dimanche 26 janvier 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Lobby Track Desktop Kiosk Mode Sample Database.mdb privilege escalation

A vulnerability was found in Lobby Track Desktop and classified as critical. Affected by this issue is a part of the file Sample Database.mdb of the component Kiosk Mode. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

Lobby Track Desktop Kiosk Mode User information disclosure

A vulnerability has been found in Lobby Track Desktop and classified as problematic. Affected by this vulnerability is a functionality of the component Kiosk Mode. The manipulation with an unknown input leads to a information disclosure...
Auteur: VulDB

Microweber 1.0.8 Reflected cross site scripting

A vulnerability classified as problematic was found in Microweber 1.0.8. This vulnerability affects the functionality. The manipulation with an unknown input leads to a cross site scripting vulnerability (Reflected). The CWE definition for the...
Auteur: VulDB

Qt 5.11 PPM Image qppmhandler.cpp denial of service

A vulnerability classified as problematic has been found in Qt 5.11. This affects an unknown function of the file qppmhandler.cpp of the component PPM Image Handler. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

Kentix MultiSensor-LAN up to 5.63.00 weak authentication [CVE-2018-19783]

A vulnerability was found in Kentix MultiSensor-LAN up to 5.63.00. It has been rated as critical. Affected by this issue is some processing. The manipulation with an unknown input leads to a weak authentication vulnerability. Using CWE to...
Auteur: VulDB

HMS Industrial Networks Netbiter WS100 up to 3.30.5 Login Form Reflected cross site scripting

A vulnerability was found in HMS Industrial Networks Netbiter WS100 up to 3.30.5. It has been declared as problematic. Affected by this vulnerability is a code block of the component Login Form. The manipulation with an unknown input leads to a...
Auteur: VulDB

Systrome ISG-600C/ISG-600H/ISG-800W 1.1-R2.1_TRUNK-20180914.bin /ui/ cross site request forgery

A vulnerability was found in Systrome ISG-600C, ISG-600H and ISG-800W 1.1-R2.1_TRUNK-20180914.bin. It has been classified as problematic. Affected is code of the file /ui/?g=obj_keywords_add. The manipulation with an unknown input leads to a...
Auteur: VulDB

Shenzhen Skyworth DT741/DT721-cb/DT741-cb Web_passwd Long Password Remote Code Execution

A vulnerability was found in Shenzhen Skyworth DT741, DT721-cb and DT741-cb and classified as critical. This issue affects the function Web_passwd. The manipulation as part of a Long Password leads to a privilege escalation vulnerability (Code...
Auteur: VulDB

Webgalamb up to 7.0 system/ajax.php bgsend/atment_sddd1xGz/xls_bgimport privilege escalation

A vulnerability has been found in Webgalamb up to 7.0 and classified as critical. This vulnerability affects a functionality of the file system/ajax.php. The manipulation of the argument bgsend/atment_sddd1xGz/xls_bgimport as part of a Parameter...
Auteur: VulDB

Webgalamb up to 7.0 CSV File subscriber.php eval() Remote Code Execution

A vulnerability, which was classified as critical, was found in Webgalamb up to 7.0. This affects the function eval() of the file subscriber.php of the component CSV File Handler. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

Webgalamb up to 7.0 Log File YYYY-MM-DD-sql_error_log.log information disclosure

A vulnerability, which was classified as problematic, has been found in Webgalamb up to 7.0. Affected by this issue is some functionality of the file files/logs/sql_error_log/YYYY-MM-DD-sql_error_log.log of the component Log File. The...
Auteur: VulDB

Webgalamb up to 7.0 system/ajax.php directory traversal

A vulnerability classified as critical was found in Webgalamb up to 7.0. Affected by this vulnerability is the functionality of the file system/ajax.php. The manipulation with an unknown input leads to a directory traversal vulnerability (PHP...
Auteur: VulDB

Webgalamb 7.0 wg7.php wg7php?options=1 cross site request forgery

A vulnerability classified as problematic has been found in Webgalamb 7.0. Affected is an unknown function of the file wg7.php. The manipulation of the argument wg7php?options=1 with an unknown input leads to a cross site request forgery...
Auteur: VulDB

