dimanche 19 mai 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

PhonePe Wallet up to 3.0.6 on Android com.PhonePe.app Application weak authentication

A vulnerability has been found in PhonePe Wallet up to 3.0.6 on Android and classified as critical. Affected by this vulnerability is an unknown function of the file com.PhonePe.app. The manipulation as part of a Application leads to a weak...
Auteur: VulDB

springboot_authority up to 2017-03-06 roleKey/name/description Stored cross site scripting

A vulnerability, which was classified as problematic, was found in springboot_authority up to 2017-03-06. Affected is an unknown function. The manipulation of the argument roleKey/name/description as part of a Parameter leads to a cross site...
Auteur: VulDB

PublicCMS 4.0.180825 Username information disclosure

A vulnerability, which was classified as problematic, has been found in PublicCMS 4.0.180825. This issue affects an unknown function. The manipulation with an unknown input leads to a information disclosure vulnerability (Username). Using CWE to...
Auteur: VulDB

MCMS 4.6.5 ms/basic/manager/save.do cross site request forgery

A vulnerability classified as problematic was found in MCMS 4.6.5. This vulnerability affects an unknown function of the file ms/basic/manager/save.do. The manipulation with an unknown input leads to a cross site request forgery vulnerability....
Auteur: VulDB

OTCMS 3.61 accBackupDir PHP Code Execution privilege escalation

A vulnerability classified as critical has been found in OTCMS 3.61. This affects an unknown function. The manipulation of the argument accBackupDir as part of a Parameter leads to a privilege escalation vulnerability (PHP Code Execution). CWE...
Auteur: VulDB

WeaselCMS 0.3.6 index.php $_SERVER['PHP_SELF'] cross site scripting

A vulnerability was found in WeaselCMS 0.3.6. It has been rated as problematic. Affected by this issue is an unknown function of the file index.php. The manipulation of the argument $_SERVER['PHP_SELF'] with an unknown input leads to a cross...
Auteur: VulDB

GNU binutils up to 2.31 BFD Library libbfd.c bfd_getl32 memory corruption

A vulnerability was found in GNU binutils up to 2.31. It has been declared as critical. Affected by this vulnerability is the function bfd_getl32 of the file libbfd.c of the component BFD Library. The manipulation with an unknown input leads to...
Auteur: VulDB

GNU binutils 2.31 BFD Library opncls.c bfd_zalloc denial of service

A vulnerability was found in GNU binutils 2.31. It has been classified as problematic. Affected is the function bfd_zalloc of the file opncls.c of the component BFD Library. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

GNU binutils 2.31 BFD Library syms.c _bfd_stab_section_find_nearest_line denial of service

A vulnerability was found in GNU binutils 2.31 and classified as problematic. This issue affects the function _bfd_stab_section_find_nearest_line of the file syms.c of the component BFD Library. The manipulation with an unknown input leads to a...
Auteur: VulDB

SeaCMS 6.64 admin_datarelate.php maxHit cross site scripting

A vulnerability was found in SeaCMS 6.64 and classified as problematic. This issue affects an unknown function of the file admin_datarelate.php. The manipulation of the argument maxHit as part of a Parameter leads to a cross site scripting...
Auteur: VulDB

YUNUCMS 1.1.4 index area cross site scripting

A vulnerability was found in YUNUCMS 1.1.4. It has been classified as problematic. Affected is an unknown function of the file index.php/index/category/index. The manipulation of the argument area as part of a Parameter leads to a cross site...
Auteur: VulDB

udisks 2.8.0 udiskslogging.c udisks_log Format String

A vulnerability, which was classified as critical, has been found in udisks 2.8.0. Affected by this issue is the function udisks_log of the file udiskslogging.c. The manipulation with an unknown input leads to a format string vulnerability....
Auteur: VulDB

libsvg2 up to 2012-10-19 svg_string.c svgGetNextPathField denial of service

A vulnerability was found in libsvg2 up to 2012-10-19. It has been rated as problematic. This issue affects the function svgGetNextPathField of the file svg_string.c. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

libsvg2 up to 2012-10-19 svg_string.c svgGetNextPathField memory corruption

A vulnerability classified as critical was found in libsvg2 up to 2012-10-19. Affected by this vulnerability is the function svgGetNextPathField of the file svg_string.c. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

libsvg2 up to 2012-10-19 svg_types.c svgStringToLength memory corruption

A vulnerability classified as critical has been found in libsvg2 up to 2012-10-19. Affected is the function svgStringToLength of the file svg_types.c. The manipulation with an unknown input leads to a memory corruption vulnerability...
Auteur: VulDB

Cisco Releases Security Update

Original release date: September 21, 2018 Cisco has released a security update to address a vulnerability in Cisco Video Surveillance Manager. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC...
Auteur: US Cert

CERTFR-2018-AVI-448 : Multiples vulnérabilités dans le noyau Linux de SUSE (21 septembre 2018)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE . Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et un contournement de...
Auteur: Cert FR

Cisco Webex Player Remote Code Execution Vulnerabilities (CERT-EU Security Advisory 2018-025)

On 19th of September 2018, Cisco published a security advisory concerning Remote Code Execution Vulnerabilities. These vulnerabilities allow an unauthenticated remote attacker to execute arbitrary code on an affected device. The vulnerabilities...
Auteur: Cert EU

Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure

A vulnerability, which was classified as problematic, has been found in Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API. Affected by this issue is the function validation of the component String Comparison. The manipulation as part...
Auteur: VulDB

EspoCRM 5.3.6 Draft Message views/fields/wysiwyg.js cross site scripting

A vulnerability classified as problematic was found in EspoCRM 5.3.6. Affected by this vulnerability is an unknown function of the file views/fields/wysiwyg.js of the component Draft Message Handler. The manipulation with an unknown input leads...
Auteur: VulDB

EspoCRM 5.3.6 Search Panel name-field.tpl cross site scripting

A vulnerability classified as problematic has been found in EspoCRM 5.3.6. Affected is an unknown function of the file client/res/templates/global-search/name-field.tpl of the component Search Panel. The manipulation with an unknown input leads...
Auteur: VulDB

CuppaCMS up to 2018-09-03 cu_menus cross site scripting

A vulnerability was found in CuppaCMS up to 2018-09-03. It has been rated as problematic. This issue affects an unknown function of the file administrator/#/component/table_manager/view/cu_menus. The manipulation with an unknown input leads to a...
Auteur: VulDB

Enalean Tuleap up to 10.4 Password Reset privilege escalation

A vulnerability was found in Enalean Tuleap up to 10.4. It has been declared as critical. This vulnerability affects an unknown function of the component Password Reset. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

Liblouis up to 3.6 lou_translateString.c matchCurrentInput denial of service

A vulnerability was found in Liblouis up to 3.6 and classified as problematic. Affected by this issue is the function matchCurrentInput of the file lou_translateString.c. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

WAVM prior 2018-09-16 Programs/wavm/wavm.cpp run memory corruption

A vulnerability has been found in WAVM and classified as critical. Affected by this vulnerability is the function run of the file Programs/wavm/wavm.cpp. The manipulation with an unknown input leads to a memory corruption vulnerability (NULL...
Auteur: VulDB
First389390391392393394395396397398Last

Événements SSI

READY FOR IT

La première édition de Ready For IT se déroule du 20 au 22 mai 2019 à Monaco (Grimaldi Forum) : conférences, keynotes, ateliers et rendez-vous one-to-one. Organisé par DG Consultants.

Présentation de l'événement par l'organisateur

DG Consultants, l’organisateur depuis 18 ans des Assises de la Sécurité, innove en lançant Ready For It, un nouveau rendez-vous business, centré sur la convergence des technologies et l’expérience client.
Pourquoi ce nouvel événement ?
Parce que la demande explose de la part des entreprises qui sont toutes engagées dans la transformation numérique.
Tandis que les fournisseurs font évoluer leurs offres et s’organisent en écosystèmes technologiques afin d’ être au plus proches des besoins de leurs clients.
Entre les impératifs business, les demandes des métiers, les contraintes techniques, les promesses des nouveaux concepts (IA, BlockChain…), les organisations sont en attente de solutions, de conseils et de service.
S’engager dans le Cloud ?
Oui mais comment et avec quel partenaire ?
Structurer les données mais avec quelles technologies et dans quel cadre ? Et quid de la sécurité qui doit désormais être au cœur de tous les processus IT ?
Voilà pourquoi DG Consultants, la référence dans le monde des rencontres d’affaires a conçu Ready For It.
Pour réunir dans un cadre convivial et autour de contenu de qualité tous les acteurs importants de l’IT, mais également les start-ups qui savent apporter l’innovation et la « disruption ».
Rendez-vous du 20 au 22 mai 2019 à Monaco !

Plus d'infos sur le site dédié à l'événement.

 

HACK IN PARIS

Pour sa 9ème édition la conférence Hack In Paris sur la sécurité IT se tient du 16 au 20 juin 2019 à Paris, Maison de la Chimie. Organisée par Sysdream.

RSS