Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Jobs Factory 2.0.4 on Joomla! filter_letter sql injection

A vulnerability was found in Jobs Factory 2.0.4 on Joomla!. It has been declared as critical. Affected by this vulnerability is an unknown function. The manipulation of the argument filter_letter as part of a Parameter leads to a sql injection...
Auteur: VulDB

Article Factory Manager 4.3.9 on Joomla! start_date/m_start_date/m_end_date sql injection

A vulnerability was found in Article Factory Manager 4.3.9 on Joomla!. It has been classified as critical. Affected is an unknown function. The manipulation of the argument start_date/m_start_date/m_end_date as part of a Parameter leads to a sql...
Auteur: VulDB

Raffle Factory 3.5.2 on Joomla! filter_order_Dir/filter_order sql injection

A vulnerability was found in Raffle Factory 3.5.2 on Joomla! and classified as critical. This issue affects an unknown function. The manipulation of the argument filter_order_Dir/filter_order as part of a Parameter leads to a sql injection...
Auteur: VulDB

Penny Auction Factory 2.0.4 on Joomla! filter_order_Dir/filter_order sql injection

A vulnerability has been found in Penny Auction Factory 2.0.4 on Joomla! and classified as critical. This vulnerability affects an unknown function. The manipulation of the argument filter_order_Dir/filter_order as part of a Parameter leads to a...
Auteur: VulDB

Questions 1.4.3 on Joomla! term/userid/users/groups sql injection

A vulnerability, which was classified as critical, was found in Questions 1.4.3 on Joomla!. This affects an unknown function. The manipulation of the argument term/userid/users/groups as part of a Parameter leads to a sql injection...
Auteur: VulDB

Reverse Auction Factory 4.3.8 on Joomla! filter_order_Dir/cat/filter_letter sql injection

A vulnerability, which was classified as critical, has been found in Reverse Auction Factory 4.3.8 on Joomla!. Affected by this issue is an unknown function. The manipulation of the argument filter_order_Dir/cat/filter_letter as part of a...
Auteur: VulDB

Music Collection 3.0.3 on Joomla! id sql injection

A vulnerability classified as critical was found in Music Collection 3.0.3 on Joomla!. Affected by this vulnerability is an unknown function. The manipulation of the argument id as part of a Parameter leads to a sql injection vulnerability. The...
Auteur: VulDB

Progress Sitefinity CMS up to 11.0 Image Upload privilege escalation

A vulnerability was found in Progress Sitefinity CMS up to 11.0. It has been classified as critical. This affects an unknown function of the component Image Upload. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

Rausoft ID.prove 2.95 Login Page POST Parameter sql injection

A vulnerability was found in Rausoft ID.prove 2.95 and classified as critical. Affected by this issue is an unknown function of the component Login Page. The manipulation as part of a POST Parameter leads to a sql injection vulnerability. Using...
Auteur: VulDB

Open Ticket Request System up to 4.0.31/5.0.29/6.0.10 Email denial of service

A vulnerability, which was classified as problematic, was found in Open Ticket Request System up to 4.0.31/5.0.29/6.0.10. Affected is an unknown function of the component Email Handler. The manipulation with an unknown input leads to a denial of...
Auteur: VulDB

Open Ticket Request System up to 4.0.31/5.0.29/6.0.10 Email External privilege escalation

A vulnerability, which was classified as problematic, has been found in Open Ticket Request System up to 4.0.31/5.0.29/6.0.10. This issue affects an unknown function of the component Email Handler. The manipulation with an unknown input leads to...
Auteur: VulDB

XWiki up to 10.7 Image Import cross site scripting

A vulnerability classified as problematic was found in XWiki up to 10.7. This vulnerability affects an unknown function of the component Image Import. The manipulation with an unknown input leads to a cross site scripting vulnerability. The CWE...
Auteur: VulDB

