dimanche 21 avril 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Kofax Front Office Server 4.1.1.11.0.5212 Administration Console upload file XML External Entity

A vulnerability classified as critical was found in Kofax Front Office Server 4.1.1.11.0.5212. This vulnerability affects the functionality of the file Kofax/KFS/Admin/PackageService/package/upload of the component Administration Console. The...
Auteur: VulDB

Kofax Front Office Server 4.1.1.11.0.5212 Administration Console Cleartext information disclosure

A vulnerability was found in Kofax Front Office Server 4.1.1.11.0.5212. It has been rated as problematic. Affected by this issue is some processing of the component Administration Console. The manipulation with an unknown input leads to a...
Auteur: VulDB

PrinterOn Enterprise 4.1.4 Administration Page cross site request forgery

A vulnerability was found in PrinterOn Enterprise 4.1.4 (Printing Software). It has been declared as problematic. Affected by this vulnerability is a code block of the component Administration Page. The manipulation with an unknown input leads...
Auteur: VulDB

Pacemaker up to 2.0.0 Client-Server Authentication privilege escalation

A vulnerability was found in Pacemaker up to 2.0.0 and classified as critical. This issue affects a part of the component Client-Server Authentication. The manipulation with an unknown input leads to a privilege escalation vulnerability. Using...
Auteur: VulDB

Kofax Front Office Server 4.1.1.11.0.5212 Administration Console Filename cross site scripting

A vulnerability classified as problematic has been found in Kofax Front Office Server 4.1.1.11.0.5212. This affects an unknown function of the file /Kofax/KFS/ThinClient/document/upload/ of the component Administration Console. The manipulation ...
Auteur: VulDB

Pacemaker up to 2.0.1 Verification denial of service

A vulnerability was found in Pacemaker up to 2.0.1. It has been classified as problematic. Affected is code of the component Verification Handler. The manipulation with an unknown input leads to a denial of service vulnerability. CWE is...
Auteur: VulDB

Atlassian Confluence Server/Data Center up to 6.15.1 downloadallattachments directory traversal

A vulnerability was found in Atlassian Confluence Server and Data Center up to 6.15.1. It has been classified as critical. This affects code of the file downloadallattachments. The manipulation with an unknown input leads to a directory...
Auteur: VulDB

MKCMS 5.0 ucenter/repass.php privilege escalation

A vulnerability was found in MKCMS 5.0 and classified as critical. Affected by this issue is a part of the file ucenter/repass.php. The manipulation with an unknown input leads to a privilege escalation vulnerability. Using CWE to declare the...
Auteur: VulDB

ntp Port unknown vulnerability [CVE-2019-11331]

A vulnerability has been found in ntp and classified as critical. Affected by this vulnerability is a functionality of the component Port Handler. The impact remains unknown. The summary by CVE is:Network Time Protocol (NTP), as specified in RFC...
Auteur: VulDB

urllib3 up to 1.24.1 on Python CA Certificate ssl_context/ca_certs/ca_certs_dir weak authentication

A vulnerability, which was classified as critical, was found in urllib3 up to 1.24.1 on Python. Affected is a function of the component CA Certificate Handler. The manipulation of the argument ssl_context/ca_certs/ca_certs_dir with an unknown...
Auteur: VulDB

Motorola CX2/M2 1.01 HNAP startRmtAssist JSON Remote Code Execution

A vulnerability, which was classified as critical, has been found in Motorola CX2 and M2 1.01. This issue affects the function startRmtAssist of the component HNAP. The manipulation as part of a JSON leads to a privilege escalation vulnerability...
Auteur: VulDB

Motorola CX2/M2 1.01 Service Port 8010 HNAP Request information disclosure

A vulnerability classified as problematic was found in Motorola CX2 and M2 1.01. This vulnerability affects the functionality of the component Service Port 8010. The manipulation as part of a HNAP Request leads to a information disclosure...
Auteur: VulDB

Motorola CX2/M2 1.01 Web Page /priv_mgt.html privilege escalation

A vulnerability classified as critical has been found in Motorola CX2 and M2 1.01. This affects an unknown function of the file /priv_mgt.html of the component Web Page. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

Motorola CX2/M2 1.01 HNAP downloadFirmware JSON Code Execution

A vulnerability was found in Motorola CX2 and M2 1.01. It has been rated as critical. Affected by this issue is the function downloadFirmware of the component HNAP. The manipulation as part of a JSON leads to a privilege escalation vulnerability...
Auteur: VulDB

SupportCandy Plugin up to 2.0.0 on WordPress File Upload privilege escalation

A vulnerability was found in SupportCandy Plugin up to 2.0.0 on WordPress (Plugin Software). It has been declared as critical. Affected by this vulnerability is a code block of the component File Upload. The manipulation with an unknown input...
Auteur: VulDB

GAuth 0.9.9 PopUp Stored cross site scripting

A vulnerability was found in GAuth 0.9.9. It has been classified as problematic. Affected is code of the component PopUp Handler. The manipulation with an unknown input leads to a cross site scripting vulnerability (Stored). CWE is classifying...
Auteur: VulDB

PHP up to 7.1.7/7.2.16/7.3.3 EXIF Extension exif_iif_add_value memory corruption

A vulnerability was found in PHP up to 7.1.7/7.2.16/7.3.3 (Programming Language Software) and classified as critical. This issue affects the function exif_iif_add_value of the component EXIF Extension. The manipulation with an unknown input...
Auteur: VulDB

PHP up to 7.1.7/7.2.16/7.3.3 EXIF Extension exif_process_IFD_TAG memory corruption

A vulnerability has been found in PHP up to 7.1.7/7.2.16/7.3.3 (Programming Language Software) and classified as critical. This vulnerability affects the function exif_process_IFD_TAG of the component EXIF Extension. The manipulation with an...
Auteur: VulDB

D-Link DI-524 V2.06RU Web COnfiguration /spap.htm Parameter cross site scripting

A vulnerability, which was classified as problematic, was found in D-Link DI-524 V2.06RU. This affects a function of the file /spap.htm of the component Web COnfiguration. The manipulation as part of a Parameter leads to a cross site scripting...
Auteur: VulDB

MIUI OS 10.1.3.0 Lockscreen privilege escalation

A vulnerability, which was classified as critical, has been found in MIUI OS 10.1.3.0. Affected by this issue is some functionality of the component Lockscreen. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

CentOS-WebPanel.com CentOS Web Panel 0.9.8.793 CWP Settings Page Persistent cross site scripting

A vulnerability classified as problematic was found in CentOS-WebPanel.com CentOS Web Panel 0.9.8.793. Affected by this vulnerability is the functionality of the component CWP Settings Page. The manipulation with an unknown input leads to a...
Auteur: VulDB

ontrack Plugin up to 3.4 on Jenkins Sandbox Code Execution

A vulnerability classified as critical has been found in ontrack Plugin up to 3.4 on Jenkins (Plugin Software). Affected is an unknown function of the component Sandbox. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

XebiaLabs XL Deploy Plugin on Jenkins Permission Check privilege escalation

A vulnerability was found in XebiaLabs XL Deploy Plugin on Jenkins (Plugin Software). It has been rated as critical. This issue affects some processing of the component Permission Check. The manipulation with an unknown input leads to a...
Auteur: VulDB

XebiaLabs XL Deploy Plugin on Jenkins cross site request forgery

A vulnerability was found in XebiaLabs XL Deploy Plugin on Jenkins (Plugin Software). It has been declared as problematic. This vulnerability affects a code block. The manipulation with an unknown input leads to a cross site request forgery...
Auteur: VulDB

Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Remote Code Execution

A vulnerability has been found in Sangfor Sundray WLAN Controller up to 3.7.4.2 (Wireless LAN Software) and classified as critical. This vulnerability affects a functionality of the file nginx_webconsole.php of the component Cookie Header...
Auteur: VulDB
12345678910Last

Événements SSI

READY FOR IT

La première édition de Ready For IT se déroule du 20 au 22 mai 2019 à Monaco (Grimaldi Forum) : conférences, keynotes, ateliers et rendez-vous one-to-one. Organisé par DG Consultants.

Présentation de l'événement par l'organisateur

DG Consultants, l’organisateur depuis 18 ans des Assises de la Sécurité, innove en lançant Ready For It, un nouveau rendez-vous business, centré sur la convergence des technologies et l’expérience client.
Pourquoi ce nouvel événement ?
Parce que la demande explose de la part des entreprises qui sont toutes engagées dans la transformation numérique.
Tandis que les fournisseurs font évoluer leurs offres et s’organisent en écosystèmes technologiques afin d’ être au plus proches des besoins de leurs clients.
Entre les impératifs business, les demandes des métiers, les contraintes techniques, les promesses des nouveaux concepts (IA, BlockChain…), les organisations sont en attente de solutions, de conseils et de service.
S’engager dans le Cloud ?
Oui mais comment et avec quel partenaire ?
Structurer les données mais avec quelles technologies et dans quel cadre ? Et quid de la sécurité qui doit désormais être au cœur de tous les processus IT ?
Voilà pourquoi DG Consultants, la référence dans le monde des rencontres d’affaires a conçu Ready For It.
Pour réunir dans un cadre convivial et autour de contenu de qualité tous les acteurs importants de l’IT, mais également les start-ups qui savent apporter l’innovation et la « disruption ».
Rendez-vous du 20 au 22 mai 2019 à Monaco !

Plus d'infos sur le site dédié à l'événement.

 

HACK IN PARIS

Pour sa 9ème édition la conférence Hack In Paris sur la sécurité IT se tient du 16 au 20 juin 2019 à Paris, Maison de la Chimie. Organisée par Sysdream.

RSS