jeudi 20 juin 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Openfind Mail2000 V6 WebMail cross site scripting

A vulnerability, which was classified as problematic, has been found in Openfind Mail2000 V6. This issue affects an unknown function of the component WebMail. The manipulation with an unknown input leads to a cross site scripting vulnerability....
Auteur: VulDB

DLP up to 15.5 MP1 cross site scripting [CVE-2019-9701]

A vulnerability classified as problematic was found in DLP up to 15.5 MP1 (Data Loss Prevention Software). This vulnerability affects some unknown processing. The manipulation with an unknown input leads to a cross site scripting vulnerability....
Auteur: VulDB

TP-LINK TL-WR1043ND V2 Cookie Credentials weak encryption

A vulnerability classified as problematic has been found in TP-LINK TL-WR1043ND V2 (Router Operating System) (the affected version unknown). This affects an unknown code block of the component Cookie Handler. The manipulation with an unknown...
Auteur: VulDB

TP-LINK WR1043ND V2 Management Web Interface Authentication Packet weak authentication

A vulnerability was found in TP-LINK WR1043ND V2 (affected version not known). It has been rated as critical. Affected by this issue is an unknown code of the component Management Web Interface. The manipulation as part of a Authentication...
Auteur: VulDB

Corel PaintShop Pro 2019 21.0.0.119 jp2 Parser Integer Overflow memory corruption

A vulnerability was found in Corel PaintShop Pro 2019 21.0.0.119. It has been declared as critical. Affected by this vulnerability is an unknown part of the component jp2 Parser. The manipulation with an unknown input leads to a memory...
Auteur: VulDB

IBM Spectrum Protect Plus 10.1.2 Joblog Password information disclosure

A vulnerability was found in IBM Spectrum Protect Plus 10.1.2 (Backup Software). It has been classified as problematic. Affected is some unknown functionality of the component Joblog. The manipulation with an unknown input leads to a information...
Auteur: VulDB

IBM Campaign 9.1.2/10.1 Request directory traversal

A vulnerability was found in IBM Campaign 9.1.2/10.1 and classified as critical. This issue affects an unknown functionality. The manipulation with the input value /../ leads to a directory traversal vulnerability. Using CWE to declare the...
Auteur: VulDB

IBM Maximo Asset Management 7.6 CSV Command privilege escalation

A vulnerability has been found in IBM Maximo Asset Management 7.6 (Asset Management Software) and classified as critical. This vulnerability affects an unknown function of the component CSV Handler. The manipulation as part of a Command leads to...
Auteur: VulDB

IBM Maximo Asset Management 7.6 Web UI cross site scripting

A vulnerability, which was classified as problematic, was found in IBM Maximo Asset Management 7.6 (Asset Management Software). This affects some unknown processing of the component Web UI. The manipulation with an unknown input leads to a cross...
Auteur: VulDB

RedwoodHQ 2.5.5 Database weak authentication

A vulnerability, which was classified as critical, has been found in RedwoodHQ 2.5.5. Affected by this issue is an unknown code block of the component Database Handler. The manipulation with an unknown input leads to a weak authentication...
Auteur: VulDB

FasterXML jackson-databind up to 2.9.9 Default Typing JSON Message File information disclosure

A vulnerability classified as problematic was found in FasterXML jackson-databind up to 2.9.9. Affected by this vulnerability is an unknown code of the component Default Typing. The manipulation as part of a JSON Message leads to a information...
Auteur: VulDB

OnApp up to 5.0.0-87/5.5.0-92/6.0.0-195 privilege escalation

A vulnerability classified as critical has been found in OnApp up to 5.0.0-87/5.5.0-92/6.0.0-195. Affected is an unknown part. The manipulation with an unknown input leads to a privilege escalation vulnerability. CWE is classifying the issue as...
Auteur: VulDB

Micro Focus Fortify Software Security Center 18.1/18.2 Code Execution cross site scripting

A vulnerability was found in Micro Focus Fortify Software Security Center 18.1/18.2. It has been rated as problematic. This issue affects some unknown functionality. The manipulation with an unknown input leads to a cross site scripting...
Auteur: VulDB

Excellent Infotech BiYan up to 2.8 check_user_login_info.aspx information disclosure

A vulnerability was found in Excellent Infotech BiYan up to 2.8. It has been declared as problematic. This vulnerability affects an unknown functionality of the file auth/main/asp/check_user_login_info.aspx. The manipulation with an unknown...
Auteur: VulDB

Excellent Infotech BiYan up to 2.8 query_user.asp EMP_NO information disclosure

A vulnerability was found in Excellent Infotech BiYan up to 2.8. It has been classified as problematic. This affects an unknown function of the file kws_login/asp/query_user.asp. The manipulation of the argument EMP_NO with an unknown input...
Auteur: VulDB

Zucchetti HR Portal /WEB-INF/classes/*.class directory traversal

A vulnerability was found in Zucchetti HR Portal (affected version not known) and classified as critical. Affected by this issue is some unknown processing of the file /WEB-INF/classes/*.class. The manipulation with an unknown input leads to a...
Auteur: VulDB

Teltonika RTU950 R_31.04.89 Session Flooding denial of service

A vulnerability has been found in Teltonika RTU950 R_31.04.89 and classified as problematic. Affected by this vulnerability is an unknown code block of the component Session Handler. The manipulation with an unknown input leads to a denial of...
Auteur: VulDB

ISC Releases BIND Security Updates

Original release date: June 19, 2019 The Internet Systems Consortium (ISC) has released updates that address a vulnerability in versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to...
Auteur: US Cert

NGA ResourceLink 20.0.2.1 Local File Inclusion privilege escalation

A vulnerability, which was classified as critical, was found in NGA ResourceLink 20.0.2.1. Affected is an unknown code. The manipulation with an unknown input leads to a privilege escalation vulnerability (Local File Inclusion). CWE is...
Auteur: VulDB

Open Faculty Evaluation System 7 on PHP7 submit_feedback.php sql injection

A vulnerability, which was classified as critical, has been found in Open Faculty Evaluation System 7 on PHP7. This issue affects an unknown part of the file submit_feedback.php. The manipulation with an unknown input leads to a sql injection...
Auteur: VulDB

Open Faculty Evaluation System 5.6 on PHP5 submit_feedback.php sql injection

A vulnerability classified as critical was found in Open Faculty Evaluation System 5.6 on PHP5. This vulnerability affects some unknown functionality of the file submit_feedback.php. The manipulation with an unknown input leads to a sql...
Auteur: VulDB

Western Digital WD My Book Live language_configuration language privilege escalation

A vulnerability classified as critical has been found in Western Digital WD My Book Live (the affected version unknown). This affects an unknown functionality of the file /api/1.0/rest/language_configuration. The manipulation of the argument...
Auteur: VulDB

Axentra Firmware XML Data xml XML External Entity

A vulnerability was found in Axentra Firmware (Firmware Software). It has been rated as critical. Affected by this issue is an unknown function of the file /api/2.0/rest/aggregator/xml of the component XML Data Handler. The manipulation with an...
Auteur: VulDB

Primeo doAirdrop Smart Contract privilege escalation

A vulnerability was found in Primeo (affected version unknown). It has been declared as critical. Affected by this vulnerability is the function doAirdrop. The manipulation as part of a Smart Contract leads to a privilege escalation...
Auteur: VulDB

Tufin SecureTrack 18.1 XML Data XML External Entity

A vulnerability was found in Tufin SecureTrack 18.1. It has been classified as critical. Affected is an unknown code block of the component XML Data Handler. The manipulation with an unknown input leads to a privilege escalation vulnerability...
Auteur: VulDB
12345678910Last

Événements SSI

HACK IN PARIS

Pour sa 9ème édition la conférence Hack In Paris sur la sécurité IT se tient du 16 au 20 juin 2019 à Paris, Maison de la Chimie. Organisée par Sysdream.

LES ASSISES

Grand rendez-vous annuel des RSSI, les Assises de la sécurité des systèmes d'information se tiennent à Monaco (Grimaldi Forum) du 9 au 12 octobre 2019. Organisées par DG Consultants.

Présentation par l'organisateur



Retour sur Les Assises 2018

La 18ème édition des Assises de la Sécurité à Monaco, c’est terminé ! Encore merci aux 2800 participants dont les 160 partenaires qui pendant trois jours se sont retrouvés pour faire vivre cet événement unique en France. Conférences, one-to-one, tables-rondes, ateliers, moments de networking… Par leur contenu, par la qualité des visiteurs et par la richesse des échanges, les Assises se positionnent plus que jamais comme le rendez-vous incontournable de tous les professionnels de la cybersécurité. A l’image du marché qui ne cesse d’évoluer, les Assises savent adapter leur offre afin de répondre au mieux aux attentes du secteur. Ainsi cette édition a-t-elle voulu mettre en avant les grands enjeux du moment en multipliant les prises de parole, les démonstrations et les retours d’expérience.

Rendez-vous maintenant pour la prochaine édition qui aura lieu du 9 au 12 octobre 2019

Plus d'informations sur le site dédié à l'événement.

RSS