CMS ISWEB 3.5.3 moduli/downloadFile.php file directory traversal

A vulnerability was found in CMS ISWEB 3.5.3. It has been rated as problematic. Affected by this issue is an unknown function of the file moduli/downloadFile.php. The manipulation of the argument file with the input value...
Auteur: VulDB

CMS ISWEB 3.5.3 sql injection [CVE-2018-14956]

A vulnerability was found in CMS ISWEB 3.5.3. It has been declared as critical. Affected by this vulnerability is an unknown function. The manipulation with an unknown input leads to a sql injection vulnerability. The CWE definition for the...
Auteur: VulDB

Progress Sitefinity CMS up to 11.0 ServiceStack cross site scripting

A vulnerability was found in Progress Sitefinity CMS up to 11.0. It has been declared as problematic. This vulnerability affects an unknown function of the component ServiceStack. The manipulation with an unknown input leads to a cross site...
Auteur: VulDB

Progress Kendo UI Editor 2018.1.221 WYSIWYG Editor kendo.all.min.js toEditableHtml cross site scripting

A vulnerability has been found in Progress Kendo UI Editor 2018.1.221 and classified as problematic. This vulnerability affects the function toEditableHtml of the file kendo.all.min.js of the component WYSIWYG Editor. The manipulation with an...
Auteur: VulDB

Telegram Desktop 1.3.16 Alpha Proxy Cleartext weak encryption

A vulnerability, which was classified as critical, has been found in Telegram Desktop 1.3.16 Alpha. Affected by this issue is an unknown function of the component Proxy Handler. The manipulation with an unknown input leads to a weak encryption...
Auteur: VulDB

Asset Pipeline Plugin up to 3.0.3 on Grails directory traversal

A vulnerability was found in Asset Pipeline Plugin up to 3.0.3 on Grails and classified as critical. Affected by this issue is an unknown function. The manipulation with an unknown input leads to a directory traversal vulnerability. Using CWE to...
Auteur: VulDB

tcpreplay 4.3.0 send_packets.c get_next_packet() memory corruption

A vulnerability has been found in tcpreplay 4.3.0 and classified as critical. Affected by this vulnerability is the function get_next_packet() of the file send_packets.c. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

Exiv2 0.26 crwimage_int.cpp readDirectory() denial of service

A vulnerability, which was classified as problematic, was found in Exiv2 0.26. Affected is the function CiffDirectory::readDirectory() of the file crwimage_int.cpp. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

tcpreplay 4.3 send_packets.c fast_edit_packet() memory corruption

A vulnerability, which was classified as critical, has been found in tcpreplay 4.3. This issue affects the function fast_edit_packet() of the file send_packets.c. The manipulation with an unknown input leads to a memory corruption vulnerability...
Auteur: VulDB

SWA SWA.JACAD 3.1.37 Build 024 studentId sql injection

A vulnerability classified as critical was found in SWA SWA.JACAD 3.1.37 Build 024. This vulnerability affects an unknown function of the file /academico/aluno/esqueci-minha-senha/. The manipulation of the argument studentId as part of a...
Auteur: VulDB

YMFE YApi 1.3.23 Project name Stored cross site scripting

A vulnerability classified as problematic has been found in YMFE YApi 1.3.23. This affects an unknown function of the component Project Handler. The manipulation of the argument name with an unknown input leads to a cross site scripting...
Auteur: VulDB

Wp-Insert Plugin up to 2.4.2 on WordPress browser.html privilege escalation

A vulnerability was found in Wp-Insert Plugin up to 2.4.2 on WordPress. It has been rated as critical. Affected by this issue is an unknown function of the file fckeditor/editor/filemanager/browser/default/browser.html. The manipulation with an...
Auteur: VulDB

Vanilla up to 2.6.0 Profile email cross site scripting

A vulnerability was found in Vanilla up to 2.6.0. It has been declared as problematic. Affected by this vulnerability is an unknown function of the component Profile. The manipulation of the argument email with an unknown input leads to a cross...
Auteur: VulDB
First1464146514661467146814691470147114721473Last

Événements SSI