mercredi 22 mai 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Open Ticket Request System up to 5.0.34/6.0.17/7.0.6 Report directory traversal

A vulnerability was found in Open Ticket Request System up to 5.0.34/6.0.17/7.0.6. It has been declared as critical. This vulnerability affects a code block of the component Report Handler. The manipulation with an unknown input leads to a...
Auteur: VulDB

Open Ticket Request System URL cross site scripting [CVE-2019-10067]

A vulnerability was found in Open Ticket Request System (the affected version unknown). It has been classified as problematic. This affects code of the component URL Handler. The manipulation with an unknown input leads to a cross site scripting...
Auteur: VulDB

Agent Appointment cross site scripting

A vulnerability was found in Open Ticket Request System and OTRSAppointmentCalendar (affected version not known) and classified as problematic. Affected by this issue is a part of the component Agent Handler. The manipulation as part of a...
Auteur: VulDB

CERTFR-2019-AVI-236 : Multiples vulnérabilités dans Mozilla Firefox (22 mai 2019)

De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et un contournement de la politique de...
Auteur: Cert FR

WSO2 API Manager 2.6.0 File Upload privilege escalation

A vulnerability has been found in WSO2 API Manager 2.6.0 and classified as critical. Affected by this vulnerability is a functionality of the component File Upload. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

Opentext Brava! Enterprise/Brava! Server up to 16.4 on Windows Permission Cache File privilege escalation

A vulnerability, which was classified as critical, was found in Opentext Brava! Enterprise and Brava! Server up to 16.4 on Windows. Affected is a function of the component Permission. The manipulation as part of a Cache File leads to a privilege...
Auteur: VulDB

Enigmail up to 2.0.10 PGP Signature Message spoofing

A vulnerability, which was classified as critical, has been found in Enigmail up to 2.0.10. This issue affects some functionality of the component PGP Signature Handler. The manipulation as part of a Message leads to a spoofing vulnerability....
Auteur: VulDB

Zoho ManageEngine ServiceDesk Plus up to 10.5 SDNotify.do String privilege escalation

A vulnerability classified as critical was found in Zoho ManageEngine ServiceDesk Plus up to 10.5. This vulnerability affects the functionality of the file SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id. The manipulation as...
Auteur: VulDB

CentOS-WebPanel.com CentOS Web Panel up to 0.9.8.747 fm_current_dir/filename cross site scripting

A vulnerability classified as problematic has been found in CentOS-WebPanel.com CentOS Web Panel up to 0.9.8.747. This affects an unknown function of the file CentOS-WebPanel.com. The manipulation of the argument fm_current_dir/filename as part...
Auteur: VulDB

Zoho ManageEngine ServiceDesk Plus 9.3 SearchN.do search cross site scripting

A vulnerability was found in Zoho ManageEngine ServiceDesk Plus 9.3. It has been rated as problematic. Affected by this issue is some processing of the file SearchN.do. The manipulation of the argument search with an unknown input leads to a...
Auteur: VulDB

My Little Forum up to 2.4.19 Post cross site request forgery

A vulnerability was found in My Little Forum up to 2.4.19 (Forum Software). It has been declared as problematic. Affected by this vulnerability is a code block of the component Post Handler. The manipulation with an unknown input leads to a...
Auteur: VulDB

UCMS 1.4.7 sadmin/ceditpost.php cvalue sql injection

A vulnerability was found in UCMS 1.4.7. It has been classified as critical. Affected is code of the file sadmin/ceditpost.php. The manipulation of the argument cvalue as part of a Parameter leads to a sql injection vulnerability. CWE is...
Auteur: VulDB

IdentityServer4 up to 2.4 RequestLoggerMiddleware.cs LogForErrorContext Request cross site scripting

A vulnerability was found in IdentityServer4 up to 2.4 and classified as problematic. This issue affects the function LogForErrorContext of the file host/Extensions/RequestLoggerMiddleware.cs. The manipulation as part of a Request leads to a...
Auteur: VulDB

Mozilla Releases Security Updates for Firefox

Original release date: May 21, 2019 Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.The...
Auteur: US Cert

Credentials Plugin up to 2.1.18 on Jenkins information disclosure

A vulnerability has been found in Credentials Plugin up to 2.1.18 on Jenkins (Plugin Software) and classified as problematic. This vulnerability affects a functionality. The manipulation with an unknown input leads to a information disclosure...
Auteur: VulDB

PAM Authentication Plugin up to 1.5 on Jenkins PamSecurityRealm.DescriptorImpl#doTest information disclosure

A vulnerability, which was classified as problematic, was found in PAM Authentication Plugin up to 1.5 on Jenkins (Plugin Software). This affects a function of the file PamSecurityRealm.DescriptorImpl#doTest. The manipulation with an unknown...
Auteur: VulDB

CERTFR-2019-AVI-235 : Multiples vulnérabilités dans Moodle (21 mai 2019)

De multiples vulnérabilités ont été découvertes dans Moodle. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Auteur: Cert FR

BMC Patrol Agent up to 11.3.01 Encryption Key weak encryption

A vulnerability, which was classified as critical, has been found in BMC Patrol Agent up to 11.3.01. Affected by this issue is some functionality of the component Encryption Key. The manipulation with an unknown input leads to a weak encryption...
Auteur: VulDB

IBM Storwize V7000 1.6 Configuration Version information disclosure

A vulnerability classified as problematic was found in IBM Storwize V7000 1.6. Affected by this vulnerability is the functionality of the component Configuration. The manipulation with an unknown input leads to a information disclosure...
Auteur: VulDB

IBM BigFix Platform 9.2/9.5 User Interface privilege escalation

A vulnerability classified as critical has been found in IBM BigFix Platform 9.2/9.5. Affected is an unknown function of the component User Interface. The manipulation with an unknown input leads to a privilege escalation vulnerability. CWE is...
Auteur: VulDB

IBM BigFix Platform 9.2/9.5 Web UI cross site scripting

A vulnerability was found in IBM BigFix Platform 9.2/9.5. It has been rated as problematic. This issue affects some processing of the component Web UI. The manipulation with an unknown input leads to a cross site scripting vulnerability. Using...
Auteur: VulDB

Carts Guru Plugin 1.4.5 on WordPress Deserialization wc-cartsguru-event-handler.php Cookie unknown vulnerability

A vulnerability was found in Carts Guru Plugin 1.4.5 on WordPress (Plugin Software). It has been declared as critical. This vulnerability affects a code block of the file classes/wc-cartsguru-event-handler.php of the component Deserialization....
Auteur: VulDB

Virim Plugin 0.4 on WordPress Deserialization graph.php s_values/t_values/c_values unknown vulnerability

A vulnerability was found in Virim Plugin 0.4 on WordPress (Plugin Software). It has been classified as critical. This affects code of the file graph.php of the component Deserialization. The manipulation of the argument...
Auteur: VulDB

WP Booking System 1.5.1 on WordPress sql injection [CVE-2019-12239]

A vulnerability was found in WP Booking System 1.5.1 on WordPress (WordPress Plugin) and classified as critical. Affected by this issue is a part. The manipulation with an unknown input leads to a sql injection vulnerability. Using CWE to...
Auteur: VulDB

Simple DirectMedia Layer 2.0.9 libSDL2.a SDL_InvalidateMap memory corruption

A vulnerability has been found in Simple DirectMedia Layer 2.0.9 and classified as critical. Affected by this vulnerability is the function SDL_InvalidateMap of the file libSDL2.a. The manipulation with an unknown input leads to a memory...
Auteur: VulDB
12345678910Last

Événements SSI

READY FOR IT

La première édition de Ready For IT se déroule du 20 au 22 mai 2019 à Monaco (Grimaldi Forum) : conférences, keynotes, ateliers et rendez-vous one-to-one. Organisé par DG Consultants.

Présentation de l'événement par l'organisateur

DG Consultants, l’organisateur depuis 18 ans des Assises de la Sécurité, innove en lançant Ready For It, un nouveau rendez-vous business, centré sur la convergence des technologies et l’expérience client.
Pourquoi ce nouvel événement ?
Parce que la demande explose de la part des entreprises qui sont toutes engagées dans la transformation numérique.
Tandis que les fournisseurs font évoluer leurs offres et s’organisent en écosystèmes technologiques afin d’ être au plus proches des besoins de leurs clients.
Entre les impératifs business, les demandes des métiers, les contraintes techniques, les promesses des nouveaux concepts (IA, BlockChain…), les organisations sont en attente de solutions, de conseils et de service.
S’engager dans le Cloud ?
Oui mais comment et avec quel partenaire ?
Structurer les données mais avec quelles technologies et dans quel cadre ? Et quid de la sécurité qui doit désormais être au cœur de tous les processus IT ?
Voilà pourquoi DG Consultants, la référence dans le monde des rencontres d’affaires a conçu Ready For It.
Pour réunir dans un cadre convivial et autour de contenu de qualité tous les acteurs importants de l’IT, mais également les start-ups qui savent apporter l’innovation et la « disruption ».
Rendez-vous du 20 au 22 mai 2019 à Monaco !

Plus d'infos sur le site dédié à l'événement.

 

HACK IN PARIS

Pour sa 9ème édition la conférence Hack In Paris sur la sécurité IT se tient du 16 au 20 juin 2019 à Paris, Maison de la Chimie. Organisée par Sysdream.

RSS