Webgalamb up to 7.0 HTTP Header subscriber.php Client-IP sql injection

A vulnerability was found in Webgalamb up to 7.0. It has been rated as critical. This issue affects some processing of the file subscriber.php of the component HTTP Header Handler. The manipulation of the argument Client-IP with an unknown input...
Auteur: VulDB

Webgalamb 7.0 Templating Engine wg7.php htmlspecialchars() cross site scripting

A vulnerability was found in Webgalamb 7.0. It has been declared as problematic. This vulnerability affects the function htmlspecialchars() of the file wg7.php of the component Templating Engine. The manipulation with an unknown input leads to a...
Auteur: VulDB

Simplenia Pages Plugin 2.6.0 on Atlassian Bitbucket Server cross site scripting

A vulnerability was found in Simplenia Pages Plugin 2.6.0 on Atlassian Bitbucket Server. It has been classified as problematic. This affects code. The manipulation with an unknown input leads to a cross site scripting vulnerability. CWE is...
Auteur: VulDB

WP-jobhunt Plugin up to 2.4 on WordPress AJAX Request admin-ajax.php cs_reset_pass() privilege escalation

A vulnerability was found in WP-jobhunt Plugin up to 2.4 on WordPress (WordPress Plugin) and classified as critical. Affected by this issue is the function cs_reset_pass() of the file admin-ajax.php of the component AJAX Request Handler. The...
Auteur: VulDB

WP-jobhunt Plugin up to 2.4 on WordPress AJAX Request admin-ajax.php cs_employer_ajax_profile() information disclosure

A vulnerability has been found in WP-jobhunt Plugin up to 2.4 on WordPress (WordPress Plugin) and classified as problematic. Affected by this vulnerability is the function cs_employer_ajax_profile() of the file admin-ajax.php of the component...
Auteur: VulDB

Wowza Streaming Engine 4.7.4.01 REST API HTTP Request directory traversal

A vulnerability, which was classified as critical, was found in Wowza Streaming Engine 4.7.4.01. Affected is a function of the component REST API. The manipulation as part of a HTTP Request leads to a directory traversal vulnerability. CWE is...
Auteur: VulDB

OpenMRS up to 2.23.x Deserialization XML Data privilege escalation

A vulnerability, which was classified as critical, has been found in OpenMRS up to 2.23.x. This issue affects some functionality of the component Deserialization. The manipulation as part of a XML Data leads to a privilege escalation...
Auteur: VulDB

Webmin 1.890 /config.cgi Parameter cross site scripting

A vulnerability classified as problematic was found in Webmin 1.890 (Software Management Software). This vulnerability affects the functionality of the file /config.cgi?webmin. The manipulation as part of a Parameter leads to a cross site...
Auteur: VulDB

ColossusCoinXT up to 1.0.5 denial of service [CVE-2018-19158]

A vulnerability classified as problematic has been found in ColossusCoinXT up to 1.0.5. This affects an unknown function. The manipulation with an unknown input leads to a denial of service vulnerability. CWE is classifying the issue as CWE-20....
Auteur: VulDB

Best Practical Request Tracker 4.1.x/4.2.x/4.3.x/4.4 email-ingestion denial of service

A vulnerability was found in Best Practical Request Tracker 4.1.x/4.2.x/4.3.x/4.4 (Ticket Tracking Software). It has been rated as problematic. Affected by this issue is some processing of the component email-ingestion. The manipulation with an...
Auteur: VulDB

ControlByWeb X-320M-I 1.05 Web Interface setup.html cross site scripting

A vulnerability was found in ControlByWeb X-320M-I 1.05. It has been declared as problematic. Affected by this vulnerability is a code block of the file setup.html of the component Web Interface. The manipulation with an unknown input leads to a...
Auteur: VulDB

ControlByWeb X-320M-I 1.05 TCP denial of service

A vulnerability was found in ControlByWeb X-320M-I 1.05. It has been classified as critical. Affected is code of the component TCP Handler. The manipulation with an unknown input leads to a denial of service vulnerability. CWE is classifying the...
Auteur: VulDB
First635636637638639640641642643644Last

Événements SSI

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS