Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

SonicWALL Email Security 10.0.9.x HTTP Request privileges management

A vulnerability was found in SonicWALL Email Security 10.0.9.x (Anti-Malware Software). It has been declared as critical. This vulnerability affects an unknown code of the component HTTP Request Handler. There is no information about possible...
Auteur: VulDB

Online Book Store 1.0 admin.php sql injection

A vulnerability was found in Online Book Store 1.0. It has been classified as critical. This affects an unknown part of the file admin.php. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Larsens Calender Plugin up to 1.2 on WordPress titel cross site scripting

A vulnerability was found in Larsens Calender Plugin up to 1.2 on WordPress (WordPress Plugin) and classified as problematic. Affected by this issue is some unknown functionality. There is no information about possible countermeasures known. It...
Auteur: VulDB

Subrion CMS up to 4.2.1 Payment Gateway cross site scripting

A vulnerability has been found in Subrion CMS up to 4.2.1 (Content Management System) and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Payment Gateway. There is no information about...
Auteur: VulDB

Rukovoditel Project Management App 2.7.2 global_lists/choices sql injection

A vulnerability, which was classified as critical, was found in Rukovoditel Project Management App 2.7.2 (Project Management Software). Affected is an unknown function of the file global_lists/choices. There is no information about possible...
Auteur: VulDB

Rukovoditel Project Management App 2.7.2 access_rules/rules_form sql injection

A vulnerability, which was classified as critical, has been found in Rukovoditel Project Management App 2.7.2 (Project Management Software). This issue affects some unknown processing of the file access_rules/rules_form. There is no information...
Auteur: VulDB

Rukovoditel Project Management App 2.7.2 forms_fields_rules/rules cross-site request forgery

A vulnerability classified as problematic was found in Rukovoditel Project Management App 2.7.2 (Project Management Software). This vulnerability affects an unknown code block of the file forms_fields_rules/rules. There is no information about...
Auteur: VulDB

Dreamreport Dream Report 5 R20-2 CLSID access control

A vulnerability classified as critical has been found in Dreamreport Dream Report 5 R20-2 (Reporting Software). This affects an unknown code of the component CLSID Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Dreamreport Dream Report 5 R20-2 Binary backdoor

A vulnerability was found in Dreamreport Dream Report 5 R20-2 (Reporting Software). It has been rated as critical. Affected by this issue is an unknown part of the component Binary Handler. There is no information about possible countermeasures...
Auteur: VulDB

Dreamreport Dream Report 5 R20-2 Syncfusion Dashboard Service access control

A vulnerability was found in Dreamreport Dream Report 5 R20-2 (Reporting Software). It has been declared as critical. Affected by this vulnerability is some unknown functionality of the component Syncfusion Dashboard Service. There is no...
Auteur: VulDB

IBM Spectrum Scale 5.1.0.1 Filesystem Audit Log unknown vulnerability

A vulnerability was found in IBM Spectrum Scale 5.1.0.1 (Network Attached Storage Software). It has been classified as problematic. Affected is an unknown functionality of the component Filesystem Audit Log. There is no information about possible...
Auteur: VulDB

Erlang OTP up to 23.2.2 erlsrv.exe access control

A vulnerability was found in Erlang OTP up to 23.2.2 and classified as critical. This issue affects an unknown function of the file erlsrv.exe. Upgrading to version 23.2.3 eliminates this vulnerability. The upgrade is hosted for download at...
Auteur: VulDB

Skyworth Digital Technology RN510 3.1.0.4 app-staticIP.asp unknown vulnerability

A vulnerability has been found in Skyworth Digital Technology RN510 3.1.0.4 and classified as problematic. This vulnerability affects some unknown processing of the file /cgi-bin/app-staticIP.asp. There is no information about possible...
Auteur: VulDB

Skyworth Digital Technology RN510 3.1.0.4 net-routeadd.asp cross-site request forgery

A vulnerability, which was classified as problematic, was found in Skyworth Digital Technology RN510 3.1.0.4. This affects an unknown code block of the file /cgi-bin/net-routeadd.asp. There is no information about possible countermeasures known....
Auteur: VulDB

Skyworth Digital Technology RN510 3.1.0.4 Wi-Fi test_version.asp access control

A vulnerability, which was classified as critical, has been found in Skyworth Digital Technology RN510 3.1.0.4. Affected by this issue is an unknown code of the file in/cgi-bin/test_version.asp of the component Wi-Fi Handler. There is no...
Auteur: VulDB

sopel-channelmgnt up to 2.0.0 on sopel Kick Command access control

A vulnerability classified as problematic was found in sopel-channelmgnt up to 2.0.0 on sopel. Affected by this vulnerability is an unknown part of the component Kick Command Handler. Upgrading to version 2.0.1 eliminates this vulnerability....
Auteur: VulDB

Unibox SMB/Enterprise Series/Campus Series 2.4 /tools/network-trace cross-site request forgery

A vulnerability classified as problematic has been found in Unibox SMB, Enterprise Series and Campus Series 2.4. Affected is some unknown functionality of the file /tools/network-trace. There is no information about possible countermeasures...
Auteur: VulDB

Unibox U-50/Enterprise Series/Campus Series 2.4 /tools/ping os command injection

A vulnerability was found in Unibox U-50, Enterprise Series and Campus Series 2.4. It has been rated as critical. This issue affects an unknown functionality of the file /tools/ping. There is no information about possible countermeasures known....
Auteur: VulDB

Wikimedia Parsoid up to 0.11.0/0.12.1 Wikitext Utils/WTUtils.php cross site scripting

A vulnerability was found in Wikimedia Parsoid up to 0.11.0/0.12.1 (Content Management System). It has been declared as problematic. This vulnerability affects an unknown function of the file Utils/WTUtils.php of the component Wikitext Handler....
Auteur: VulDB

MediaWiki up to 1.31.11/1.35.1 isValidMoveTarget denial of service

A vulnerability was found in MediaWiki up to 1.31.11/1.35.1 (Content Management System). It has been classified as problematic. This affects the function MovePage::isValidMoveTarget. Upgrading to version 1.31.12 or 1.35.2 eliminates this...
Auteur: VulDB

MediaWiki up to 1.31.11/1.35.1 Special:Contributions information disclosure

A vulnerability was found in MediaWiki up to 1.31.11/1.35.1 (Content Management System) and classified as problematic. Affected by this issue is an unknown code block of the file Special:Contributions. Upgrading to version 1.31.12 or 1.35.2...
Auteur: VulDB

MediaWiki up to 1.31.11/1.35.1 ContentModelChange permission

A vulnerability has been found in MediaWiki up to 1.31.11/1.35.1 (Content Management System) and classified as critical. Affected by this vulnerability is the function ContentModelChange. Upgrading to version 1.31.12 or 1.35.2 eliminates this...
Auteur: VulDB

MediaWiki up to 1.31.12/1.35.1 API permission

A vulnerability, which was classified as critical, was found in MediaWiki up to 1.31.12/1.35.1 (Content Management System). Affected is an unknown part of the component API. Upgrading to version 1.31.13 or 1.35.2 eliminates this vulnerability.
Auteur: VulDB

Atlassian JIRA Server/Data Center up to 8.13.4/8.15.0 Dashboard Gadgets Preference Resource authorization

A vulnerability, which was classified as critical, has been found in Atlassian JIRA Server and Data Center up to 8.13.4/8.15.0 (Bug Tracking Software). This issue affects some unknown functionality of the component Dashboard Gadgets Preference...
Auteur: VulDB

CERTFR-2021-AVI-248 : Multiples vulnérabilités dans Mozilla Thunderbird (09 avril 2021)

De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Auteur: Cert FR
12345678910Last

Événements SSI