samedi 30 mai 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

UCMS 1.4.7 cross site request forgery [CVE-2018-20598]

A vulnerability, which was classified as problematic, has been found in UCMS 1.4.7. Affected by this issue is some functionality. The manipulation with an unknown input leads to a cross site request forgery vulnerability. Using CWE to declare...
Auteur: VulDB

UCMS 1.4.7 index.php dir cross site scripting

A vulnerability classified as problematic was found in UCMS 1.4.7. Affected by this vulnerability is the functionality of the file index.php. The manipulation of the argument dir as part of a Parameter leads to a cross site scripting...
Auteur: VulDB

XCMS 9.0.0 Server-Side Request Forgery [CVE-2018-20596]

A vulnerability classified as critical has been found in XCMS 9.0.0. Affected is an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability (SSRF). CWE is classifying the issue as CWE-918. This is...
Auteur: VulDB

HSWeb 3.0.4 OAuth2ClientController.java state cross site request forgery

A vulnerability was found in HSWeb 3.0.4. It has been rated as problematic. This issue affects some processing of the file web/authorization/oauth2/controller/OAuth2ClientController.java. The manipulation of the argument state as part of a...
Auteur: VulDB

HSWeb 3.0.4 FlowableModelManagerController.java type cross site scripting

A vulnerability was found in HSWeb 3.0.4. It has been declared as problematic. This vulnerability affects a code block of the file FlowableModelManagerController.java. The manipulation of the argument type as part of a Parameter leads to a cross...
Auteur: VulDB

Mini-XML 2.12 mxmldoc.c scan_file memory corruption

A vulnerability was found in Mini-XML 2.12. It has been classified as critical. This affects the function scan_file of the file mxmldoc.c. The manipulation with an unknown input leads to a memory corruption vulnerability (Stack-based). CWE is...
Auteur: VulDB

Mini-XML 2.12 mxml-node.c mxmlAdd XML File memory corruption

A vulnerability was found in Mini-XML 2.12 and classified as critical. Affected by this issue is the function mxmlAdd of the file mxml-node.c. The manipulation as part of a XML File leads to a memory corruption vulnerability (Use-After-Free)....
Auteur: VulDB

libming 0.4.8 util/decompile.c decompileJUMP memory corruption

A vulnerability has been found in libming 0.4.8 and classified as critical. Affected by this vulnerability is the function decompileJUMP of the file util/decompile.c. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

Ivan Cordoba Generic Content Management System up to 2018-04-28 Administrator/users.php cross site scripting

A vulnerability, which was classified as problematic, was found in Ivan Cordoba Generic Content Management System up to 2018-04-28. Affected is a function of the file Administrator/users.php. The manipulation with an unknown input leads to a...
Auteur: VulDB

Ivan Cordoba Generic Content Management System up to 2018-04-28 add_pictures.php cross site scripting

A vulnerability, which was classified as problematic, has been found in Ivan Cordoba Generic Content Management System up to 2018-04-28. This issue affects some functionality of the file Administrator/add_pictures.php. The manipulation with an...
Auteur: VulDB

Securing New Devices

Original release date: December 28, 2018 During the holidays, internet-connected devices also known as Internet of Things (IoT) are often popular gifts—such as smart TVs, watches, toys, phones, and tablets. This technology provides a level...
Auteur: US Cert

MXQ TV Box 4.4.2 com.android.server.SystemRestoreReceiver denial of service

A vulnerability classified as critical has been found in MXQ TV Box 4.4.2. This affects an unknown function of the component com.android.server.SystemRestoreReceiver. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

MXQ TV Box 4.4.2 com.android.server.MasterClearReceiver Factory Reset denial of service

A vulnerability was found in MXQ TV Box 4.4.2. It has been rated as critical. Affected by this issue is some processing of the component com.android.server.MasterClearReceiver. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

Leagoo Z5C com.android.messaging information disclosure [CVE-2018-14986]

