jeudi 24 octobre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

VU#766427: Multiple D-Link routers vulnerable to remote command execution

Several D-Link routers contain CGI capability that is exposed to users as/apply_sec.cgi,and dispatched on the device by the binary/www/cgi/ssi. This CGI code contains two flaws: The/apply_sec.cgi code is exposed to unauthenticated users. The...
Auteur: US Cert

FBI Releases Article on Defending Against E-Skimming

Original release date: October 23, 2019The Federal Bureau of Investigation (FBI) has released an article to raise awareness on e-skimming threats. E-skimming occurs when an attacker injects malicious code onto a website to capture credit or debit...
Auteur: US Cert

Beware of Stalking Apps

Original release date: October 23, 2019The Federal Trade Commission (FTC) has released an article warning consumers of “stalking apps”—spyware that secretly monitors smartphones. These apps can share information like call history, text messages,...
Auteur: US Cert

Google Releases Security Updates for Chrome

Original release date: October 23, 2019Google has released Chrome version 78.0.3904.70 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity...
Auteur: US Cert

Mozilla Releases Security Updates for Firefox and Firefox ESR

Original release date: October 23, 2019Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity...
Auteur: US Cert

Juniper Networks Releases Junos OS Security Advisory

Original release date: October 23, 2019Juniper Networks has released a security update to address a vulnerability in Junos OS. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and...
Auteur: US Cert

CERTFR-2019-AVI-532 : Multiples vulnérabilités dans Mozilla Firefox (23 octobre 2019)

De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de...
Auteur: Cert FR

CERTFR-2019-AVI-531 : Multiples vulnérabilités dans Google Chrome (23 octobre 2019)

De multiples vulnérabilités ont été découvertes dans Google Chrome. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un contournement de la politique de sécurité et une atteinte à...
Auteur: Cert FR

CERTFR-2019-AVI-530 : Multiples vulnérabilités dans le noyau Linux de SUSE (23 octobre 2019)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire et un déni de...
Auteur: Cert FR

CERTFR-2019-AVI-529 : Vulnérabilité dans Tenable Nessus (23 octobre 2019)

Une vulnérabilité a été découverte dans Tenable Nessus. Elle permet à un attaquant de provoquer un déni de service à distance.

Auteur: Cert FR

Adobe Experience Manager Forms 6.3/6.4/6.5 Reflected cross site scripting

A vulnerability was found in Adobe Experience Manager Forms 6.3/6.4/6.5 (Content Management System) and classified as problematic. Affected by this issue is an unknown function. There is no information about possible countermeasures known. It may...
Auteur: VulDB

totemodata 3.0.0_b936 Folder Name cross site scripting

A vulnerability has been found in totemodata 3.0.0_b936 and classified as problematic. Affected by this vulnerability is some unknown processing of the component Folder Name Handler. There is no information about possible countermeasures known....
Auteur: VulDB

FusionPBX up to 4.5.7 contact_edit.php query_string cross site scripting

A vulnerability, which was classified as problematic, was found in FusionPBX up to 4.5.7. Affected is an unknown code block of the file app\contacts\contact_edit.php. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

FusionPBX up to 4.5.7 contact_addresses.php id cross site scripting

A vulnerability, which was classified as problematic, has been found in FusionPBX up to 4.5.7. This issue affects an unknown code of the file app\contacts\contact_addresses.php. There is no information about possible countermeasures known. It may...
Auteur: VulDB

FusionPBX up to 4.5.7 messages_thread.php contact_uuid cross site scripting

A vulnerability classified as problematic was found in FusionPBX up to 4.5.7. This vulnerability affects an unknown part of the file app\messages\messages_thread.php. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Loofah Gem up to 2.3.0 on Ruby SVG Element cross site scripting

A vulnerability classified as problematic has been found in Loofah Gem up to 2.3.0 on Ruby. This affects some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected object...
Auteur: VulDB

Artificial Intelligence Theme up to 1.2.3 on WordPress HTML File cross site scripting

A vulnerability was found in Artificial Intelligence Theme up to 1.2.3 on WordPress. It has been rated as problematic. Affected by this issue is an unknown functionality. Upgrading to version 1.2.4 eliminates this vulnerability.
Auteur: VulDB

Exquisite Ultimate Newspaper Theme 1.3.3 on WordPress jquery.foundation.plugins.js cross site scripting

A vulnerability was found in Exquisite Ultimate Newspaper Theme 1.3.3 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown function of the file assets/js/jquery.foundation.plugins.js. There is no...
Auteur: VulDB

Showbiz Pro Plugin up to 1.7.1 on WordPress ZIP Archive PHP Code Execution privilege escalation

A vulnerability was found in Showbiz Pro Plugin up to 1.7.1 on WordPress. It has been classified as critical. Affected is some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

wps-hide-login Plugin up to 1.0 on WordPress Option Save cross site request forgery

A vulnerability was found in wps-hide-login Plugin up to 1.0 on WordPress and classified as problematic. This issue affects an unknown code block of the component Option Save Handler. Upgrading to version 1.1 eliminates this vulnerability.
Auteur: VulDB

ad-inserter Plugin up to 1.5.2 on WordPress options-general.php cross site request forgery

A vulnerability has been found in ad-inserter Plugin up to 1.5.2 on WordPress and classified as problematic. This vulnerability affects an unknown code of the file wp-admin/options-general.php?page=ad-inserter.php. Upgrading to version 1.5.3...
Auteur: VulDB

freshmail-newsletter Plugin up to 1.5 on WordPress shortcode.php Shortcode sql injection

A vulnerability, which was classified as critical, was found in freshmail-newsletter Plugin up to 1.5 on WordPress. This affects an unknown part of the file shortcode.php. Upgrading to version 1.6 eliminates this vulnerability.
Auteur: VulDB

syndication-links Plugin up to 1.0.2 on WordPress genericons/example.html cross site scripting

A vulnerability, which was classified as problematic, has been found in syndication-links Plugin up to 1.0.2 on WordPress. Affected by this issue is some unknown functionality of the file genericons/example.html. Upgrading to version 1.0.3...
Auteur: VulDB

indieweb-post-kinds Plugin up to 1.3.1.0 on WordPress genericons/example.html cross site scripting

A vulnerability classified as problematic was found in indieweb-post-kinds Plugin up to 1.3.1.0 on WordPress (WordPress Plugin). Affected by this vulnerability is an unknown functionality of the file genericons/example.html. Upgrading to version...
Auteur: VulDB

my-wish-list Plugin up to 1.4.1 on WordPress cross site scripting

A vulnerability classified as problematic has been found in my-wish-list Plugin up to 1.4.1 on WordPress (WordPress Plugin). Affected is an unknown function. Upgrading to version 1.4.2 eliminates this vulnerability.
Auteur: VulDB
12345678910Last

Événements SSI

BLOCKCHAIN

Conférence et exposition sur les applications d'entreprise de la blockchain à Paris, cité universitaire internationale, les 13 et 14 novembre 2019. Organisés par Corp Agency.

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS