lundi 16 septembre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Pluck 4.7.9-dev1 admin.php cross site request forgery

A vulnerability was found in Pluck 4.7.9-dev1. It has been declared as problematic. Affected by this vulnerability is a code block of the file /admin.php?action=module_delete&var1. The manipulation with an unknown input leads to a cross site...
Auteur: VulDB

Pluck 4.7.9-dev1 admin.php cross site request forgery

A vulnerability was found in Pluck 4.7.9-dev1. It has been classified as problematic. Affected is code of the file /admin.php?action=theme_delete&var1. The manipulation with an unknown input leads to a cross site request forgery vulnerability....
Auteur: VulDB

GoRose 1.0.4 order_by/group_by sql injection

A vulnerability was found in GoRose 1.0.4 and classified as critical. This issue affects a part. The manipulation of the argument order_by/group_by as part of a Parameter leads to a sql injection vulnerability. Using CWE to declare the problem...
Auteur: VulDB

Sitemagic CMS 4.4 index.php privilege escalation

A vulnerability has been found in Sitemagic CMS 4.4 (Content Management System) and classified as critical. This vulnerability affects a functionality of the file index.php?SMExt=SMFiles. The manipulation with an unknown input leads to a...
Auteur: VulDB

ZZZCMS zzzphp 1.6.1 inc/zzz_template.php parserIfLabel privilege escalation

A vulnerability, which was classified as critical, was found in ZZZCMS zzzphp 1.6.1 (Content Management System). This affects the function parserIfLabel of the file inc/zzz_template.php. The manipulation with an unknown input leads to a...
Auteur: VulDB

S-CMS PHP v3.0 ajax.php cross site request forgery

A vulnerability, which was classified as problematic, has been found in S-CMS PHP v3.0 (Content Management System). Affected by this issue is some functionality of the file admin/ajax.php?type=admin&action=add. The manipulation with an unknown...
Auteur: VulDB

matio 1.5.13 libmatio.a ReadNextCell memory corruption

A vulnerability classified as critical was found in matio 1.5.13. Affected by this vulnerability is the function ReadNextCell of the file libmatio.a. The manipulation with an unknown input leads to a memory corruption vulnerability (Segmentation...
Auteur: VulDB

matio 1.5.13 libmatio.a Mat_VarPrint memory corruption

A vulnerability classified as critical has been found in matio 1.5.13. Affected is the function Mat_VarPrint of the file libmatio.a. The manipulation with an unknown input leads to a memory corruption vulnerability. CWE is classifying the issue...
Auteur: VulDB

matio 1.5.13 libmatio.a ReadNextFunctionHandle memory corruption

A vulnerability was found in matio 1.5.13. It has been rated as critical. This issue affects the function ReadNextFunctionHandle of the file libmatio.a. The manipulation with an unknown input leads to a memory corruption vulnerability...
Auteur: VulDB

Critical Flaw in Drupal Allows Remote Code Execution (CERT-EU Security Advisory 2019-005)

An important security update was released by Drupal, which patches a remote code execution vulnerability (number CVE-2019-6340). The vulnerability was caused by the data passed into the RESTful Web service without strict verification. Successful...
Auteur: Cert EU

ISC Releases Security Updates for BIND

Original release date: February 22, 2019 The Internet Systems Consortium (ISC) has released security updates that address vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could...
Auteur: US Cert

CERTFR-2019-AVI-076 : Vulnérabilité dans ISC Bind (22 février 2019)

Une vulnérabilité a été découverte dans ISC Bind. Elle permet à un attaquant de provoquer un déni de service à distance.

Auteur: Cert FR

CERTFR-2019-AVI-075 : Vulnérabilité dans Adobe Acrobat et Reader (22 février 2019)

Une vulnérabilité a été découverte dans Adobe Acrobat et Reader. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Auteur: Cert FR

Pixeline Bugs up to 1.3.2c install/config-setup.php database_host privilege escalation

A vulnerability was found in Pixeline Bugs up to 1.3.2c and classified as critical. This issue affects a part of the file install/config-setup.php. The manipulation of the argument database_host with an unknown input leads to a privilege...
Auteur: VulDB

Tiny Issue up to 1.3.1 install/config-setup.php database_host privilege escalation

A vulnerability has been found in Tiny Issue up to 1.3.1 and classified as critical. This vulnerability affects a functionality of the file install/config-setup.php. The manipulation of the argument database_host with an unknown input leads to a...
Auteur: VulDB

PHP up to 7.3.0 php_mbregex.c mb_split Negative Argument memory corruption

A vulnerability, which was classified as critical, has been found in PHP up to 7.3.0 (Programming Language Software). Affected by this issue is the function mb_split of the file ext/mbstring/php_mbregex.c. The manipulation as part of a Negative...
Auteur: VulDB

PHP up to 5.6.39/7.1.25/7.2.13/7.3.0 RPC Server base64.c xmlrpc_decode memory corruption

A vulnerability classified as critical was found in PHP up to 5.6.39/7.1.25/7.2.13/7.3.0 (Programming Language Software). Affected by this vulnerability is the function xmlrpc_decode in the library ext/xmlrpc/libxmlrpc/base64.c of the component...
Auteur: VulDB

PHP up to 5.6.39/7.1.25/7.2.13/7.3.0 Regular Expression regcomp.c memory corruption

A vulnerability classified as critical has been found in PHP up to 5.6.39/7.1.25/7.2.13/7.3.0 (Programming Language Software). Affected is an unknown function of the file ext/mbstring/oniguruma/regcomp.c of the component Regular Expression. The...
Auteur: VulDB

PHP up to 7.1.25/7.2.13/7.3.1 DNS Response ext/standard/dns.c dns_get_record memory corruption

A vulnerability was found in PHP up to 7.1.25/7.2.13/7.3.1 (Programming Language Software). It has been rated as critical. This issue affects the function dns_get_record of the file ext/standard/dns.c of the component DNS Response Handler. The...
Auteur: VulDB

PHP up to 5.6.39/7.1.25/7.2.13/7.3.0 phar ext/phar/phar.c phar_detect_phar_fname_ext memory corruption

A vulnerability was found in PHP up to 5.6.39/7.1.25/7.2.13/7.3.0 (Programming Language Software). It has been declared as critical. This vulnerability affects the function phar_detect_phar_fname_ext of the file ext/phar/phar.c of the component...
Auteur: VulDB

PHP up to 5.6.39/7.1.25/7.2.13/7.3.0 xml_element.c xml_elem_parse_buf memory corruption

A vulnerability was found in PHP up to 5.6.39/7.1.25/7.2.13/7.3.0 (Programming Language Software). It has been classified as critical. This affects the function xml_elem_parse_buf in the library ext/xmlrpc/libxmlrpc/xml_element.c. The...
Auteur: VulDB

British Airways Entertainment System USB privilege escalation

A vulnerability was found in British Airways Entertainment System and classified as critical. Affected by this issue is a part of the component USB Handler. The manipulation with an unknown input leads to a privilege escalation vulnerability....
Auteur: VulDB

MOPCMS up to 2018-11-30 X0AZgf(index).php form[name] cross site scripting

A vulnerability has been found in MOPCMS up to 2018-11-30 (Content Management System) and classified as problematic. Affected by this vulnerability is a functionality of the file...
Auteur: VulDB

MOPCMS up to 2018-11-30 directory traversal [CVE-2019-9015]

A vulnerability, which was classified as critical, was found in MOPCMS up to 2018-11-30 (Content Management System). Affected is a function. The manipulation with an unknown input leads to a directory traversal vulnerability. CWE is classifying...
Auteur: VulDB

Eclipse Wakaama 1.0 LWM2M Server er-coap-13.c lwm2mserver Crafted Packet denial of service

A vulnerability, which was classified as problematic, has been found in Eclipse Wakaama 1.0. This issue affects the function lwm2mserver of the file core/er-coap-13/er-coap-13.c of the component LWM2M Server. The manipulation as part of a...
Auteur: VulDB
First392393394395396397398399400401Last

Événements SSI

LES ASSISES

Grand rendez-vous annuel des RSSI, les Assises de la sécurité des systèmes d'information se tiennent à Monaco (Grimaldi Forum) du 9 au 12 octobre 2019. Organisées par DG Consultants.

BLOCKCHAIN

Conférence et exposition sur les applications d'entreprise de la blockchain à Paris, cité universitaire internationale, les 13 et 14 novembre 2019. Organisés par Corp Agency.

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS