lundi 14 octobre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

history-collection Plugin up to 1.1.1 on WordPress download.php var directory traversal

A vulnerability classified as critical has been found in history-collection Plugin up to 1.1.1 on WordPress (WordPress Plugin). Affected is an unknown code block of the file download.php. There is no information about possible countermeasures...
Auteur: VulDB

content-grabber Plugin 1.0 on WordPress obj_field_name/obj_field_id cross site scripting

A vulnerability was found in content-grabber Plugin 1.0 on WordPress (WordPress Plugin). It has been rated as problematic. This issue affects an unknown code. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

broken-link-manager Plugin 0.4.5 on WordPress delURL page cross site scripting

A vulnerability was found in broken-link-manager Plugin 0.4.5 on WordPress (WordPress Plugin). It has been declared as problematic. This vulnerability affects the function delURL. There is no information about possible countermeasures known. It...
Auteur: VulDB

broken-link-manager Plugin up to 0.4.x on WordPress wpslDelURL/wpslEditURL url sql injection

A vulnerability was found in broken-link-manager Plugin up to 0.4.x on WordPress (WordPress Plugin). It has been classified as critical. This affects the function wpslDelURL/wpslEditURL. Upgrading to version 0.5.0 eliminates this vulnerability.
Auteur: VulDB

wti-like-post Plugin up to 1.4.2 on WordPress WtiLikePostProcessVote Variable sql injection

A vulnerability was found in wti-like-post Plugin up to 1.4.2 on WordPress and classified as critical. Affected by this issue is the function WtiLikePostProcessVote. Upgrading to version 1.4.3 eliminates this vulnerability.
Auteur: VulDB

yet-another-stars-rating Plugin up to 0.9.0 on WordPress yasr_get_multi_set_values_and_field set_id sql injection

A vulnerability has been found in yet-another-stars-rating Plugin up to 0.9.0 on WordPress and classified as critical. Affected by this vulnerability is the function yasr_get_multi_set_values_and_field. Upgrading to version 0.9.1 eliminates this...
Auteur: VulDB

0.7 downloader.php path directory traversal

A vulnerability, which was classified as critical, was found in s3bubble-amazon-s3-html-5-video-with-adverts Plugin 0.7. Affected is some unknown processing of the file adverts/assets/plugins/ultimate/content/downloader.php. There is no...
Auteur: VulDB

s3bubble-amazon-s3-audio-streaming Plugin 2.0 on WordPress downloader.php path directory traversal

A vulnerability, which was classified as critical, has been found in s3bubble-amazon-s3-audio-streaming Plugin 2.0 on WordPress. This issue affects an unknown code block of the file adverts/assets/plugins/ultimate/content/downloader.php. There is...
Auteur: VulDB

Portfolio Plugin up to 1.8 on WordPress afp_get_new_category_page cat_id sql injection

A vulnerability classified as critical was found in Portfolio Plugin up to 1.8 on WordPress. This vulnerability affects the function afp_get_new_category_page of the component Plugin. Upgrading to version 1.9 eliminates this vulnerability.
Auteur: VulDB

Portfolio Plugin up to 1.8 on WordPress afp_get_new_portfolio_item_page item_id sql injection

A vulnerability classified as critical has been found in Portfolio Plugin up to 1.8 on WordPress. This affects the function afp_get_new_portfolio_item_page. Upgrading to version 1.9 eliminates this vulnerability.
Auteur: VulDB

booking-system Plugin up to 2.0 on WordPress display language sql injection

A vulnerability was found in booking-system Plugin up to 2.0 on WordPress. It has been rated as critical. Affected by this issue is the function DOPBSPBackEndTranslation::display. Upgrading to version 2.1 eliminates this vulnerability.
Auteur: VulDB

searchterms-tagging-2 Plugin up to 1.535 on WordPress options-general.php count cross site scripting

A vulnerability was found in searchterms-tagging-2 Plugin up to 1.535 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file wp-admin/options-general.php. There is no information...
Auteur: VulDB

searchterms-tagging-2 Plugin up to 1.535 on WordPress pk_stt2_db_get_popular_terms count cross site request forgery

A vulnerability was found in searchterms-tagging-2 Plugin up to 1.535 on WordPress. It has been classified as problematic. Affected is the function pk_stt2_db_get_popular_terms. There is no information about possible countermeasures known. It may...
Auteur: VulDB

pretty-link Plugin up to 1.6.7 on WordPress list_links group sql injection

A vulnerability was found in pretty-link Plugin up to 1.6.7 on WordPress and classified as critical. This issue affects the function PrliLinksController::list_links. Upgrading to version 1.6.8 eliminates this vulnerability.
Auteur: VulDB

FBI Releases Article on Defending Against Phishing and Spearphishing Attacks

Original release date: October 10, 2019In recognition of National Cybersecurity Awareness Month (NCSAM), the Federal Bureau of Investigation (FBI) has released an article to raise awareness of phishing and spearphishing. The article provides...
Auteur: US Cert

ACSC Releases Small Business Cybersecurity Guide

Original release date: October 10, 2019The Australian Cyber Security Centre (ACSC) has released a cybersecurity guide for small businesses. The guide provides checklists to help small business protect themselves against common cybersecurity...
Auteur: US Cert

Juniper Networks Releases Security Updates

Original release date: October 10, 2019Juniper Networks has released security updates to address multiple vulnerabilities in various Juniper products. A remote attacker could exploit some of these vulnerabilities to take control of an affected...
Auteur: US Cert

CERTFR-2019-AVI-500 : Multiples vulnérabilités dans les produits Juniper (10 octobre 2019)

De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité...
Auteur: Cert FR

Redmine up to 3.4.10/4.0.3 Textile Persistent cross site scripting

A vulnerability has been found in Redmine up to 3.4.10/4.0.3 (Project Management Software) and classified as problematic. This vulnerability affects an unknown code block of the component Textile Handler. Upgrading to version 3.4.11 or 4.0.4...
Auteur: VulDB

Automattic Mongoose up to 5.7.4 Access Control privilege escalation

A vulnerability, which was classified as critical, was found in Automattic Mongoose up to 5.7.4. This affects an unknown code of the component Access Control. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

OISF libhtp up to 0.5.30 HTTP Protocol Parser Bypass privilege escalation

A vulnerability, which was classified as critical, has been found in OISF libhtp up to 0.5.30. Affected by this issue is an unknown part of the component HTTP Protocol Parser. Upgrading to version 0.5.31 eliminates this vulnerability.
Auteur: VulDB

MetInfo 7.0 id sql injection

A vulnerability classified as critical was found in MetInfo 7.0 (Content Management System). Affected by this vulnerability is some unknown functionality of the file admin/?n=user&c=admin_user&a=doGetUserInfo. There is no information about...
Auteur: VulDB

MetInfo 7.0 appno sql injection

A vulnerability classified as critical has been found in MetInfo 7.0 (Content Management System). Affected is an unknown functionality of the file admin/?n=language&c=language_general&a=doSearchParameter. There is no information about possible...
Auteur: VulDB

PbootCMS 2.0.2 cross site scripting [CVE-2019-17417]

A vulnerability was found in PbootCMS 2.0.2. It has been rated as problematic. This issue affects an unknown function of the file Pboot/admin.php?p=/Single/index/mcode/1. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

iTerm2 up to 3.3.5 tmux Control Mode privilege escalation

A vulnerability was found in iTerm2 up to 3.3.5. It has been declared as critical. This vulnerability affects some unknown processing of the component tmux Control Mode Handler. There is no information about possible countermeasures known. It may...
Auteur: VulDB
12345678910Last

Événements SSI

BLOCKCHAIN

Conférence et exposition sur les applications d'entreprise de la blockchain à Paris, cité universitaire internationale, les 13 et 14 novembre 2019. Organisés par Corp Agency.

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS