Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

phpMyFAQ up to 2.9.10 cross site request forgery [CVE-2018-16650]

A vulnerability was found in phpMyFAQ up to 2.9.10. It has been declared as problematic. Affected by this vulnerability is an unknown function. The manipulation with an unknown input leads to a cross site request forgery vulnerability. The CWE...
Auteur: VulDB

ps Package prior 1.0.0 on Node.js command injection [CVE-2018-16460]

A vulnerability was found in ps Package on Node.js. It has been classified as critical. Affected is an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability (Command Injection). CWE is classifying...
Auteur: VulDB

PHP Scripts Mall Olx Clone 3.4.2 cross site scripting [CVE-2018-16454]

A vulnerability was found in PHP Scripts Mall Olx Clone 3.4.2 and classified as problematic. This issue affects an unknown function. The manipulation with an unknown input leads to a cross site scripting vulnerability. Using CWE to declare the...
Auteur: VulDB

mndpsingh287 File Manager Plugin 2.9 on WordPress admin.php lang cross site scripting

A vulnerability has been found in mndpsingh287 File Manager Plugin 2.9 on WordPress and classified as problematic. This vulnerability affects an unknown function of the file wp-admin/admin.php?page=wp_file_manager. The manipulation of the...
Auteur: VulDB

Endress+Hauser WirelessHART Fieldgate SWG70 3.x fcgi-bin/wgsetcgi filename directory traversal

A vulnerability, which was classified as critical, was found in Endress+Hauser WirelessHART Fieldgate SWG70 3.x. This affects an unknown function of the file fcgi-bin/wgsetcgi. The manipulation of the argument filename with an unknown input...
Auteur: VulDB

simplelottery PayWinner maxTickets privilege escalation

A vulnerability classified as critical was found in simplelottery (the affected version is unknown). Affected by this vulnerability is the function PayWinner. The manipulation of the argument maxTickets as part of a Smart Contract leads to a...
Auteur: VulDB

KONE Group Controller up to 4.6.5 HTTP interfaces name Local File Inclusion privilege escalation

A vulnerability classified as critical has been found in KONE Group Controller up to 4.6.5. Affected is an unknown function of the component HTTP interfaces. The manipulation of the argument name as part of a Parameter leads to a privilege...
Auteur: VulDB

KONE Group Controller up to 4.6.4 ftp weak authentication

A vulnerability was found in KONE Group Controller up to 4.6.4. It has been rated as critical. This issue affects an unknown function of the component ftp. The manipulation with an unknown input leads to a weak authentication vulnerability....
Auteur: VulDB

KONE Group Controller up to 4.6.5 HTTP interfaces Code Execution

A vulnerability was found in KONE Group Controller up to 4.6.5. It has been declared as critical. This vulnerability affects an unknown function of the component HTTP interfaces. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

KONE Group Controller up to 4.6.5 HTTP interfaces denial of service

A vulnerability was found in KONE Group Controller up to 4.6.5. It has been classified as problematic. This affects an unknown function of the component HTTP interfaces. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

Creme CRM 1.6.12 Cancel Button Referer Header spoofing

A vulnerability has been found in Creme CRM 1.6.12 and classified as critical. Affected by this vulnerability is an unknown function of the component Cancel Button. The manipulation as part of a Referer Header leads to a spoofing vulnerability....
Auteur: VulDB

Creme CRM 1.6.12 Organization Creation Page Parameter Stored cross site scripting

A vulnerability, which was classified as problematic, was found in Creme CRM 1.6.12. Affected is an unknown function of the component Organization Creation Page. The manipulation of the argument...
Auteur: VulDB

Creme CRM 1.6.12 Salesman Creation Page Parameter Stored cross site scripting

A vulnerability, which was classified as problematic, has been found in Creme CRM 1.6.12. This issue affects an unknown function of the component Salesman Creation Page. The manipulation of the argument...
Auteur: VulDB

Solarwinds DameWare Mini Remote Control up to 12.0 memory corruption

A vulnerability classified as critical was found in Solarwinds DameWare Mini Remote Control up to 12.0. This vulnerability affects an unknown function. The manipulation with an unknown input leads to a memory corruption vulnerability. The CWE...
Auteur: VulDB

I-O DATA TS-WRLP/TS-WRLA up to 1.09.04 privilege escalation [CVE-2018-0662]

A vulnerability was found in I-O DATA TS-WRLP and TS-WRLA up to 1.09.04. It has been rated as critical. Affected by this issue is an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability. Using...
Auteur: VulDB

I-O DATA TS-WRLP/TS-WRLA up to 1.09.04 Access Restriction OS Command Injection privilege escalation

A vulnerability was found in I-O DATA TS-WRLP and TS-WRLA up to 1.09.04. It has been declared as critical. Affected by this vulnerability is an unknown function of the component Access Restriction. The manipulation with an unknown input leads to...
Auteur: VulDB

AttacheCase up to 2.8.4.0/3.3.0.0 ATC File directory traversal

A vulnerability was found in AttacheCase up to 2.8.4.0/3.3.0.0. It has been classified as critical. Affected is an unknown function of the component ATC File Handler. The manipulation with an unknown input leads to a directory traversal...
Auteur: VulDB

AttacheCase up to 2.8.4.0/3.3.0.0 ATC File directory traversal

A vulnerability was found in AttacheCase up to 2.8.4.0/3.3.0.0 and classified as critical. This issue affects an unknown function of the component ATC File Handler. The manipulation with an unknown input leads to a directory traversal...
Auteur: VulDB

EC-CUBE Payment Module/GMO-PG Payment Module PHP Code Execution privilege escalation

A vulnerability has been found in EC-CUBE Payment Module and GMO-PG Payment Module (the affected version is unknown) and classified as critical. This vulnerability affects an unknown function. The manipulation with an unknown input leads to a...
Auteur: VulDB

EC-CUBE Payment Module/GMO-PG Payment Module cross site scripting

A vulnerability, which was classified as problematic, was found in EC-CUBE Payment Module and GMO-PG Payment Module (the affected version is unknown). This affects an unknown function. The manipulation with an unknown input leads to a cross site...
Auteur: VulDB

Line Music up to 3.6.4 on Android X.509 Certificate Crafted Certificate Man-in-the-Middle weak encryption

A vulnerability was found in Line Music up to 3.6.4 on Android. It has been declared as critical. This vulnerability affects an unknown function of the component X.509 Certificate. The manipulation as part of a Crafted Certificate leads to a...
Auteur: VulDB

Canon IT Solutions ESET Smart Security Premium DLL Loader Search Path privilege escalation

A vulnerability was found in Canon IT Solutions ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro and CompuSec. It has been classified as problematic. This affects an unknown function of...
Auteur: VulDB

ChatWork Desktop App up to 2.3.0 on Windows DLL Loader Search Path privilege escalation

A vulnerability was found in ChatWork Desktop App up to 2.3.0 on Windows and classified as problematic. Affected by this issue is an unknown function of the component DLL Loader. The manipulation as part of a Search Path leads to a privilege...
Auteur: VulDB

MTAppjQuery up to 1.8.1 PHP Code Execution privilege escalation

A vulnerability, which was classified as critical, was found in MTAppjQuery up to 1.8.1. Affected is an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability (PHP Code Execution). CWE is...
Auteur: VulDB

Ubuntu Orca memory corruption [CVE-2018-0644]

A vulnerability, which was classified as critical, has been found in Ubuntu Orca (the affected version is unknown). This issue affects an unknown function. The manipulation with an unknown input leads to a memory corruption vulnerability. Using...
Auteur: VulDB
First1516151715181519152015211522152315241525Last

Événements SSI