mercredi 16 octobre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Shack Forms Pro Extension up to 4.0.31 on Joomla File Attachment directory traversal

A vulnerability classified as critical has been found in Shack Forms Pro Extension up to 4.0.31 on Joomla. This affects some unknown functionality of the component File Attachment Handler. Upgrading to version 4.0.32 eliminates this vulnerability.
Auteur: VulDB

RIOT 2019.07 MQTT-SN Large Packet Loop denial of service

A vulnerability was found in RIOT 2019.07. It has been rated as problematic. Affected by this issue is an unknown functionality of the component MQTT-SN Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

animate-it Plugin up to 2.3.4 on WordPress cross site scripting

A vulnerability was found in animate-it Plugin up to 2.3.4 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown function. Upgrading to version 2.3.5 eliminates this vulnerability.
Auteur: VulDB

animate-it Plugin up to 2.3.3 on WordPress cross site scripting

A vulnerability was found in animate-it Plugin up to 2.3.3 on WordPress. It has been classified as problematic. Affected is some unknown processing. Upgrading to version 2.3.4 eliminates this vulnerability.
Auteur: VulDB

netaddr Gem up to 2.0.3 on Ruby File Permission privilege escalation

A vulnerability was found in netaddr Gem up to 2.0.3 on Ruby and classified as critical. This issue affects an unknown code block of the component File Permission. Upgrading to version 2.0.4 eliminates this vulnerability.
Auteur: VulDB

Zabbix up to 4.4 Dashboard Page zabbix.php privilege escalation

A vulnerability has been found in Zabbix up to 4.4 and classified as critical. This vulnerability affects an unknown code of the file zabbix.php?action=dashboard.view&dashboardid=1 of the component Dashboard Page. There is no information about...
Auteur: VulDB

cPanel up to 82.0.14 WHM Update Preferences Interface cross site scripting

A vulnerability, which was classified as problematic, was found in cPanel up to 82.0.14. This affects an unknown part of the component WHM Update Preferences Interface. Upgrading to version 82.0.15 eliminates this vulnerability.
Auteur: VulDB

cPanel up to 82.0.14 WHM SSL Storage Manager Interface Stored cross site scripting

A vulnerability, which was classified as problematic, has been found in cPanel up to 82.0.14. Affected by this issue is some unknown functionality of the component WHM SSL Storage Manager Interface. Upgrading to version 82.0.15 eliminates this...
Auteur: VulDB

cPanel up to 82.0.14 SSL Key Delete Interface cross site scripting

A vulnerability classified as problematic was found in cPanel up to 82.0.14 (Hosting Control Software). Affected by this vulnerability is an unknown functionality of the component SSL Key Delete Interface. Upgrading to version 82.0.15 eliminates...
Auteur: VulDB

cPanel up to 82.0.14 LiveAPI Example Scripts cross site scripting

A vulnerability classified as problematic has been found in cPanel up to 82.0.14 (Hosting Control Software). Affected is an unknown function of the component LiveAPI Example Scripts. Upgrading to version 82.0.15 eliminates this vulnerability.
Auteur: VulDB

cPanel up to 82.0.14 SSL Certificate Upload cross site scripting

A vulnerability was found in cPanel up to 82.0.14 (Hosting Control Software). It has been rated as problematic. This issue affects some unknown processing of the component SSL Certificate Upload. Upgrading to version 82.0.15 eliminates this...
Auteur: VulDB

cPanel up to 82.0.14 API Token unknown vulnerability [CVE-2019-17375]

A vulnerability was found in cPanel up to 82.0.14 (Hosting Control Software). It has been declared as problematic. This vulnerability affects an unknown code block of the component API Token Handler. Upgrading to version 82.0.15 eliminates this...
Auteur: VulDB

Netgear WNR834Bv2 privilege escalation [CVE-2019-17373]

A vulnerability was found in Netgear MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500 and WNR834Bv2. It has been classified as critical. This affects an unknown code. It is possible to mitigate the weakness by...
Auteur: VulDB

Netgear DC112A genieDisableLanChanged.cgi weak authentication

A vulnerability was found in Netgear DC112A, JNDR3000, LG2200D, R4500, R6200, R6200V2, R6250, R6300, R6300v2, R6400, R6700, R6900P, R6900, R7000P, R7000, R7100LG, R7300, R7900, R8000, R8300, R8500, WGR614v10, WN2500RPv2, WNDR3400v2, WNDR3700v3,...
Auteur: VulDB

libpng 1.6.37 png_malloc_warn/png_create_info_struct denial of service

A vulnerability has been found in libpng 1.6.37 (Image Processing Software) and classified as problematic. Affected by this vulnerability is the function png_malloc_warn/png_create_info_struct. There is no information about possible...
Auteur: VulDB

OTCMS 3.85 sysCheckFile_deal.php SELECT Statement Code Execution

A vulnerability, which was classified as critical, was found in OTCMS 3.85. Affected is an unknown functionality of the file admin/sysCheckFile_deal.php. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

Citrix Application Delivery Management up to 12.0 Access Control privilege escalation

A vulnerability, which was classified as critical, has been found in Citrix Application Delivery Management up to 12.0. This issue affects an unknown function of the component Access Control. Applying the patch 12.1 Build 54.13 is able to...
Auteur: VulDB

Nix up to 2.3 privilege escalation [CVE-2019-17365]

A vulnerability classified as critical was found in Nix up to 2.3. This vulnerability affects some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

D-Link DIR-615 20.05/20.07 wan.htm information disclosure

A vulnerability was found in D-Link DIR-615 20.05/20.07. It has been rated as problematic. Affected by this issue is an unknown code of the file wan.htm. Addressing this vulnerability is possible by firewalling .
Auteur: VulDB

Netreo OmniCenter up to 12.1.1 redirect Blind sql injection

A vulnerability was found in Netreo OmniCenter up to 12.1.1. It has been declared as critical. Affected by this vulnerability is an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Kramer VIAware 2.5.0719.1034 Access Control privilege escalation

A vulnerability was found in Kramer VIAware 2.5.0719.1034. It has been classified as critical. Affected is some unknown functionality of the component Access Control. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Zoho ManageEngine DataSecurity Plus up to 5.0.1 Configuration File privilege escalation

A vulnerability was found in Zoho ManageEngine DataSecurity Plus up to 5.0.1 and classified as critical. This issue affects an unknown functionality of the component Configuration File. Applying the patch 5.0.1 5012 is able to eliminate this...
Auteur: VulDB

Koji up to 1.18.0 directory traversal [CVE-2019-17109]

A vulnerability has been found in Koji up to 1.18.0 and classified as critical. This vulnerability affects an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected object with...
Auteur: VulDB

OpenProject up to 9.0.3/10.0.1 Project List sortBy cross site scripting

A vulnerability, which was classified as problematic, was found in OpenProject up to 9.0.3/10.0.1 (Project Management Software). This affects some unknown processing of the component Project List Handler. Upgrading to version 9.0.4 or 10.0.2...
Auteur: VulDB

OpenSSH 7.7/7.8/7.9/8.0 XMSS Key Integer Overflow memory corruption

A vulnerability, which was classified as critical, has been found in OpenSSH 7.7/7.8/7.9/8.0 (Connectivity Software). Affected by this issue is an unknown code block of the component XMSS Key Handler. Upgrading to version 8.1 eliminates this...
Auteur: VulDB
First891011121314151617Last

Événements SSI

BLOCKCHAIN

Conférence et exposition sur les applications d'entreprise de la blockchain à Paris, cité universitaire internationale, les 13 et 14 novembre 2019. Organisés par Corp Agency.

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS