vendredi 20 septembre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

SPIP up to 3.1.10/3.2.4 Password Reminder Email information disclosure

A vulnerability was found in SPIP up to 3.1.10/3.2.4 (Content Management System). It has been rated as problematic. Affected by this issue is some unknown functionality of the component Password Reminder Handler. Upgrading to version 3.1.11 or...
Auteur: VulDB

Micro Focus Service Manager up to 9.62 Deserialization unknown vulnerability

A vulnerability was found in Micro Focus Service Manager up to 9.62. It has been classified as critical. This affects an unknown code block of the component Deserialization. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Micro Focus Service Manager up to 9.62 information disclosure

A vulnerability was found in Micro Focus Service Manager up to 9.62 and classified as problematic. Affected by this issue is an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

APC UPS Network Management Card 2 AOS 6.5.6 Remote Monitoring Credentials information disclosure

A vulnerability has been found in APC UPS Network Management Card 2 AOS 6.5.6 and classified as problematic. Affected by this vulnerability is an unknown part of the component Remote Monitoring. There is no information about possible...
Auteur: VulDB

Asuswrt-Merlin 384.6 UDP wanduck.c parse_req_queries Long String memory corruption

A vulnerability, which was classified as critical, was found in Asuswrt-Merlin 384.6. Affected is the function parse_req_queries of the file wanduck.c of the component UDP Handler. There is no information about possible countermeasures known. It...
Auteur: VulDB

Adopter les six bons réflexes

Ces 6 réflexes reprennent des notions ou principes qui peuvent vous être utiles pour sensibiliser les agents au sein de votre collectivité.
Auteur: Cnil

Collectivités territoriales : la CNIL publie un guide de sensibilisation au RGPD

Afin d’accompagner les collectivités territoriales dans leur mise en conformité au RGPD, la CNIL a élaboré un guide de sensibilisation disponible sur son site web.
Auteur: Cnil

Adopter les six bons réflexes dans sa collectivité

Ces 6 réflexes reprennent des notions ou principes qui peuvent vous être utiles pour sensibiliser les agents au sein de votre collectivité.
Auteur: Cnil

3S-Smart CODESYS V3 up to 3.5.12.30 privilege escalation

A vulnerability, which was classified as critical, has been found in 3S-Smart CODESYS V3 up to 3.5.12.30. This issue affects an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

OpenDMARC up to 1.3.2/1.4.0-Beta1 Signature weak authentication

A vulnerability classified as critical was found in OpenDMARC up to 1.3.2/1.4.0-Beta1. This vulnerability affects an unknown function of the component Signature Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

OpenConnect up to 8.04 process_http_response memory corruption

A vulnerability classified as critical has been found in OpenConnect up to 8.04. This affects the function process_http_response. Upgrading to version 8.05 eliminates this vulnerability.
Auteur: VulDB

GitLab Community Edition/Enterprise Edition up to 12.2.1 Internal Endpoint information disclosure

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 12.2.1 (Bug Tracking Software). It has been rated as problematic. Affected by this issue is an unknown code block of the component Internal Endpoint. There is no...
Auteur: VulDB

Code42 Enterprise up to 6.7.5/6.8.8/7.0.0 File Upload Remote Code Execution

A vulnerability was found in Code42 Enterprise up to 6.7.5/6.8.8/7.0.0. It has been declared as critical. Affected by this vulnerability is an unknown code of the component File Upload. There is no information about possible countermeasures...
Auteur: VulDB

HRworks 1.16.1 Login URL Reflected cross site scripting

A vulnerability was found in HRworks 1.16.1. It has been classified as problematic. Affected is an unknown part of the component Login. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

ScoreMe Theme up to 2016-04-01 on WordPress cross site scripting

A vulnerability was found in ScoreMe Theme up to 2016-04-01 on WordPress and classified as problematic. This issue affects some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

music-store Plugin up to 1.0.42 on WordPress admin.php from_year cross site scripting

A vulnerability has been found in music-store Plugin up to 1.0.42 on WordPress and classified as problematic. This vulnerability affects an unknown functionality of the file wp-admin/admin.php?page=music-store-menu-reports. Upgrading to version...
Auteur: VulDB

imdb-widget Plugin up to 1.0.8 on WordPress Local File Inclusion privilege escalation

A vulnerability, which was classified as critical, was found in imdb-widget Plugin up to 1.0.8 on WordPress. This affects an unknown function. Upgrading to version 1.0.9 eliminates this vulnerability.
Auteur: VulDB

wp-cerber Plugin up to 2.6 on WordPress HTTP Header X-Forwarded-For cross site scripting

A vulnerability, which was classified as problematic, has been found in wp-cerber Plugin up to 2.6 on WordPress. Affected by this issue is some unknown processing of the component HTTP Header Handler. Upgrading to version 2.7 eliminates this...
Auteur: VulDB

leenkme Plugin up to 2.5.x on WordPress admin.php cross site request forgery

A vulnerability classified as problematic was found in leenkme Plugin up to 2.5.x on WordPress. Affected by this vulnerability is an unknown code block of the file wp-admin/admin.php?page=leenkme_facebook. Upgrading to version 2.6.0 eliminates...
Auteur: VulDB

leenkme Plugin up to 2.5.x on WordPress Stored cross site scripting

A vulnerability classified as problematic has been found in leenkme Plugin up to 2.5.x on WordPress. Affected is an unknown code. Upgrading to version 2.6.0 eliminates this vulnerability.
Auteur: VulDB

persian-woocommerce-sms Plugin up to 3.3.3 on WordPress ps_sms_numbers cross site scripting

A vulnerability was found in persian-woocommerce-sms Plugin up to 3.3.3 on WordPress. It has been rated as problematic. This issue affects an unknown part. Upgrading to version 3.3.4 eliminates this vulnerability.
Auteur: VulDB

tweet-wheel Plugin up to 1.0.3.2 on WordPress cross site scripting

A vulnerability was found in tweet-wheel Plugin up to 1.0.3.2 on WordPress. It has been declared as problematic. This vulnerability affects some unknown functionality. Upgrading to version 1.0.3.3 eliminates this vulnerability.
Auteur: VulDB

echosign Plugin up to 1.1 on WordPress add_templates.php id cross site scripting

A vulnerability was found in echosign Plugin up to 1.1 on WordPress. It has been classified as problematic. This affects an unknown functionality of the file templates/add_templates.php. Upgrading to version 1.2 eliminates this vulnerability.
Auteur: VulDB

echosign Plugin up to 1.1 on WordPress inc.php page cross site scripting

A vulnerability was found in echosign Plugin up to 1.1 on WordPress and classified as problematic. Affected by this issue is an unknown function of the file inc.php. Upgrading to version 1.2 eliminates this vulnerability.
Auteur: VulDB

ghost Plugin up to 0.5.5 on WordPress Access Control tools.php privilege escalation

A vulnerability has been found in ghost Plugin up to 0.5.5 on WordPress and classified as critical. Affected by this vulnerability is some unknown processing of the file wp-admin/tools.php?ghostexport=true of the component Access Control....
Auteur: VulDB
12345678910Last

Événements SSI

LES ASSISES

Grand rendez-vous annuel des RSSI, les Assises de la sécurité des systèmes d'information se tiennent à Monaco (Grimaldi Forum) du 9 au 12 octobre 2019. Organisées par DG Consultants.

BLOCKCHAIN

Conférence et exposition sur les applications d'entreprise de la blockchain à Paris, cité universitaire internationale, les 13 et 14 novembre 2019. Organisés par Corp Agency.

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS