jeudi 28 mai 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

imcat 4.4 check.php information disclosure

A vulnerability has been found in imcat 4.4 and classified as problematic. Affected by this vulnerability is a functionality of the file root/tools/adbug/check.php. The manipulation with an unknown input leads to a information disclosure...
Auteur: VulDB

imcat 4.4 binfo.php information disclosure

A vulnerability, which was classified as problematic, was found in imcat 4.4. Affected is a function of the file root/tools/adbug/binfo.php?phpinfo1. The manipulation with an unknown input leads to a information disclosure vulnerability...
Auteur: VulDB

imcat 4.4 binfo.php information disclosure

A vulnerability, which was classified as problematic, has been found in imcat 4.4. This issue affects some functionality of the file root/tools/adbug/binfo.php. The manipulation with an unknown input leads to a information disclosure...
Auteur: VulDB

imcat 4.4 dev.php information disclosure

A vulnerability classified as problematic was found in imcat 4.4. This vulnerability affects the functionality of the file dev.php?tools-ipaddr&api=Pcoln&uip. The manipulation with an unknown input leads to a information disclosure vulnerability...
Auteur: VulDB

imcat 4.4 root/run/adm.php privilege escalation

A vulnerability classified as critical has been found in imcat 4.4. This affects an unknown function of the file root/run/adm.php. The manipulation with an unknown input leads to a privilege escalation vulnerability (PHP Code Execution). CWE is...
Auteur: VulDB

LFCMS 3.8.6 directory traversal [CVE-2018-20604]

A vulnerability was found in LFCMS 3.8.6. It has been rated as problematic. Affected by this issue is some processing of the file admin.php?s=/Template/edit/path/*web*..*..*..*..*1.txt.html. The manipulation with an unknown input leads to a...
Auteur: VulDB

LFCMS 3.8.6 cross site request forgery [CVE-2018-20603]

A vulnerability was found in LFCMS 3.8.6. It has been declared as problematic. Affected by this vulnerability is a code block of the file admin.php?s=/Member/add.html. The manipulation with an unknown input leads to a cross site request forgery...
Auteur: VulDB

LFCMS 3.8.6 /install.php information disclosure

A vulnerability was found in LFCMS 3.8.6. It has been classified as problematic. Affected is code of the file /install.php?s=/1. The manipulation with an unknown input leads to a information disclosure vulnerability (Path). CWE is classifying...
Auteur: VulDB

UCMS 1.4.7 index.php description cross site scripting

A vulnerability was found in UCMS 1.4.7 and classified as problematic. This issue affects a part of the file index.php. The manipulation of the argument description as part of a Parameter leads to a cross site scripting vulnerability. Using CWE...
Auteur: VulDB

UCMS 1.4.7 sadmin\cedit.php cross site scripting

A vulnerability has been found in UCMS 1.4.7 and classified as problematic. This vulnerability affects a functionality of the file sadmin\cedit.php. The manipulation with an unknown input leads to a cross site scripting vulnerability. The CWE...
Auteur: VulDB

UCMS 1.4.7 index.php privilege escalation

A vulnerability, which was classified as critical, was found in UCMS 1.4.7. This affects a function of the file index.php. The manipulation with an unknown input leads to a privilege escalation vulnerability (PHP Code Execution). CWE is...
Auteur: VulDB

UCMS 1.4.7 cross site request forgery [CVE-2018-20598]

A vulnerability, which was classified as problematic, has been found in UCMS 1.4.7. Affected by this issue is some functionality. The manipulation with an unknown input leads to a cross site request forgery vulnerability. Using CWE to declare...
Auteur: VulDB

UCMS 1.4.7 index.php dir cross site scripting

A vulnerability classified as problematic was found in UCMS 1.4.7. Affected by this vulnerability is the functionality of the file index.php. The manipulation of the argument dir as part of a Parameter leads to a cross site scripting...
Auteur: VulDB

XCMS 9.0.0 Server-Side Request Forgery [CVE-2018-20596]

A vulnerability classified as critical has been found in XCMS 9.0.0. Affected is an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability (SSRF). CWE is classifying the issue as CWE-918. This is...
Auteur: VulDB

HSWeb 3.0.4 OAuth2ClientController.java state cross site request forgery

A vulnerability was found in HSWeb 3.0.4. It has been rated as problematic. This issue affects some processing of the file web/authorization/oauth2/controller/OAuth2ClientController.java. The manipulation of the argument state as part of a...
Auteur: VulDB

HSWeb 3.0.4 FlowableModelManagerController.java type cross site scripting

A vulnerability was found in HSWeb 3.0.4. It has been declared as problematic. This vulnerability affects a code block of the file FlowableModelManagerController.java. The manipulation of the argument type as part of a Parameter leads to a cross...
Auteur: VulDB

Mini-XML 2.12 mxmldoc.c scan_file memory corruption

A vulnerability was found in Mini-XML 2.12. It has been classified as critical. This affects the function scan_file of the file mxmldoc.c. The manipulation with an unknown input leads to a memory corruption vulnerability (Stack-based). CWE is...
Auteur: VulDB

Mini-XML 2.12 mxml-node.c mxmlAdd XML File memory corruption

A vulnerability was found in Mini-XML 2.12 and classified as critical. Affected by this issue is the function mxmlAdd of the file mxml-node.c. The manipulation as part of a XML File leads to a memory corruption vulnerability (Use-After-Free)....
Auteur: VulDB

libming 0.4.8 util/decompile.c decompileJUMP memory corruption

A vulnerability has been found in libming 0.4.8 and classified as critical. Affected by this vulnerability is the function decompileJUMP of the file util/decompile.c. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

Ivan Cordoba Generic Content Management System up to 2018-04-28 Administrator/users.php cross site scripting

A vulnerability, which was classified as problematic, was found in Ivan Cordoba Generic Content Management System up to 2018-04-28. Affected is a function of the file Administrator/users.php. The manipulation with an unknown input leads to a...
Auteur: VulDB

Ivan Cordoba Generic Content Management System up to 2018-04-28 add_pictures.php cross site scripting

A vulnerability, which was classified as problematic, has been found in Ivan Cordoba Generic Content Management System up to 2018-04-28. This issue affects some functionality of the file Administrator/add_pictures.php. The manipulation with an...
Auteur: VulDB

Securing New Devices

Original release date: December 28, 2018 During the holidays, internet-connected devices also known as Internet of Things (IoT) are often popular gifts—such as smart TVs, watches, toys, phones, and tablets. This technology provides a level...
Auteur: US Cert

MXQ TV Box 4.4.2 com.android.server.SystemRestoreReceiver denial of service

A vulnerability classified as critical has been found in MXQ TV Box 4.4.2. This affects an unknown function of the component com.android.server.SystemRestoreReceiver. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

MXQ TV Box 4.4.2 com.android.server.MasterClearReceiver Factory Reset denial of service

A vulnerability was found in MXQ TV Box 4.4.2. It has been rated as critical. Affected by this issue is some processing of the component com.android.server.MasterClearReceiver. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

Leagoo Z5C com.android.messaging information disclosure [CVE-2018-14986]

A vulnerability was found in Leagoo Z5C (affected version unknown). It has been declared as problematic. Affected by this vulnerability is a code block of the component com.android.messaging. The manipulation with an unknown input leads to a...
Auteur: VulDB
First1007100810091010101110121013101410151016Last

Événements SSI