jeudi 19 septembre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

xtimor NMEA Library 0.5.3 parser.c nmea_parse() memory corruption

A vulnerability, which was classified as critical, has been found in xtimor NMEA Library 0.5.3. Affected by this issue is the function nmea_parse() of the file parser.c. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

PolyAI mintToken Smart Contract privilege escalation

A vulnerability was found in PolyAI (the affected version is unknown). It has been rated as critical. This issue affects the function mintToken. The manipulation as part of a Smart Contract leads to a privilege escalation vulnerability (Integer...
Auteur: VulDB

LimeSurvey 3.14.7 surveyls_title cross site scripting

A vulnerability was found in LimeSurvey 3.14.7. It has been declared as problematic. This vulnerability affects an unknown function of the file /index.php?r=admin/survey/sa/insert. The manipulation of the argument surveyls_title as part of a...
Auteur: VulDB

Ricoh MP 2001 adrsSetUserWizard.cgi entryNameIn cross site scripting

A vulnerability was found in Ricoh MP 2001 (the affected version is unknown). It has been classified as problematic. This affects an unknown function of the file /web/entry/en/address/adrsSetUserWizard.cgi. The manipulation of the argument...
Auteur: VulDB

Zoho ManageEngine SupportCenter Plus 8.1.0 /ServiceContractDef.do contractName cross site scripting

A vulnerability has been found in Zoho ManageEngine SupportCenter Plus 8.1.0 and classified as problematic. Affected by this vulnerability is an unknown function of the file /ServiceContractDef.do. The manipulation of the argument contractName...
Auteur: VulDB

Zoho ManageEngine Desktop Central 10.0.271 Features & Articles advsearch.do Request cross site scripting

A vulnerability, which was classified as problematic, was found in Zoho ManageEngine Desktop Central 10.0.271. Affected is an unknown function of the file /advsearch.do?SUBREQUEST=XMLHTTP of the component Features & Articles. The manipulation as...
Auteur: VulDB

SeaCMS 6.64 admin_video.php order sql injection

A vulnerability, which was classified as critical, has been found in SeaCMS 6.64. This issue affects an unknown function of the file upload/admin/admin_video.php. The manipulation of the argument order as part of a Parameter leads to a sql...
Auteur: VulDB

SeaCMS 6.64 admin_template.php path information disclosure

A vulnerability classified as problematic was found in SeaCMS 6.64. This vulnerability affects an unknown function of the file upload/admin/admin_template.php. The manipulation of the argument path with an unknown input leads to a information...
Auteur: VulDB

Microsoft Exchange Server up to 2010 SP3 Outlook Web Access /owa/auth/logon.aspx username Server-Side Request Forgery

A vulnerability classified as critical has been found in Microsoft Exchange Server up to 2010 SP3. This affects an unknown function of the file /owa/auth/logon.aspx of the component Outlook Web Access. The manipulation of the argument username...
Auteur: VulDB

DeDeCMS 5.7 /plus/feedback_ajax.php msg cross site scripting

A vulnerability was found in DeDeCMS 5.7. It has been rated as problematic. Affected by this issue is an unknown function of the file /plus/feedback_ajax.php. The manipulation of the argument msg with an unknown input leads to a cross site...
Auteur: VulDB

DeDeCMS 5.7 SP2 name Code Execution

A vulnerability was found in DeDeCMS 5.7 SP2. It has been declared as critical. Affected by this vulnerability is an unknown function. The manipulation of the argument name with the input value ../ leads to a privilege escalation vulnerability...
Auteur: VulDB

DIESER Profields - Project Custom Fields up to 6.0.1 on Jira Access Control privilege escalation

A vulnerability was found in DIESER Profields - Project Custom Fields up to 6.0.1 on Jira and classified as critical. This issue affects an unknown function of the component Access Control. The manipulation with an unknown input leads to a...
Auteur: VulDB

Avaya Aura Orchestration Designer 7.2.1 Runtime Config cross site scripting

A vulnerability has been found in Avaya Aura Orchestration Designer 7.2.1 and classified as problematic. This vulnerability affects an unknown function of the component Runtime Config. The manipulation with an unknown input leads to a cross site...
Auteur: VulDB

Avaya Aura Orchestration Designer 7.2.1 Runtime Config cross site request forgery

A vulnerability, which was classified as problematic, was found in Avaya Aura Orchestration Designer 7.2.1. This affects an unknown function of the component Runtime Config. The manipulation with an unknown input leads to a cross site request...
Auteur: VulDB

Vectra Cognito Brain/Cognito Sensor up to 4.1 Web Management Console cross site scripting

A vulnerability classified as problematic was found in Vectra Cognito Brain and Cognito Sensor up to 4.1. Affected by this vulnerability is an unknown function of the component Web Management Console. The manipulation with an unknown input leads...
Auteur: VulDB

webpack-dev-server up to 3.1.5 WebSocket Server lib/Server.js Request information disclosure

A vulnerability was found in webpack-dev-server up to 3.1.5. It has been rated as problematic. This issue affects an unknown function in the library lib/Server.js of the component WebSocket Server. The manipulation as part of a Request leads to...
Auteur: VulDB

Parcel parcel-bundler WebSocket Server HMRServer.js Request information disclosure

A vulnerability was found in Parcel parcel-bundler (the affected version is unknown). It has been declared as problematic. This vulnerability affects an unknown function of the file HMRServer.js of the component WebSocket Server. The manipulation...
Auteur: VulDB

Browserify-HMR WebSocket Server Request Code information disclosure

A vulnerability was found in Browserify-HMR (the affected version is unknown). It has been classified as problematic. This affects an unknown function of the component WebSocket Server. The manipulation as part of a Request leads to a...
Auteur: VulDB

SubSonic 6.1.1 tagService.setTags.dwr c0-param2/c0-param3/c0-param4 cross site scripting

A vulnerability was found in SubSonic 6.1.1 and classified as problematic. Affected by this issue is an unknown function of the file dwr/call/plaincall/tagService.setTags.dwr. The manipulation of the argument c0-param2/c0-param3/c0-param4 as...
Auteur: VulDB

SubSonic 6.1.1 General Settings Stored cross site scripting

A vulnerability has been found in SubSonic 6.1.1 and classified as problematic. Affected by this vulnerability is an unknown function of the component General Settings. The manipulation with an unknown input leads to a cross site scripting...
Auteur: VulDB

SubSonic 6.1.1 Transcoding Setting name/sourceformats/targetFormat/step1/step2 Stored cross site scripting

A vulnerability, which was classified as problematic, was found in SubSonic 6.1.1. Affected is an unknown function of the component Transcoding Setting Handler. The manipulation of the argument name/sourceformats/targetFormat/step1/step2 as part...
Auteur: VulDB

SubSonic 6.1.1 internetRadioSettings.view name/streamUrl/homepageUrl cross site scripting

A vulnerability, which was classified as problematic, has been found in SubSonic 6.1.1. This issue affects an unknown function of the file internetRadioSettings.view. The manipulation of the argument name/streamUrl/homepageUrl as part of a...
Auteur: VulDB

Wanscam HW0021 ONVIF Service POST Request Crash denial of service

A vulnerability classified as problematic was found in Wanscam HW0021 (the affected version is unknown). This vulnerability affects an unknown function of the component ONVIF Service. The manipulation as part of a POST Request leads to a denial...
Auteur: VulDB

Substratum mintToken Smart Contract privilege escalation

A vulnerability classified as critical has been found in Substratum (the affected version is unknown). This affects the function mintToken. The manipulation as part of a Smart Contract leads to a privilege escalation vulnerability (Integer...
Auteur: VulDB

Intel Core Processor Platform Sample Code Firmware privilege escalation

A vulnerability was found in Intel Core Processor (the affected version is unknown). It has been rated as critical. Affected by this issue is an unknown function of the component Platform Sample Code Firmware. The manipulation with an unknown...
Auteur: VulDB
First646647648649650651652653654655Last

Événements SSI

LES ASSISES

Grand rendez-vous annuel des RSSI, les Assises de la sécurité des systèmes d'information se tiennent à Monaco (Grimaldi Forum) du 9 au 12 octobre 2019. Organisées par DG Consultants.

BLOCKCHAIN

Conférence et exposition sur les applications d'entreprise de la blockchain à Paris, cité universitaire internationale, les 13 et 14 novembre 2019. Organisés par Corp Agency.

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS