Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Foscam C2/Application/Opticam i5 CGIProxy.fcgi addAccount usrName privilege escalation

A vulnerability was found in Foscam C2, Application and Opticam i5 (the affected version is unknown) and classified as critical. This issue affects the function addAccount of the file CGIProxy.fcgi. The manipulation of the argument usrName with...
Auteur: VulDB

PbootCMS 1.2.2 SELECT Statement PHP Code Execution privilege escalation

A vulnerability classified as critical has been found in PbootCMS 1.2.2. This affects an unknown function. The manipulation as part of a SELECT Statement leads to a privilege escalation vulnerability (PHP Code Execution). CWE is classifying the...
Auteur: VulDB

axTLS up to 2.1.3 PKCS #1 x509.c sig_verify() Certificate spoofing

A vulnerability classified as critical has been found in axTLS up to 2.1.3. Affected is the function sig_verify() of the file x509.c of the component PKCS #1 Handler. The manipulation as part of a Certificate leads to a spoofing vulnerability...
Auteur: VulDB

axTLS up to 2.1.3 PKCS #1 x509.c sig_verify() Certificate spoofing

A vulnerability was found in axTLS up to 2.1.3. It has been rated as critical. This issue affects the function sig_verify() of the file x509.c of the component PKCS #1 Handler. The manipulation as part of a Certificate leads to a spoofing...
Auteur: VulDB

axTLS up to 2.1.3 ASN.1 x509.c sig_verify() Certificate denial of service

A vulnerability was found in axTLS up to 2.1.3. It has been declared as problematic. This vulnerability affects the function sig_verify() of the file x509.c of the component ASN.1 Handler. The manipulation as part of a Certificate leads to a...
Auteur: VulDB

Foscam Opticam i5 1.5.2.11 ONVIF media GetStreamUri Request Credentials information disclosure

A vulnerability has been found in Foscam Opticam i5 1.5.2.11 and classified as problematic. Affected by this vulnerability is an unknown function of the component ONVIF media GetStreamUri. The manipulation as part of a Request leads to a...
Auteur: VulDB

Foscam C2/Opticam i5 FTP/RTSP privilege escalation [CVE-2018-19076]

A vulnerability, which was classified as critical, has been found in Foscam C2 and Opticam i5 (the affected version is unknown). This issue affects an unknown function of the component FTP/RTSP. The manipulation with an unknown input leads to a...
Auteur: VulDB

Foscam C2/Opticam i5 Firewall Feature privilege escalation [CVE-2018-19074]

A vulnerability classified as critical has been found in Foscam C2 and Opticam i5 (the affected version is unknown). This affects an unknown function of the component Firewall Feature. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

Foscam C2/Opticam i5 ProductConfig.xml privilege escalation

A vulnerability was found in Foscam C2 and Opticam i5 (the affected version is unknown). It has been rated as critical. Affected by this issue is an unknown function of the file /mnt/mtd/app/config/ProductConfig.xml. The manipulation with an...
Auteur: VulDB

Foscam Opticam i5 1.5.2.11 ONVIF devicemgmt SetHostname Persistent cross site scripting

A vulnerability was found in Foscam Opticam i5 1.5.2.11. It has been classified as problematic. This affects an unknown function of the component ONVIF devicemgmt SetHostname. The manipulation with an unknown input leads to a cross site...
Auteur: VulDB

Foscam Opticam i5 1.5.2.11 ONVIF devicemgmt SystemReboot denial of service

A vulnerability was found in Foscam Opticam i5 1.5.2.11 and classified as problematic. Affected by this issue is an unknown function of the component ONVIF devicemgmt SystemReboot. The manipulation with an unknown input leads to a denial of...
Auteur: VulDB

Foscam Opticam i5 1.5.2.11 RTSP Content-Length Integer denial of service

A vulnerability, which was classified as problematic, was found in Foscam Opticam i5 1.5.2.11. Affected is an unknown function of the component RTSP Handler. The manipulation of the argument Content-Length with an unknown input leads to a denial...
Auteur: VulDB

Foscam C2/Opticam i5 Firewall Feature privilege escalation [CVE-2018-19075]

A vulnerability classified as critical was found in Foscam C2 and Opticam i5 (the affected version is unknown). This vulnerability affects an unknown function of the component Firewall Feature. The manipulation with an unknown input leads to a...
Auteur: VulDB

Foscam C2/Opticam i5 /mnt/mtd/app Archive File privilege escalation

A vulnerability was found in Foscam C2 and Opticam i5 (the affected version is unknown). It has been declared as critical. Affected by this vulnerability is an unknown function of the file /mnt/mtd/app. The manipulation as part of a Archive File...
Auteur: VulDB

Foscam C2/Opticam i5 /mnt/mtd/boot.sh privilege escalation

A vulnerability was found in Foscam C2 and Opticam i5 (the affected version is unknown). It has been classified as critical. Affected is an unknown function of the file /mnt/mtd/boot.sh. The manipulation with an unknown input leads to a...
Auteur: VulDB

WeCenter 3.2.0/3.2.1/3.2.2 index.tpl.html htmlspecialchars_decode question_content cross site scripting

A vulnerability classified as problematic has been found in WeCenter 3.2.0/3.2.1/3.2.2. Affected is the function htmlspecialchars_decode of the file views/default/question/index.tpl.html. The manipulation of the argument question_content as part...
Auteur: VulDB

Foscam Opticam i5 1.5.2.11 ONVIF devicemgmt SetDNS Stack-based memory corruption

A vulnerability was found in Foscam Opticam i5 1.5.2.11. It has been rated as critical. This issue affects an unknown function of the component ONVIF devicemgmt SetDNS. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

Foscam Opticam i5 1.5.2.11 ONVIF devicemgmt SetDNS OS Command Injection privilege escalation

A vulnerability was found in Foscam Opticam i5 1.5.2.11. It has been declared as critical. This vulnerability affects an unknown function of the component ONVIF devicemgmt SetDNS. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

Apache Superset up to 0.22 Pickle Library load Remote Code Execution

A vulnerability was found in Apache Superset up to 0.22. It has been classified as critical. Affected is the function load of the component Pickle Library. The manipulation with an unknown input leads to a privilege escalation vulnerability...
Auteur: VulDB

libIEC61850 1.3 client/client_control.c ControlObjectClient_setCommandTerminationHandler memory corruption [Disputed]

A vulnerability was found in libIEC61850 1.3 and classified as critical. This issue affects the function ControlObjectClient_setCommandTerminationHandler of the file client/client_control.c. The manipulation with an unknown input leads to a...
Auteur: VulDB

YzmCMS 5.2 Query String cross site scripting

A vulnerability has been found in YzmCMS 5.2 and classified as problematic. This vulnerability affects an unknown function of the file search/index/archives/pubtime/. The manipulation as part of a Query String leads to a cross site scripting...
Auteur: VulDB

tianti 2.3 User Management Module list userName cross site scripting

A vulnerability, which was classified as problematic, was found in tianti 2.3. This affects an unknown function of the file tianti-module-admin/user/list of the component User Management Module. The manipulation of the argument userName as part...
Auteur: VulDB

tianti 2.3 Article Management Module Stored cross site scripting

A vulnerability, which was classified as problematic, has been found in tianti 2.3. Affected by this issue is an unknown function of the component Article Management Module. The manipulation with an unknown input leads to a cross site scripting...
Auteur: VulDB

tianti 2.3 save_role name cross site scripting

A vulnerability classified as problematic was found in tianti 2.3. Affected by this vulnerability is an unknown function of the file tianti-module-admin/user/ajax/save_role. The manipulation of the argument name as part of a Parameter leads to a...
Auteur: VulDB

VU#395981: Self-Encrypting Drives Have Multiple Vulnerabilities

CVE-2018-12037 There is no cryptographic relation between the password provided by the end user and the key used for the encryption of user data. This can allow an attacker to access the key without knowing the password provided by the end...
Auteur: US Cert
First1926192719281929193019311932193319341935Last

Événements SSI