vendredi 24 mai 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Open-Xchange OX App Suite up to 7.8.3 Access Control privilege escalation

A vulnerability classified as critical was found in Open-Xchange OX App Suite up to 7.8.3. This vulnerability affects the functionality of the component Access Control. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

Privacy Awareness Week

Original release date: May 22, 2019 The Federal Trade Commission (FTC) has released an announcement promoting Privacy Awareness Week (PAW). PAW is an annual event fostering awareness of privacy issues and the importance of protecting...
Auteur: US Cert

1 an de RGPD : une prise de conscience inédite

Le RGPD, entré en application il y a un an, a créé une dynamique remarquable pour les particuliers et les professionnels. La CNIL a reçu un nombre record de plaintes et elle développe de nouveaux outils de conformité pour garantir à tous la...
Auteur: Cnil

Nagios XI 5.6.1 login.php username sql injection

A vulnerability classified as critical has been found in Nagios XI 5.6.1 (Log Management Software). This affects an unknown function of the file login.php?forgotpass. The manipulation of the argument username as part of a Parameter leads to a...
Auteur: VulDB

Blogifier up to 2.3 API privilege escalation

A vulnerability was found in Blogifier up to 2.3 (Blog Software). It has been rated as critical. Affected by this issue is some processing of the component API. The manipulation with the input value .. leads to a privilege escalation...
Auteur: VulDB

QEMU 3.0.0 qga/commands*.c Environment Variable memory corruption

A vulnerability was found in QEMU 3.0.0 (Virtualization Software). It has been declared as critical. Affected by this vulnerability is a code block of the file qga/commands*.c. The manipulation as part of a Environment Variable leads to a memory...
Auteur: VulDB

Kentico 11/12 tabs_media.aspx privilege escalation

A vulnerability was found in Kentico 11/12. It has been classified as critical. Affected is code of the file cmsmodules/medialibrary/formcontrols/liveselectors/insertimageormedia/tabs_media.aspx. The manipulation with an unknown input leads to a...
Auteur: VulDB

LemonLDAP::NG 2.0.3 Access Control privilege escalation

A vulnerability was found in LemonLDAP::NG 2.0.3 (Directory Service Software) and classified as critical. This issue affects a part of the component Access Control. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

Citrix Netscaler Gateway/Application Delivery Controller up to 10.5/11.1.59/12.0.59/12.1.49 memory corruption

A vulnerability has been found in Citrix Netscaler Gateway and Application Delivery Controller up to 10.5/11.1.59/12.0.59/12.1.49 and classified as critical. This vulnerability affects a functionality. The manipulation with an unknown input...
Auteur: VulDB

Commsy up to 8.6.5 cid sql injection

A vulnerability, which was classified as critical, was found in Commsy up to 8.6.5. This affects a function. The manipulation of the argument cid as part of a Parameter leads to a sql injection vulnerability. CWE is classifying the issue as...
Auteur: VulDB

Google Go 2019-03-25 Crypto Library clearsign.go spoofing

A vulnerability, which was classified as critical, has been found in Google Go 2019-03-25 (Programming Language Software). Affected by this issue is some functionality of the file crypto/openpgp/clearsign/clearsign.go of the component Crypto...
Auteur: VulDB

Citrix Workspace App prior 1904 on Windows Access Control privilege escalation

A vulnerability classified as critical was found in Citrix Workspace App on Windows (Connectivity Software). Affected by this vulnerability is the functionality of the component Access Control. The manipulation with an unknown input leads to a...
Auteur: VulDB

IBM API Connect 5.0.0.0/5.0.8.6 CMC UI Header information disclosure

A vulnerability classified as problematic has been found in IBM API Connect 5.0.0.0/5.0.8.6. Affected is an unknown function of the component CMC UI Header Handler. The manipulation with an unknown input leads to a information disclosure...
Auteur: VulDB

Hazelcast up to 3.10 Cluster Join Request Code Execution

A vulnerability was found in Hazelcast up to 3.10. It has been rated as critical. This issue affects some processing of the component Cluster Join Handler. The manipulation as part of a Request leads to a privilege escalation vulnerability (Code...
Auteur: VulDB

VU#119704: Microsoft Windows Task Scheduler SetJobFileSecurityByName privilege escalation vulnerability

Task Scheduler is a set of Microsoft Windows components that allows for the execution of scheduled tasks. The front-end components of Task Scheduler,such as schtasks.exe,are interfaces that allow for users to view,create,and modify scheduled...
Auteur: US Cert

Open Ticket Request System up to 5.0.34/6.0.17/7.0.6 Report directory traversal

A vulnerability was found in Open Ticket Request System up to 5.0.34/6.0.17/7.0.6. It has been declared as critical. This vulnerability affects a code block of the component Report Handler. The manipulation with an unknown input leads to a...
Auteur: VulDB

Open Ticket Request System URL cross site scripting [CVE-2019-10067]

A vulnerability was found in Open Ticket Request System (the affected version unknown). It has been classified as problematic. This affects code of the component URL Handler. The manipulation with an unknown input leads to a cross site scripting...
Auteur: VulDB

Agent Appointment cross site scripting

A vulnerability was found in Open Ticket Request System and OTRSAppointmentCalendar (affected version not known) and classified as problematic. Affected by this issue is a part of the component Agent Handler. The manipulation as part of a...
Auteur: VulDB

CERTFR-2019-AVI-236 : Multiples vulnérabilités dans Mozilla Firefox (22 mai 2019)

De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et un contournement de la politique de...
Auteur: Cert FR

WSO2 API Manager 2.6.0 File Upload privilege escalation

A vulnerability has been found in WSO2 API Manager 2.6.0 and classified as critical. Affected by this vulnerability is a functionality of the component File Upload. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

Opentext Brava! Enterprise/Brava! Server up to 16.4 on Windows Permission Cache File privilege escalation

A vulnerability, which was classified as critical, was found in Opentext Brava! Enterprise and Brava! Server up to 16.4 on Windows. Affected is a function of the component Permission. The manipulation as part of a Cache File leads to a privilege...
Auteur: VulDB

Enigmail up to 2.0.10 PGP Signature Message spoofing

A vulnerability, which was classified as critical, has been found in Enigmail up to 2.0.10. This issue affects some functionality of the component PGP Signature Handler. The manipulation as part of a Message leads to a spoofing vulnerability....
Auteur: VulDB

Zoho ManageEngine ServiceDesk Plus up to 10.5 SDNotify.do String privilege escalation

A vulnerability classified as critical was found in Zoho ManageEngine ServiceDesk Plus up to 10.5. This vulnerability affects the functionality of the file SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id. The manipulation as...
Auteur: VulDB

CentOS-WebPanel.com CentOS Web Panel up to 0.9.8.747 fm_current_dir/filename cross site scripting

A vulnerability classified as problematic has been found in CentOS-WebPanel.com CentOS Web Panel up to 0.9.8.747. This affects an unknown function of the file CentOS-WebPanel.com. The manipulation of the argument fm_current_dir/filename as part...
Auteur: VulDB

Zoho ManageEngine ServiceDesk Plus 9.3 SearchN.do search cross site scripting

A vulnerability was found in Zoho ManageEngine ServiceDesk Plus 9.3. It has been rated as problematic. Affected by this issue is some processing of the file SearchN.do. The manipulation of the argument search with an unknown input leads to a...
Auteur: VulDB
12345678910Last

Événements SSI

HACK IN PARIS

Pour sa 9ème édition la conférence Hack In Paris sur la sécurité IT se tient du 16 au 20 juin 2019 à Paris, Maison de la Chimie. Organisée par Sysdream.

RSS