samedi 16 novembre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

HuCart 5.7.4 helper_class.php get_ip() X-Forwarded-For sql injection

A vulnerability was found in HuCart 5.7.4. It has been classified as critical. This affects the function get_ip() of the file system/class/helper_class.php. The manipulation of the argument X-Forwarded-For as part of a HTTP Header leads to a sql...
Auteur: VulDB

Artifex Ghostscript up to 9.25 Access Restriction psi/zfjbig2.c memory corruption

A vulnerability classified as critical was found in Artifex Ghostscript up to 9.25. Affected by this vulnerability is an unknown function of the file psi/zfjbig2.c of the component Access Restriction. The manipulation with an unknown input leads...
Auteur: VulDB

Artifex Ghostscript up to 9.25 Access Restriction psi/zicc.c privilege escalation

A vulnerability classified as critical has been found in Artifex Ghostscript up to 9.25. Affected is an unknown function of the file psi/zicc.c of the component Access Restriction. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

Artifex Ghostscript up to 9.25 Access Restriction psi/zdevice2.c privilege escalation

A vulnerability was found in Artifex Ghostscript up to 9.25. It has been rated as critical. This issue affects an unknown function of the file psi/zdevice2.c of the component Access Restriction. The manipulation with an unknown input leads to a...
Auteur: VulDB

BMC Remedy 7.1 Action Request System userdata.js privilege escalation

A vulnerability was found in BMC Remedy 7.1. It has been rated as critical. Affected by this issue is an unknown function of the file /WOI:WorkOrderConsole/Default+User+View+(Support)/userdata.js?winname=SERVERWOIWOI+WORKOrderConsole12345643244...
Auteur: VulDB

RGPD : quel bilan 6 mois après son entrée en application ?

Alors que 66% des Français se disent plus sensibles qu’avant à la protection des données, la CNIL continue à recevoir toujours plus de plaintes individuelles ou collectives, 6 mois après l’entrée en application du RGPD.  
Auteur: Cnil

webERP 4.15 CollectiveWorkOrderCost.php SearchParts sql injection

A vulnerability was found in webERP 4.15. It has been declared as critical. Affected by this vulnerability is an unknown function of the file CollectiveWorkOrderCost.php. The manipulation of the argument SearchParts as part of a Parameter leads...
Auteur: VulDB

webERP 4.15 SalesInquiry.php SortBy sql injection

A vulnerability was found in webERP 4.15. It has been classified as critical. Affected is an unknown function of the file SalesInquiry.php. The manipulation of the argument SortBy as part of a Parameter leads to a sql injection vulnerability....
Auteur: VulDB

webERP 4.15 General Ledger BankMatching.php AmtClear_ sql injection

A vulnerability was found in webERP 4.15 and classified as critical. This issue affects an unknown function of the file BankMatching.php of the component General Ledger. The manipulation of the argument AmtClear_ as part of a Parameter leads to...
Auteur: VulDB

ShowDoc 2.4.1 install/database.php lang/cur_lang cross site scripting

A vulnerability has been found in ShowDoc 2.4.1 and classified as problematic. This vulnerability affects an unknown function of the file install/database.php. The manipulation of the argument lang/cur_lang as part of a Parameter leads to a...
Auteur: VulDB

libsndfile 1.0.28 sndfile.c sf_write_int denial of service

A vulnerability, which was classified as problematic, was found in libsndfile 1.0.28. This affects the function sf_write_int of the file sndfile.c. The manipulation with an unknown input leads to a denial of service vulnerability (NULL Pointer...
Auteur: VulDB

UCMS 1.4.7 $_COOKIE['admin_'.cookiehash] privilege escalation

A vulnerability was found in UCMS 1.4.7. It has been rated as critical. Affected by this issue is an unknown function. The manipulation of the argument $_COOKIE['admin_'.cookiehash] with an unknown input leads to a privilege escalation...
Auteur: VulDB

Logicspice FAQ Script 2.9.7 admin/faqs/faqimages PHP File privilege escalation

A vulnerability classified as critical was found in Logicspice FAQ Script 2.9.7. This vulnerability affects an unknown function of the file admin/faqs/faqimages. The manipulation as part of a PHP File leads to a privilege escalation...
Auteur: VulDB

Tryton up to 5.0.0 Client bus.py weak encryption

A vulnerability classified as critical has been found in Tryton up to 5.0.0. This affects an unknown function of the file bus.py of the component Client. The manipulation with an unknown input leads to a weak encryption vulnerability...
Auteur: VulDB

Discuz! X3.4 admin.php statcode cross site scripting

A vulnerability was found in Discuz! X3.4 and classified as problematic. Affected by this issue is an unknown function of the file admin.php. The manipulation of the argument statcode with an unknown input leads to a cross site scripting...
Auteur: VulDB

Adult Filter 1.0 Black Domain List File memory corruption

A vulnerability, which was classified as critical, was found in Adult Filter 1.0. Affected is an unknown function of the component Black Domain List File Handler. The manipulation with an unknown input leads to a memory corruption vulnerability....
Auteur: VulDB

PHP Proxy 3.0.3 index.php information disclosure

A vulnerability, which was classified as problematic, has been found in PHP Proxy 3.0.3. This issue affects an unknown function of the file index.php?q=file://. The manipulation with an unknown input leads to a information disclosure...
Auteur: VulDB

Z-BlogPHP up to 1.5.1 upload.php privilege escalation

A vulnerability has been found in Z-BlogPHP up to 1.5.1 and classified as critical. Affected by this vulnerability is an unknown function in the library zb_system/function/lib/upload.php. The manipulation with an unknown input leads to a...
Auteur: VulDB

CERTFR-2018-AVI-567 : Vulnérabilité dans le noyau Linux de RedHat (21 novembre 2018)

Une vulnérabilité a été découverte dans le noyau Linux de RedHat. Elle permet à un attaquant de provoquer une élévation de privilèges.

Auteur: Cert FR

CERTFR-2018-AVI-566 : Multiples vulnérabilités dans Xen (21 novembre 2018)

De multiples vulnérabilités ont été découvertes dans Xen. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.

Auteur: Cert FR

CERTFR-2018-AVI-565 : Multiples vulnérabilités dans VMware vSphere Data Protection (21 novembre 2018)

De multiples vulnérabilités ont été découvertes dans VMware vSphere Data Protection. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la...
Auteur: Cert FR

CERTFR-2018-AVI-564 : Multiples vulnérabilités dans Citrix XenServer (21 novembre 2018)

De multiples vulnérabilités ont été découvertes dans Citrix XenServer. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et un déni de service.

Auteur: Cert FR

Linux Kernel up to 4.19.2 System Call arch/x86/kvm/x86.c vcpu_scan_ioapic denial of service

A vulnerability was found in Linux Kernel up to 4.19.2. It has been declared as problematic. Affected by this vulnerability is the function vcpu_scan_ioapic of the file arch/x86/kvm/x86.c of the component System Call Handler. The manipulation ...
Auteur: VulDB

Linux Kernel up to 4.19.2 System Call arch/x86/kvm/lapic.c denial of service

A vulnerability was found in Linux Kernel up to 4.19.2. It has been classified as problematic. Affected is an unknown function of the file arch/x86/kvm/lapic.c of the component System Call Handler. The manipulation with an unknown input leads to...
Auteur: VulDB

YXcms 1.4.7 indexController.php ZIP Archive privilege escalation

A vulnerability was found in YXcms 1.4.7 and classified as critical. This issue affects an unknown function of the file protected/apps/appmanage/controller/indexController.php. The manipulation as part of a ZIP Archive leads to a privilege...
Auteur: VulDB
First688689690691692693694695696697Last

Événements SSI

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS