Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

GNU libiberty cplus-dem.c denial of service

A vulnerability was found in GNU libiberty (the affected version is unknown). It has been rated as problematic. This issue affects an unknown function of the file cplus-dem.c. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

Virtualenv 16.0.0 Sandbox privilege escalation

A vulnerability was found in Virtualenv 16.0.0. It has been declared as critical. This vulnerability affects an unknown function of the component Sandbox. The manipulation with an unknown input leads to a privilege escalation vulnerability. The...
Auteur: VulDB

Blynk up to 0.39.6 blynk-server directory traversal

A vulnerability was found in Blynk up to 0.39.6. It has been classified as critical. This affects an unknown function of the component blynk-server. The manipulation with the input value ../ leads to a directory traversal vulnerability. CWE is...
Auteur: VulDB

zzcms 8.3 user/ztconfig.php oldimg directory traversal

A vulnerability, which was classified as critical, was found in zzcms 8.3. This affects an unknown function of the file user/ztconfig.php. The manipulation of the argument oldimg as part of a Modify Request leads to a directory traversal...
Auteur: VulDB

zzcms 8.3 user/zssave.php oldimg directory traversal

A vulnerability, which was classified as critical, has been found in zzcms 8.3. Affected by this issue is an unknown function of the file user/zssave.php. The manipulation of the argument oldimg as part of a Modify Request leads to a directory...
Auteur: VulDB

LibTIFF 4.0.9 tiff2pdf.c t2p_write_pdf memory corruption

A vulnerability classified as critical has been found in LibTIFF 4.0.9. Affected is the function t2p_write_pdf of the file tiff2pdf.c. The manipulation with an unknown input leads to a memory corruption vulnerability (Heap-based). CWE is...
Auteur: VulDB

Telegram Desktop/App P2P Connection IP Address information disclosure

A vulnerability classified as problematic was found in Telegram Desktop and App (the affected version is unknown). This vulnerability affects an unknown function of the component P2P Connection Handler. The manipulation with an unknown input...
Auteur: VulDB

Foxit PhantomPDF/Reader up to 9.2 information disclosure [CVE-2018-17781]

A vulnerability, which was classified as problematic, has been found in Foxit PhantomPDF and Reader up to 9.2. This issue affects an unknown function. The manipulation with an unknown input leads to a information disclosure vulnerability. Using...
Auteur: VulDB

IC3 Issues Alert on RDP Exploitation

Original release date: September 28, 2018 The Internet Crime Complaint Center (IC3), in collaboration with DHS and the Federal Bureau of Investigation, has released an alert on cyber threat actors maliciously using legitimate remote...
Auteur: US Cert

CERTFR-2018-AVI-460 : Multiples vulnérabilités dans le noyau Linux de SUSE (28 septembre 2018)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et un contournement de la politique...
Auteur: Cert FR

DNSSEC Key Signing Key Rollover

Original release date: September 27, 2018 On October 11, 2018, the Internet Corporation for Assigned Names and Numbers (ICANN) will be changing the Root Zone Key Signing Key (KSK) used in the Domain Name System (DNS) Security Extensions...
Auteur: US Cert

Jekyll up to 3.6.2/3.7.3/3.8.3 _config.yml include privilege escalation

A vulnerability was found in Jekyll up to 3.6.2/3.7.3/3.8.3 and classified as critical. Affected by this issue is an unknown function of the file _config.yml. The manipulation of the argument include with an unknown input leads to a privilege...
Auteur: VulDB

AlphaIndex Dictionaries 1.0 on Joomla! letter sql injection

A vulnerability has been found in AlphaIndex Dictionaries 1.0 on Joomla! and classified as critical. Affected by this vulnerability is an unknown function. The manipulation of the argument letter as part of a Parameter leads to a sql injection...
Auteur: VulDB

Timetable Schedule 3.6.8 on Joomla! eid sql injection

A vulnerability, which was classified as critical, was found in Timetable Schedule 3.6.8 on Joomla!. Affected is an unknown function. The manipulation of the argument eid as part of a Parameter leads to a sql injection vulnerability. CWE is...
Auteur: VulDB

Super CMS Blog Pro 1.0 authors_post.php author sql injection

A vulnerability, which was classified as critical, has been found in Super CMS Blog Pro 1.0. This issue affects an unknown function of the file authors_post.php. The manipulation of the argument author as part of a Parameter leads to a sql...
Auteur: VulDB

Social Factory 3.8.3 on Joomla! radius[lat]/radius[lng]/radius[radius] sql injection

A vulnerability classified as critical was found in Social Factory 3.8.3 on Joomla!. This vulnerability affects an unknown function. The manipulation of the argument radius[lat]/radius[lng]/radius[radius] as part of a Parameter leads to a sql...
Auteur: VulDB

Swap Factory 2.2.1 on Joomla! filter_order_Dir/filter_order sql injection

A vulnerability classified as critical has been found in Swap Factory 2.2.1 on Joomla!. This affects an unknown function. The manipulation of the argument filter_order_Dir/filter_order as part of a Parameter leads to a sql injection...
Auteur: VulDB

Jobs Factory 2.0.4 on Joomla! filter_letter sql injection

A vulnerability was found in Jobs Factory 2.0.4 on Joomla!. It has been declared as critical. Affected by this vulnerability is an unknown function. The manipulation of the argument filter_letter as part of a Parameter leads to a sql injection...
Auteur: VulDB

Article Factory Manager 4.3.9 on Joomla! start_date/m_start_date/m_end_date sql injection

A vulnerability was found in Article Factory Manager 4.3.9 on Joomla!. It has been classified as critical. Affected is an unknown function. The manipulation of the argument start_date/m_start_date/m_end_date as part of a Parameter leads to a sql...
Auteur: VulDB

Raffle Factory 3.5.2 on Joomla! filter_order_Dir/filter_order sql injection

A vulnerability was found in Raffle Factory 3.5.2 on Joomla! and classified as critical. This issue affects an unknown function. The manipulation of the argument filter_order_Dir/filter_order as part of a Parameter leads to a sql injection...
Auteur: VulDB

Penny Auction Factory 2.0.4 on Joomla! filter_order_Dir/filter_order sql injection

A vulnerability has been found in Penny Auction Factory 2.0.4 on Joomla! and classified as critical. This vulnerability affects an unknown function. The manipulation of the argument filter_order_Dir/filter_order as part of a Parameter leads to a...
Auteur: VulDB

Questions 1.4.3 on Joomla! term/userid/users/groups sql injection

A vulnerability, which was classified as critical, was found in Questions 1.4.3 on Joomla!. This affects an unknown function. The manipulation of the argument term/userid/users/groups as part of a Parameter leads to a sql injection...
Auteur: VulDB

Reverse Auction Factory 4.3.8 on Joomla! filter_order_Dir/cat/filter_letter sql injection

A vulnerability, which was classified as critical, has been found in Reverse Auction Factory 4.3.8 on Joomla!. Affected by this issue is an unknown function. The manipulation of the argument filter_order_Dir/cat/filter_letter as part of a...
Auteur: VulDB

Music Collection 3.0.3 on Joomla! id sql injection

A vulnerability classified as critical was found in Music Collection 3.0.3 on Joomla!. Affected by this vulnerability is an unknown function. The manipulation of the argument id as part of a Parameter leads to a sql injection vulnerability. The...
Auteur: VulDB

Progress Sitefinity CMS up to 11.0 Image Upload privilege escalation

A vulnerability was found in Progress Sitefinity CMS up to 11.0. It has been classified as critical. This affects an unknown function of the component Image Upload. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB
First1308130913101311131213131314131513161317Last

Événements SSI