jeudi 28 mai 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

GoPro gpmf-parser 1.2.1 GPMF_mp4reader.c OpenMP4Source memory corruption

A vulnerability classified as critical was found in GoPro gpmf-parser 1.2.1. Affected by this vulnerability is the function OpenMP4Source of the file GPMF_mp4reader.c. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

OpenSSL up to 1.1.0i/1.1.1 ECDSA Side-Channel weak encryption

A vulnerability was found in OpenSSL up to 1.1.0i/1.1.1. It has been rated as critical. This issue affects an unknown function of the component ECDSA. The manipulation with an unknown input leads to a weak encryption vulnerability...
Auteur: VulDB

ProjectSend r582 actions.log.export.php privilege escalation

A vulnerability was found in ProjectSend r582. It has been declared as critical. This vulnerability affects an unknown function of the file includes/actions.log.export.php. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

ProjectSend r582 process-zip-download.php file directory traversal

A vulnerability was found in ProjectSend r582. It has been classified as critical. This affects an unknown function of the file process-zip-download.php. The manipulation of the argument file with the input value ../ leads to a directory...
Auteur: VulDB

ProjectSend r582 users.php Parameter weak authentication

A vulnerability was found in ProjectSend r582 and classified as critical. Affected by this issue is an unknown function of the file users.php. The manipulation as part of a Parameter leads to a weak authentication vulnerability. Using CWE to...
Auteur: VulDB

ProjectSend r582 manage-files.php status sql injection

A vulnerability has been found in ProjectSend r582 and classified as critical. Affected by this vulnerability is an unknown function of the file manage-files.php. The manipulation of the argument status as part of a Parameter leads to a sql...
Auteur: VulDB

Tenda AC7/AC10/AC15 Web Server deviceList Stack-based memory corruption

A vulnerability was found in Tenda AC7, AC10 and AC15 (the affected version is unknown). It has been declared as critical. Affected by this vulnerability is an unknown function of the component Web Server. The manipulation of the argument...
Auteur: VulDB

PHPYun 4.6 database.class.php down_sql_action() directory traversal

A vulnerability was found in PHPYun 4.6. It has been classified as critical. This affects the function down_sql_action() of the file /admin/model/database.class.php. The manipulation with an unknown input leads to a directory traversal...
Auteur: VulDB

Linux Kernel up to 4.19 drivers/cdrom/cdrom.c cdrom_ioctl_select_disc memory corruption

A vulnerability, which was classified as critical, was found in Linux Kernel up to 4.19. Affected is the function cdrom_ioctl_select_disc of the file drivers/cdrom/cdrom.c. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

Tenda AC7/AC10/AC15 Web Server firewallEn Stack-based memory corruption

A vulnerability, which was classified as problematic, has been found in Tenda AC7, AC10 and AC15 (the affected version is unknown). This issue affects an unknown function of the component Web Server. The manipulation of the argument firewallEn...
Auteur: VulDB

Tenda AC7/AC10/AC15 Web Server fromAddressNat page memory corruption

A vulnerability classified as problematic was found in Tenda AC7, AC10 and AC15 (the affected version is unknown). This vulnerability affects the function fromAddressNat of the component Web Server. The manipulation of the argument page as part...
Auteur: VulDB

Tenda AC7/AC10/AC15 Web Server ssid Stack-based memory corruption

A vulnerability classified as problematic has been found in Tenda AC7, AC10 and AC15 (the affected version is unknown). This affects an unknown function of the component Web Server. The manipulation of the argument ssid as part of a POST Request...
Auteur: VulDB

Tenda AC7/AC10/AC15 Web Server fromDhcpListClient page memory corruption

A vulnerability was found in Tenda AC7, AC10 and AC15 (the affected version is unknown). It has been rated as problematic. Affected by this issue is the function fromDhcpListClient of the component Web Server. The manipulation of the argument...
Auteur: VulDB

Monstra CMS 3.0.4 index.php cross site scripting

A vulnerability classified as problematic has been found in Monstra CMS 3.0.4. Affected is an unknown function of the file admin/index.php?id=filesmanager. The manipulation with an unknown input leads to a cross site scripting vulnerability...
Auteur: VulDB

zzcms 8.3 Cookie zs/zs_list.php sql injection

A vulnerability, which was classified as critical, has been found in zzcms 8.3. This issue affects an unknown function of the file zs/zs_list.php of the component Cookie Handler. The manipulation with an unknown input leads to a sql injection...
Auteur: VulDB

zzcms 8.3 Cookie zs/search.php sql injection

A vulnerability classified as critical was found in zzcms 8.3. This vulnerability affects an unknown function of the file zs/search.php of the component Cookie Handler. The manipulation with an unknown input leads to a sql injection...
Auteur: VulDB

zzcms 8.3 Cookie admin/special_add.php sql injection

A vulnerability classified as critical has been found in zzcms 8.3. This affects an unknown function of the file admin/special_add.php of the component Cookie Handler. The manipulation with an unknown input leads to a sql injection...
Auteur: VulDB

zzcms 8.3 zt/top.php HTTP Header sql injection

A vulnerability was found in zzcms 8.3. It has been rated as critical. Affected by this issue is an unknown function of the file zt/top.php. The manipulation as part of a HTTP Header leads to a sql injection vulnerability. Using CWE to declare...
Auteur: VulDB

zzcms 8.3 admin/classmanage.php tablename sql injection

A vulnerability was found in zzcms 8.3. It has been declared as critical. Affected by this vulnerability is an unknown function of the file admin/classmanage.php. The manipulation of the argument tablename as part of a Parameter leads to a sql...
Auteur: VulDB

zzcms 8.3 Cookie zs/zs.php sql injection

A vulnerability was found in zzcms 8.3. It has been classified as critical. Affected is an unknown function of the file zs/zs.php of the component Cookie Handler. The manipulation as part of a Cookie leads to a sql injection vulnerability. CWE...
Auteur: VulDB

zzcms 8.3 Cookie ajax/zs.php sql injection

A vulnerability was found in zzcms 8.3 and classified as critical. This issue affects an unknown function of the file ajax/zs.php of the component Cookie Handler. The manipulation with an unknown input leads to a sql injection vulnerability....
Auteur: VulDB

zzcms 8.3 Cookie zs/subzs.php sql injection

A vulnerability has been found in zzcms 8.3 and classified as critical. This vulnerability affects an unknown function of the file zs/subzs.php of the component Cookie Handler. The manipulation with an unknown input leads to a sql injection...
Auteur: VulDB

zzcms 8.3 admin/tagmanage.php tabletag sql injection

A vulnerability, which was classified as critical, was found in zzcms 8.3. This affects an unknown function of the file admin/tagmanage.php. The manipulation of the argument tabletag as part of a Parameter leads to a sql injection vulnerability....
Auteur: VulDB

SEMCMS 3.4 semcms_remail.php umail cross site scripting

A vulnerability, which was classified as problematic, has been found in SEMCMS 3.4. Affected by this issue is an unknown function of the file semcms_remail.php?type=ok. The manipulation of the argument umail as part of a Parameter leads to a...
Auteur: VulDB

DeDeCMS 5.7 SP2 /member/myfriend.php ftype cross site scripting

A vulnerability classified as problematic was found in DeDeCMS 5.7 SP2. Affected by this vulnerability is an unknown function of the file /member/myfriend.php. The manipulation of the argument ftype as part of a Parameter leads to a cross site...
Auteur: VulDB
First1115111611171118111911201121112211231124Last

Événements SSI