A vulnerability was found in Leagoo Z5C (affected version unknown). It has been declared as problematic. Affected by this vulnerability is a code block of the component com.android.messaging. The manipulation with an unknown input leads to a...
Auteur: VulDB

Leagoo Z5C com.android.settings Factory Reset denial of service

A vulnerability was found in Leagoo Z5C (version unknown). It has been classified as critical. Affected is code of the component com.android.settings. The manipulation with an unknown input leads to a denial of service vulnerability (Factory...
Auteur: VulDB

Leagoo Z5C com.android.messaging privilege escalation [CVE-2018-14984]

A vulnerability was found in Leagoo Z5C (unknown version) and classified as critical. This issue affects a part of the component com.android.messaging. The manipulation with an unknown input leads to a privilege escalation vulnerability. Using...
Auteur: VulDB

Asus ZenFone 3 Max com.asus.loguploader information disclosure

A vulnerability has been found in Asus ZenFone 3 Max (the affected version is unknown) and classified as problematic. This vulnerability affects a functionality of the component com.asus.loguploader. The manipulation with an unknown input leads...
Auteur: VulDB

FrontAccounting 2.4.5 /attachments.php filterType sql injection

A vulnerability, which was classified as critical, was found in FrontAccounting 2.4.5. This affects a function of the file /attachments.php. The manipulation of the argument filterType with an unknown input leads to a sql injection vulnerability...
Auteur: VulDB

Logisim Evolution up to 2.14.3 XML Data XmlReader.java loadXmlFrom XML External Entity

A vulnerability, which was classified as critical, has been found in Logisim Evolution up to 2.14.3. Affected by this issue is the function loadXmlFrom of the file src/com/cburch/logisim/file/XmlReader.java of the component XML Data Handler. The...
Auteur: VulDB

PEAR Archive_Tar up to 1.4.3 $v_header[filename] Unserialize privilege escalation

A vulnerability classified as critical was found in PEAR Archive_Tar up to 1.4.3. Affected by this vulnerability is the functionality. The manipulation of the argument $v_header[filename] as part of a Parameter leads to a privilege escalation...
Auteur: VulDB

Battelle V2I Hub 2.5.1 Default Admin Password weak authentication

A vulnerability, which was classified as critical, has been found in Battelle V2I Hub 2.5.1. This issue affects some functionality. The manipulation with an unknown input leads to a weak authentication vulnerability (Default Admin Password)....
Auteur: VulDB

Peel SHOPPING 9.1.0 Site Name EN cross site scripting

A vulnerability classified as problematic has been found in Peel SHOPPING 9.1.0. Affected is an unknown function. The manipulation of the argument Site Name EN as part of a Parameter leads to a cross site scripting vulnerability. CWE is...
Auteur: VulDB

Battelle V2I Hub 3.0 Back-End Database PluginStatus.cpp TmxControl::user_info() sql injection

A vulnerability was found in Battelle V2I Hub 3.0. It has been rated as critical. This issue affects the function TmxControl::user_info() in the library tmx/TmxCtl/src/lib/PluginStatus.cpp of the component Back-End Database. The manipulation ...
Auteur: VulDB

Battelle V2I Hub 2.5.1 Back-End Database PluginStatusActions.php jtSorting/id sql injection

A vulnerability was found in Battelle V2I Hub 2.5.1. It has been declared as critical. This vulnerability affects a code block of the file /api/PluginStatusActions.php of the component Back-End Database. The manipulation of the argument...
Auteur: VulDB

Battelle V2I Hub 2.5.1 SystemConfigActions.php parameterName/_login_username cross site scripting

A vulnerability was found in Battelle V2I Hub 2.5.1. It has been classified as problematic. This affects code of the file api/SystemConfigActions.php?action=add. The manipulation of the argument parameterName/_login_username with an unknown...
Auteur: VulDB
First1018101910201021102210231024102510261027Last

Événements SSI