Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

gmapfp.org GMapFP J3.30pro on Joomla Permission Double Extension File Upload privilege escalation

A vulnerability classified as critical was found in gmapfp.org GMapFP J3.30pro on Joomla (Joomla Component). This vulnerability affects an unknown functionality of the component Permission. There is no information about possible countermeasures...
Auteur: VulDB

GetSimple CMS 3.3.16 Login Portal admin/index.php Reflected cross site scripting

A vulnerability classified as problematic has been found in GetSimple CMS 3.3.16 (Content Management System). This affects an unknown function of the file admin/index.php of the component Login Portal. There is no information about possible...
Auteur: VulDB

OSWAPP Warehouse Inventory System up to 2020-08-10 edit_user.php cross site request forgery

A vulnerability was found in OSWAPP Warehouse Inventory System up to 2020-08-10. It has been rated as problematic. Affected by this issue is some unknown processing of the file edit_user.php. There is no information about possible countermeasures...
Auteur: VulDB

Sourcecodester Tailor Management System 1.0 Login-Portal Webpage index.php Reflected cross site scripting

A vulnerability was found in Sourcecodester Tailor Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown code block of the file index.php of the component Login-Portal Webpage. There is no...
Auteur: VulDB

Sourcecodester Stock Management System 1.0 Login-Portal Webpage index.php Reflected cross site scripting

A vulnerability was found in Sourcecodester Stock Management System 1.0. It has been classified as problematic. Affected is an unknown code of the file index.php of the component Login-Portal Webpage. There is no information about possible...
Auteur: VulDB

LibreHealth EHR 2.0.0 File Upload new_comprehensive_save.php Remote Code Execution

A vulnerability was found in LibreHealth EHR 2.0.0 and classified as critical. This issue affects an unknown part of the file interface/new/new_comprehensive_save.php of the component File Upload. There is no information about possible...
Auteur: VulDB

Spiceworks up to 7.5.00107 Stored cross site scripting

A vulnerability has been found in Spiceworks up to 7.5.00107 and classified as problematic. This vulnerability affects some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Senstar Symphony 7.3.2.2 SSOAuth Deserialization privilege escalation

A vulnerability, which was classified as critical, was found in Senstar Symphony 7.3.2.2. This affects an unknown functionality of the component SSOAuth. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

Paginator prior 1.0.0 paginate() Parameter Remote Code Execution

A vulnerability, which was classified as critical, has been found in Paginator. Affected by this issue is the function paginate(). Upgrading to version 1.0.0 eliminates this vulnerability.
Auteur: VulDB

Apache Cassandra up to 2.1.21/2.2.17/3.0.21/3.11.7/4.0-beta1 RMI Registry privilege escalation

A vulnerability classified as critical was found in Apache Cassandra up to 2.1.21/2.2.17/3.0.21/3.11.7/4.0-beta1. Affected by this vulnerability is some unknown processing of the component RMI Registry. Upgrading to version 2.1.22, 2.2.18,...
Auteur: VulDB

Moteur de recherche et d’analyse Elasticsearch : 4 bonnes pratiques pour renforcer la sécurité des données

La technologie d’indexation et de recherche Elasticsearch est couramment utilisée dans les entreprises lorsque de gros volumes de données sont traités. La CNIL rappelle quelques recommandations élémentaires de sécurité pour les organismes...
Auteur: Cnil

Moteur de recherche et d’analyse Elasticsearch : 4 bonnes pratiques pour renforcer la sécurité des données

La technologie d’indexation et de recherche Elasticsearch est couramment utilisée dans les entreprises lorsque de gros volumes de données sont traités. La CNIL rappelle quelques recommandations élémentaires de sécurité pour les organismes...
Auteur: Cnil

Évènement : la CNIL présente son livre blanc sur les assistants vocaux le 7 septembre 2020

La CNIL présente, le 7 septembre 2020, en association avec le Voice Lab, son premier livre blanc « À votre écoute : exploration des enjeux éthiques, techniques et juridiques des assistants vocaux ».
Auteur: Cnil

u-root tarutil directory traversal [CVE-2020-7669]

A vulnerability classified as critical has been found in u-root (version unknown). Affected is an unknown code block of the component tarutil. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

u-root cpio Symlink directory traversal

A vulnerability was found in u-root (unknown version). It has been rated as critical. This issue affects an unknown code of the component cpio. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

u-root uzip ZIP File directory traversal

A vulnerability was found in u-root (the affected version is unknown). It has been declared as critical. This vulnerability affects an unknown part of the component uzip. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

OS4Ed openSIS 7.3 MassDropModal.php id sql injection

A vulnerability was found in OS4Ed openSIS 7.3. It has been classified as critical. This affects some unknown functionality of the file MassDropModal.php. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

OS4Ed openSIS 7.3 CourseMoreInfo.php id sql injection

A vulnerability was found in OS4Ed openSIS 7.3 and classified as critical. Affected by this issue is an unknown functionality of the file CourseMoreInfo.php. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

OS4Ed openSIS 7.3 ChooseCP.php id sql injection

A vulnerability has been found in OS4Ed openSIS 7.3 and classified as critical. Affected by this vulnerability is an unknown function of the file ChooseCP.php. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

OS4Ed openSIS 7.3 MassScheduleSessionSet.php course_period_id sql injection

A vulnerability, which was classified as critical, was found in OS4Ed openSIS 7.3. Affected is some unknown processing of the file MassScheduleSessionSet.php. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

OS4Ed openSIS 7.3 MassDropSessionSet.php course_period_id sql injection

A vulnerability, which was classified as critical, has been found in OS4Ed openSIS 7.3. This issue affects an unknown code block of the file MassDropSessionSet.php. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

OS4Ed openSIS 7.3 CpSessionSet.php course_period_id sql injection

A vulnerability classified as critical was found in OS4Ed openSIS 7.3. This vulnerability affects an unknown code of the file CpSessionSet.php. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

OS4Ed openSIS 7.3 CoursePeriodModal.php meet_date sql injection

A vulnerability classified as critical has been found in OS4Ed openSIS 7.3. This affects an unknown part of the file CoursePeriodModal.php. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

OS4Ed openSIS 7.3 CoursePeriodModal.php id sql injection

A vulnerability was found in OS4Ed openSIS 7.3. It has been rated as critical. Affected by this issue is some unknown functionality of the file CoursePeriodModal.php. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

OS4Ed openSIS 7.3 CoursePeriodModal.php course_period_id sql injection

A vulnerability was found in OS4Ed openSIS 7.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file CoursePeriodModal.php. There is no information about possible countermeasures known. It may...
Auteur: VulDB
First390391392393394395396397398399Last

Événements SSI