vendredi 24 mai 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

MODX Revolution up to 2.7.0-pl Document Resource cross site scripting

A vulnerability classified as problematic has been found in MODX Revolution up to 2.7.0-pl (Content Management System). This affects an unknown function of the component Document Resource Handler. The manipulation with an unknown input leads to...
Auteur: VulDB

MODX Revolution up to 2.7.0-pl User Photo cross site scripting

A vulnerability was found in MODX Revolution up to 2.7.0-pl (Content Management System). It has been rated as problematic. Affected by this issue is some processing of the component User Photo Handler. The manipulation with an unknown input...
Auteur: VulDB

libcURL up to 7.63.x lib/vauth/ntlm.c ntlm_decode_type2_target memory corruption

A vulnerability was found in libcURL up to 7.63.x (Network Utility Software). It has been declared as critical. Affected by this vulnerability is the function ntlm_decode_type2_target in the library lib/vauth/ntlm.c. The manipulation with an...
Auteur: VulDB

SQLAlchemy 1.2.17 group_by sql injection

A vulnerability classified as critical was found in SQLAlchemy 1.2.17. Affected by this vulnerability is the functionality. The manipulation of the argument group_by as part of a Parameter leads to a sql injection vulnerability. The CWE...
Auteur: VulDB

SIDU 6.0 Database Name Stored cross site scripting

A vulnerability classified as problematic has been found in SIDU 6.0. Affected is an unknown function of the component Database Name Handler. The manipulation with an unknown input leads to a cross site scripting vulnerability (Stored). CWE is...
Auteur: VulDB

SIDU 6.0 conn.php dbs cross site scripting

A vulnerability was found in SIDU 6.0. It has been rated as problematic. This issue affects some processing of the file conn.php. The manipulation of the argument dbs as part of a Parameter leads to a cross site scripting vulnerability...
Auteur: VulDB

DbNinja 3.2.7 Manage Hosts Page Stored cross site scripting

A vulnerability was found in DbNinja 3.2.7. It has been declared as problematic. This vulnerability affects a code block of the component Manage Hosts Page. The manipulation with an unknown input leads to a cross site scripting vulnerability...
Auteur: VulDB

MyWebSQL 3.7 User Manager Stored cross site scripting

A vulnerability was found in MyWebSQL 3.7. It has been classified as problematic. This affects code of the component User Manager. The manipulation with an unknown input leads to a cross site scripting vulnerability (Stored). CWE is classifying...
Auteur: VulDB

KindEditor 4.1.11 php/demo.php content1 cross site scripting

A vulnerability was found in KindEditor 4.1.11 (Network Encryption Software) and classified as problematic. Affected by this issue is a part of the file php/demo.php. The manipulation of the argument content1 as part of a Parameter leads to a...
Auteur: VulDB

BD FACSLyric Research Use Only Access Control privilege escalation

A vulnerability has been found in BD FACSLyric Research Use Only and classified as critical. Affected by this vulnerability is a functionality of the component Access Control. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

GDM up to 3.31.3 Timed Login weak authentication

A vulnerability, which was classified as critical, was found in GDM up to 3.31.3. Affected is a function of the component Timed Login. The manipulation with an unknown input leads to a weak authentication vulnerability. CWE is classifying the...
Auteur: VulDB

libcURL up to 7.63.x smtp_endofresp() memory corruption

A vulnerability, which was classified as critical, has been found in libcURL up to 7.63.x (Network Utility Software). This issue affects the function smtp_endofresp(). The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

libcURL up to 7.63.x lib/vauth/ntlm.c Curl_auth_create_ntlm_type3_message HTTP Header memory corruption

A vulnerability classified as critical was found in libcURL up to 7.63.x (Network Utility Software). This vulnerability affects the function Curl_auth_create_ntlm_type3_message in the library lib/vauth/ntlm.c. The manipulation as part of a HTTP...
Auteur: VulDB

Marvell Avastar Wi-Fi Vulnerability

Original release date: February 05, 2019 The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting Marvell Avastar wireless system on chip (SoC) models. An attacker could exploit this vulnerability to...
Auteur: US Cert

Le nouveau Collège de la CNIL est constitué

La Présidente de la CNIL, Marie-Laure DENIS, et l’ensemble des membres du Collège dont le mandat venait à expiration ont été désignés. Le Collège se réunira, pour la première fois, à l’occasion de la séance plénière du 14 février 2019.
Auteur: Cnil

VU#730261: Marvell Avastar wireless SoCs have multiple vulnerabilities

A presentation at the ZeroNights 2018 conference describes multiple security issues with Marvell Avastar SoCs(models 88W8787,88W8797,88W8801,and 88W8897). The presentation provides some detail about a block pool memory overflow. During Wi-Fi...
Auteur: US Cert

CERTFR-2019-AVI-045 : Multiples vulnérabilités dans Google Android (05 février 2019)

De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à la confidentialité des données.
Auteur: Cert FR

CERTFR-2019-AVI-044 : Multiples vulnérabilités dans le noyau Linux d’Ubuntu (05 février 2019)

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.
Auteur: Cert FR

42Gears SureMDM prior 2018-11-27 Cross-Origin privilege escalation

A vulnerability, which was classified as critical, has been found in 42Gears SureMDM. Affected by this issue is some functionality. The manipulation with an unknown input leads to a privilege escalation vulnerability (Cross-Origin). Using CWE to...
Auteur: VulDB

42Gears SureMDM prior 2018-11-27 API Endpoint Master.html privilege escalation

A vulnerability classified as critical was found in 42Gears SureMDM. Affected by this vulnerability is the functionality of the file /console/ConsolePage/Master.html of the component API Endpoint. The manipulation with an unknown input leads to...
Auteur: VulDB

42Gears SureMDM prior 2018-11-27 DownloadUrlResponse.ashx url Server-Side Request Forgery

A vulnerability classified as critical has been found in 42Gears SureMDM. Affected is an unknown function of the file /api/DownloadUrlResponse.ashx. The manipulation of the argument url as part of a Parameter leads to a privilege escalation...
Auteur: VulDB

42Gears SureMDM prior 2018-11-27 API Endpoint /api/register/:email GET Request information disclosure

A vulnerability was found in 42Gears SureMDM. It has been rated as problematic. This issue affects some processing of the file /api/register/:email of the component API Endpoint. The manipulation as part of a GET Request leads to a information...
Auteur: VulDB

42Gears SureMDM prior 2018-11-27 Cross-Origin privilege escalation

A vulnerability was found in 42Gears SureMDM. It has been declared as critical. This vulnerability affects a code block. The manipulation with an unknown input leads to a privilege escalation vulnerability (Cross-Origin). The CWE definition for...
Auteur: VulDB

ImageMagick up to 7.0.8-24 coders/dib.c WriteDIBImage denial of service

A vulnerability has been found in ImageMagick up to 7.0.8-24 (Image Processing Software) and classified as problematic. This vulnerability affects the function WriteDIBImage of the file coders/dib.c. The manipulation with an unknown input leads...
Auteur: VulDB

ImageMagick up to 7.0.8-24 coders/pdf.c WritePDFImage denial of service

A vulnerability, which was classified as problematic, was found in ImageMagick up to 7.0.8-24 (Image Processing Software). This affects the function WritePDFImage of the file coders/pdf.c. The manipulation with an unknown input leads to a denial...
Auteur: VulDB
First172173174175176177178179180181Last

Événements SSI

HACK IN PARIS

Pour sa 9ème édition la conférence Hack In Paris sur la sécurité IT se tient du 16 au 20 juin 2019 à Paris, Maison de la Chimie. Organisée par Sysdream.

RSS