputed]

A vulnerability has been found in AudioCodes Mediant 500L-MSBR, Mediant 500-MBSR, Mediant M800B-MSBR and Mediant 800C-MSBR F7.20A and classified as problematic. This vulnerability affects an unknown code block of the component Remote Services....
Auteur: VulDB

ExacqVision exacqVisionServer/dvrdhcpserver/mDNSResponder privilege escalation

A vulnerability, which was classified as critical, was found in ExacqVision exacqVisionServer, dvrdhcpserver and mDNSResponder (the affected version unknown). This affects an unknown code. The manipulation with an unknown input leads to a...
Auteur: VulDB

NVIDIA Jetson TX1 L4T up to R32.1 Tegra Bootloader Code Execution

A vulnerability, which was classified as critical, has been found in NVIDIA Jetson TX1 L4T up to R32.1. Affected by this issue is an unknown part of the component Tegra Bootloader. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

Arduino up to Rev2 LED Side-Channel information disclosure

A vulnerability classified as problematic has been found in Arduino up to Rev2. Affected is an unknown functionality of the component LED Handler. The manipulation with an unknown input leads to a information disclosure vulnerability...
Auteur: VulDB

dpic 2019.06.20 main.c wfloat() memory corruption

A vulnerability was found in dpic 2019.06.20. It has been rated as critical. This issue affects the function wfloat() of the file main.c. The manipulation with an unknown input leads to a memory corruption vulnerability (Stack-based). Using CWE...
Auteur: VulDB

Icegram Email Subscribers & Newsletters Plugin up to 4.1.7 on WordPress sql injection

A vulnerability was found in Icegram Email Subscribers & Newsletters Plugin up to 4.1.7 on WordPress (WordPress Plugin). It has been declared as critical. This vulnerability affects some unknown processing. The manipulation with an unknown input...
Auteur: VulDB

wp-code-highlightjs Plugin up to 0.6.2 on WordPress options-general.php hljs_additional_css cross site scripting

A vulnerability was found in wp-code-highlightjs Plugin up to 0.6.2 on WordPress (WordPress Plugin). It has been classified as problematic. This affects an unknown code block of the file wp-admin/options-general.php?page=wp-code-highlight-js. The...
Auteur: VulDB

ProFTPD 1.3.5b mod_copy Remote Code Execution

A vulnerability was found in ProFTPD 1.3.5b (File Transfer Software) and classified as critical. Affected by this issue is an unknown code of the component mod_copy. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

ZeroShell 3.9.0 Web Application HTTP Parameter OS Command Injection privilege escalation

A vulnerability has been found in ZeroShell 3.9.0 and classified as critical. Affected by this vulnerability is an unknown part of the component Web Application. The manipulation as part of a HTTP Parameter leads to a privilege escalation...
Auteur: VulDB

HPE IceWall SSO Agent Option/IceWall MFA denial of service [CVE-2019-11990]

A vulnerability, which was classified as problematic, was found in HPE IceWall SSO Agent Option and IceWall MFA (version unknown). Affected is some unknown functionality. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

HPE IceWall SSO Agent Option/IceWall MFA denial of service [CVE-2019-11989]

A vulnerability, which was classified as problematic, has been found in HPE IceWall SSO Agent Option and IceWall MFA (unknown version). This issue affects an unknown functionality. The manipulation with an unknown input leads to a denial of...
Auteur: VulDB

PrinterOn Central Print Services up to 4.1.4 Core Components POST Request privilege escalation

A vulnerability classified as critical was found in PrinterOn Central Print Services up to 4.1.4. This vulnerability affects an unknown function of the component Core Components. The manipulation as part of a POST Request leads to a privilege...
Auteur: VulDB

AudioCodes Mediant 500L-MSBR F7.20A Internal Interface Password weak authentication

A vulnerability was found in AudioCodes Mediant 500L-MSBR, Mediant 500-MBSR, Mediant M800B-MSBR and Mediant 800C-MSBR F7.20A and classified as critical. This issue affects some unknown processing of the component Internal Interface. The...
Auteur: VulDB

Palo Alto PAN-OS up to 7.1.18/8.0.11/8.1.2 GlobalProtect Portal/GlobalProtect Gateway Remote Code Execution

A vulnerability classified as critical was found in Palo Alto PAN-OS up to 7.1.18/8.0.11/8.1.2. Affected by this vulnerability is some unknown functionality of the component GlobalProtect Portal/GlobalProtect Gateway. The manipulation with an...
Auteur: VulDB

Directus 7 API File Upload privilege escalation

A vulnerability classified as critical has been found in Directus 7. This affects some unknown processing of the component API. The manipulation with an unknown input leads to a privilege escalation vulnerability (File Upload). CWE is...
Auteur: VulDB

Directus 7 API AuthService.php weak authentication

A vulnerability was found in Directus 7. It has been rated as critical. Affected by this issue is an unknown code block of the file core/Directus/Services/AuthService.php of the component API. The manipulation with an unknown input leads to a...
Auteur: VulDB

Directus up to 7.6.x Markdown input.vue cross site scripting

A vulnerability was found in Directus up to 7.6.x. It has been declared as problematic. Affected by this vulnerability is an unknown code of the file interfaces/markdown/input.vue of the component Markdown Handler. The manipulation with an...
Auteur: VulDB

Directus 7 API uploads/_/originals/ information disclosure

A vulnerability was found in Directus 7. It has been classified as problematic. Affected is an unknown part of the file uploads/_/originals/ of the component API. The manipulation with an unknown input leads to a information disclosure...
Auteur: VulDB

Directus 7 API uploads/_/originals Code Execution

A vulnerability was found in Directus 7 and classified as critical. This issue affects some unknown functionality of the file uploads/_/originals of the component API. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

Directus 7 API uploads/_/originals PHP File Code Execution

A vulnerability has been found in Directus 7 and classified as critical. This vulnerability affects an unknown functionality of the file uploads/_/originals of the component API. The manipulation as part of a PHP File leads to a privilege...
Auteur: VulDB

Elcom CMS up to 10.6 EventSearchByState.aspx sql injection

A vulnerability, which was classified as critical, was found in Elcom CMS up to 10.6 (Content Management System). This affects an unknown function of the file EventSearchByState.aspx. The manipulation with an unknown input leads to a sql...
Auteur: VulDB

Shenzhen Jisiwei i3 Robot Vacuum Cleaner App QR Code weak authentication

A vulnerability classified as critical was found in Shenzhen Jisiwei i3 Robot Vacuum Cleaner (affected version unknown). Affected by this vulnerability is an unknown code block of the component App. The manipulation with an unknown input leads...
Auteur: VulDB

Shenzhen Jisiwei i3 Robot Vacuum Cleaner App Cleartext weak encryption

A vulnerability classified as critical has been found in Shenzhen Jisiwei i3 Robot Vacuum Cleaner (version unknown). Affected is an unknown code of the component App. The manipulation with an unknown input leads to a weak encryption...
Auteur: VulDB

Microstrategy Web up to 10.1 Patch 9 FLTB Stored cross site scripting

A vulnerability was found in Microstrategy Web up to 10.1 Patch 9. It has been rated as problematic. This issue affects an unknown part. The manipulation of the argument FLTB as part of a Parameter leads to a cross site scripting vulnerability...
Auteur: VulDB
12345678910Last

Événements SSI

BLACK HAT

Événement majeur mondial sur la sécurité de l'information la conférence Black Hat USA a lieu du 3 au 8 août 2019 à Las Vegas (Mandalay Bay). Organisé par UBM.


Présentation par l'organisateur

Now in its 22nd year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2019 opens with four days of technical Trainings (August 3-6) followed by the two-day main conference (August 7-8) featuring Briefings, Arsenal, Business Hall, and more.

 Plus d'infos sur le site dédié à l'événement.

LES ASSISES

Grand rendez-vous annuel des RSSI, les Assises de la sécurité des systèmes d'information se tiennent à Monaco (Grimaldi Forum) du 9 au 12 octobre 2019. Organisées par DG Consultants.

Présentation par l'organisateur



Retour sur Les Assises 2018

La 18ème édition des Assises de la Sécurité à Monaco, c’est terminé ! Encore merci aux 2800 participants dont les 160 partenaires qui pendant trois jours se sont retrouvés pour faire vivre cet événement unique en France. Conférences, one-to-one, tables-rondes, ateliers, moments de networking… Par leur contenu, par la qualité des visiteurs et par la richesse des échanges, les Assises se positionnent plus que jamais comme le rendez-vous incontournable de tous les professionnels de la cybersécurité. A l’image du marché qui ne cesse d’évoluer, les Assises savent adapter leur offre afin de répondre au mieux aux attentes du secteur. Ainsi cette édition a-t-elle voulu mettre en avant les grands enjeux du moment en multipliant les prises de parole, les démonstrations et les retours d’expérience.

Rendez-vous maintenant pour la prochaine édition qui aura lieu du 9 au 12 octobre 2019

Plus d'informations sur le site dédié à l'événement.

RSS