samedi 30 mai 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

webERP 4.15 Access Control Z_CreateCompanyTemplateFile.php TemplateName directory traversal

A vulnerability was found in webERP 4.15. It has been declared as critical. This vulnerability affects a code block of the file Z_CreateCompanyTemplateFile.php of the component Access Control. The manipulation of the argument TemplateName with...
Auteur: VulDB

DouCo DouPHP 1.5 manager.php cross site request forgery

A vulnerability was found in DouCo DouPHP 1.5. It has been classified as problematic. This affects code of the file upload/admin/manager.php?rec=insert. The manipulation with an unknown input leads to a cross site request forgery vulnerability....
Auteur: VulDB

Craft CMS 3.0.25 cross site scripting [CVE-2018-20418]

A vulnerability was found in Craft CMS 3.0.25 and classified as problematic. Affected by this issue is a part of the file index.php?p=admin/actions/entries/save-entry. The manipulation with an unknown input leads to a cross site scripting...
Auteur: VulDB

WellinTech KingSCADA up to 3.7.0.0.0 AlarmServer AEserver.exe Crafted Packet memory corruption

A vulnerability has been found in WellinTech KingSCADA up to 3.7.0.0.0 and classified as critical. Affected by this vulnerability is a functionality of the file AEserver.exe of the component AlarmServer. The manipulation as part of a Crafted...
Auteur: VulDB

Discuz! DiscuzX 3.4 WeChat Login plugin.php Request denial of service

A vulnerability, which was classified as problematic, has been found in Discuz! DiscuzX 3.4. Affected by this issue is some functionality of the file plugin.php of the component WeChat Login. The manipulation as part of a Request leads to a...
Auteur: VulDB

Discuz! DiscuzX 3.4 WeChat Login plugin.php wxopenid privilege escalation

A vulnerability classified as critical was found in Discuz! DiscuzX 3.4. Affected by this vulnerability is the functionality of the file plugin.php of the component WeChat Login. The manipulation of the argument wxopenid as part of a Query...
Auteur: VulDB

Discuz! DiscuzX 3.4 WeChat Login plugin.php Request weak authentication

A vulnerability classified as critical has been found in Discuz! DiscuzX 3.4. Affected is an unknown function of the file plugin.php of the component WeChat Login. The manipulation as part of a Request leads to a weak authentication...
Auteur: VulDB

IIoT Monitor 3.1.38 XML Data XML External Entity

A vulnerability has been found in IIoT Monitor 3.1.38 and classified as critical. Affected by this vulnerability is a functionality of the component XML Data Handler. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

IIoT Monitor 3.1.38 File Upload privilege escalation

A vulnerability, which was classified as critical, was found in IIoT Monitor 3.1.38. Affected is a function of the component File Upload. The manipulation with an unknown input leads to a privilege escalation vulnerability. CWE is classifying...
Auteur: VulDB

IIoT Monitor 3.1.38 directory traversal [CVE-2018-7835]

A vulnerability, which was classified as critical, has been found in IIoT Monitor 3.1.38. This issue affects some functionality. The manipulation with an unknown input leads to a directory traversal vulnerability. Using CWE to declare the...
Auteur: VulDB

Pro-face GP-Pro EX up to 4.08 privilege escalation [CVE-2018-7832]

A vulnerability classified as critical was found in Pro-face GP-Pro EX up to 4.08. This vulnerability affects the functionality. The manipulation with an unknown input leads to a privilege escalation vulnerability. The CWE definition for the...
Auteur: VulDB

EVLink Parking up to v3.2.0-12_v1 Web Interface sql injection

A vulnerability classified as critical has been found in EVLink Parking up to v3.2.0-12_v1. This affects an unknown function of the component Web Interface. The manipulation with an unknown input leads to a sql injection vulnerability. CWE is...
Auteur: VulDB

EVLink Parking up to v3.2.0-12_v1 Default Credentials weak authentication

A vulnerability was found in EVLink Parking up to v3.2.0-12_v1. It has been declared as critical. Affected by this vulnerability is a code block. The manipulation with an unknown input leads to a weak authentication vulnerability (Default...
Auteur: VulDB

PowerSuite 2 VW3A8104 memcpy memory corruption

A vulnerability was found in PowerSuite 2 VW3A8104. It has been classified as critical. Affected is the function memcpy. The manipulation with an unknown input leads to a memory corruption vulnerability. CWE is classifying the issue as CWE-119....
Auteur: VulDB

FoxView HMI SCADA up to 9.3/10.4 Credential Management privilege escalation

A vulnerability was found in FoxView HMI SCADA up to 9.3/10.4 and classified as critical. This issue affects a part of the component Credential Management. The manipulation with an unknown input leads to a privilege escalation vulnerability....
Auteur: VulDB

Telegram 4.9.1 on Android Secret Chat privilege escalation

A vulnerability has been found in Telegram 4.9.1 on Android and classified as critical. This vulnerability affects a functionality of the component Secret Chat. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

c2p0 0.9.5.2 C3P0ConfigXmlUtils.java extractXmlConfigFromInputStream XML External Entity

A vulnerability, which was classified as critical, was found in c2p0 0.9.5.2. This affects the function extractXmlConfigFromInputStream of the file com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java. The manipulation with an unknown input leads to...
Auteur: VulDB

Foxit Quick PDF Library up to 16.11 xref Entry DAOpenFile/DAOpenFileReadOnly memory corruption

A vulnerability, which was classified as critical, has been found in Foxit Quick PDF Library up to 16.11. Affected by this issue is the function DAOpenFile/DAOpenFileReadOnly of the component xref Entry Handler. The manipulation with an unknown...
Auteur: VulDB

Foxit Quick PDF Library up to 16.11 xref Table memory corruption

A vulnerability classified as critical was found in Foxit Quick PDF Library up to 16.11. Affected by this vulnerability is the function LoadFromFile/LoadFromString/LoadFromStream/DAOpenFile/DAOpenFileReadOnly of the component xref Table Handler....
Auteur: VulDB

Foxit Quick PDF Library up to 16.11 Tree Structure LoadFromFile/LoadFromString/LoadFromStream memory corruption

A vulnerability classified as critical has been found in Foxit Quick PDF Library up to 16.11. Affected is the function LoadFromFile/LoadFromString/LoadFromStream of the component Tree Structure Handler. The manipulation with an unknown input...
Auteur: VulDB

Epson WorkForce WF-2861 10.48 LQ22I3/10.51.LQ20I6/10.52.LQ17IA SNMP Service Amplification denial of service

A vulnerability was found in Epson WorkForce WF-2861 10.48 LQ22I3/10.51.LQ20I6/10.52.LQ17IA and classified as problematic. Affected by this issue is a part of the component SNMP Service. The manipulation with an unknown input leads to a denial...
Auteur: VulDB

Epson WorkForce WF-2861 10.48 LQ22I3/10.51.LQ20I6/10.52.LQ17IA Web Page /PRESENTATION/BONJOUR denial of service

A vulnerability has been found in Epson WorkForce WF-2861 10.48 LQ22I3/10.51.LQ20I6/10.52.LQ17IA and classified as problematic. Affected by this vulnerability is a functionality of the file /PRESENTATION/BONJOUR of the component Web Page. The...
Auteur: VulDB

Xiaomi Mi A1 Logcat Cleartext information disclosure

A vulnerability, which was classified as problematic, was found in Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE. Affected is a function of the component Logcat. The manipulation with an unknown input leads to a information...
Auteur: VulDB

Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection

A vulnerability, which was classified as critical, has been found in Apache Tika 1.8-1.19.1. This issue affects some functionality of the component SQLite3Parser. The manipulation with an unknown input leads to a sql injection vulnerability...
Auteur: VulDB

Synology DiskStation Manager up to 6.1.6 Log Exporter CSV command injection

A vulnerability was found in Synology DiskStation Manager up to 6.1.6. It has been rated as critical. This issue affects some processing of the component Log Exporter. The manipulation as part of a CSV leads to a privilege escalation...
Auteur: VulDB
First1025102610271028102910301031103210331034Last

Événements SSI