samedi 15 juin 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

GNOME gvfs up to 1.38.2/1.40.1/1.41.2 gvfsd daemon/gvfsdaemon.c Socket privilege escalation

A vulnerability, which was classified as critical, has been found in GNOME gvfs up to 1.38.2/1.40.1/1.41.2. This issue affects some unknown functionality of the file daemon/gvfsdaemon.c of the component gvfsd. The manipulation as part of a...
Auteur: VulDB

MISP 2.4.108 Password Reset privilege escalation

A vulnerability classified as problematic was found in MISP 2.4.108. This vulnerability affects an unknown functionality of the component Password Reset. The manipulation with an unknown input leads to a privilege escalation vulnerability. The...
Auteur: VulDB

Joomla CMS up to 3.9.6 Subform cross site scripting

A vulnerability classified as problematic has been found in Joomla CMS up to 3.9.6 (Content Management System). This affects an unknown function of the component Subform Handler. The manipulation with an unknown input leads to a cross site...
Auteur: VulDB

Joomla CMS up to 3.9.6 com_actionslogs CSV Injection privilege escalation

A vulnerability was found in Joomla CMS up to 3.9.6 (Content Management System). It has been rated as critical. Affected by this issue is some unknown processing of the component com_actionslogs. The manipulation with an unknown input leads to a...
Auteur: VulDB

Joomla CMS up to 3.9.6 com_joomlaupdate privilege escalation

A vulnerability was found in Joomla CMS up to 3.9.6 (Content Management System). It has been declared as critical. Affected by this vulnerability is an unknown code block of the component com_joomlaupdate. The manipulation with an unknown input...
Auteur: VulDB

dbus up to 1.10.27/1.12.15/1.13.11 /.dbus-keyrings privilege escalation

A vulnerability was found in dbus up to 1.10.27/1.12.15/1.13.11. It has been classified as critical. Affected is an unknown code of the file /.dbus-keyrings. The manipulation with an unknown input leads to a privilege escalation vulnerability...
Auteur: VulDB

RealObjects PDFreactor up to 10.1 XML Parser XML External Entity

A vulnerability was found in RealObjects PDFreactor up to 10.1 (JavaScript Library) and classified as critical. This issue affects an unknown part of the component XML Parser. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

RealObjects PDFreactor up to 10.1 HTML Parser HTML Content Server-Side Request Forgery

A vulnerability has been found in RealObjects PDFreactor up to 10.1 (JavaScript Library) and classified as critical. This vulnerability affects some unknown functionality of the component HTML Parser. The manipulation as part of a HTML Content...
Auteur: VulDB

SilverStripe restfulserver Module/registry Module sql injection

A vulnerability, which was classified as critical, was found in SilverStripe restfulserver Module and registry Module (Content Management System) (the affected version unknown). This affects an unknown functionality. The manipulation with an...
Auteur: VulDB

Ipswitch WS_FTP Server up to 8.6.0 SSHServerAPI.dll directory traversal

A vulnerability, which was classified as critical, has been found in Ipswitch WS_FTP Server up to 8.6.0 (File Transfer Software). Affected by this issue is an unknown function in the library SSHServerAPI.dll. The manipulation with an unknown...
Auteur: VulDB

Ipswitch WS_FTP Server up to 8.6.0 SSHServerAPI.dll directory traversal

A vulnerability classified as critical was found in Ipswitch WS_FTP Server up to 8.6.0 (File Transfer Software). Affected by this vulnerability is some unknown processing in the library SSHServerAPI.dll. The manipulation with an unknown input...
Auteur: VulDB

Ipswitch WS_FTP Server up to 8.6.0 SSHServerAPI.dll SITE Command directory traversal

A vulnerability classified as critical has been found in Ipswitch WS_FTP Server up to 8.6.0 (File Transfer Software). Affected is an unknown code block in the library SSHServerAPI.dll. The manipulation as part of a SITE Command leads to a...
Auteur: VulDB

Ipswitch WS_FTP Server up to 8.6.0 SSHServerAPI.dll directory traversal

A vulnerability was found in Ipswitch WS_FTP Server up to 8.6.0 (File Transfer Software). It has been rated as critical. This issue affects an unknown code in the library SSHServerAPI.dll. The manipulation with an unknown input leads to a...
Auteur: VulDB

Tzumi Electronics Klic Lock 1.0.9 POST Request weak authentication

A vulnerability was found in Tzumi Electronics Klic Lock 1.0.9. It has been declared as problematic. This vulnerability affects an unknown part. The manipulation as part of a POST Request leads to a weak authentication vulnerability. The CWE...
Auteur: VulDB

JX Resources Plugin up to 1.0.36 on Jenkins Permission Check privilege escalation

A vulnerability was found in JX Resources Plugin up to 1.0.36 on Jenkins (Jenkins Plugin). It has been classified as critical. This affects some unknown functionality of the component Permission Check. The manipulation with an unknown input...
Auteur: VulDB

JX Resources Plugin up to 1.0.36 on Jenkins cross site request forgery

A vulnerability was found in JX Resources Plugin up to 1.0.36 on Jenkins (Jenkins Plugin) and classified as critical. Affected by this issue is an unknown functionality. The manipulation with an unknown input leads to a cross site request...
Auteur: VulDB

Token Macro Plugin up to 2.7 on Jenkins XML Data Request XML External Entity

A vulnerability has been found in Token Macro Plugin up to 2.7 on Jenkins (Jenkins Plugin) and classified as critical. Affected by this vulnerability is an unknown function of the component XML Data Handler. The manipulation as part of a Request...
Auteur: VulDB

ElectricFlow Plugin up to 1.1.6 on Jenkins API Reflected cross site scripting

A vulnerability, which was classified as problematic, was found in ElectricFlow Plugin up to 1.1.6 on Jenkins (Jenkins Plugin). Affected is some unknown processing of the component API. The manipulation with an unknown input leads to a cross...
Auteur: VulDB

ElectricFlow Plugin up to 1.1.5 on Jenkins API Stored cross site scripting

A vulnerability, which was classified as problematic, has been found in ElectricFlow Plugin up to 1.1.5 on Jenkins (Jenkins Plugin). This issue affects an unknown code block of the component API. The manipulation with an unknown input leads to a...
Auteur: VulDB

ElectricFlow Plugin up to 1.1.5 on Jenkins TLS privilege escalation

A vulnerability classified as critical was found in ElectricFlow Plugin up to 1.1.5 on Jenkins (Jenkins Plugin). This vulnerability affects an unknown code of the component TLS Handler. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

ElectricFlow Plugin up to 1.1.5 on Jenkins Permission Check privilege escalation

A vulnerability classified as critical has been found in ElectricFlow Plugin up to 1.1.5 on Jenkins (Jenkins Plugin). This affects an unknown part of the component Permission Check. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

ElectricFlow Plugin up to 1.1.5 on Jenkins Permission Check privilege escalation

A vulnerability was found in ElectricFlow Plugin up to 1.1.5 on Jenkins (Jenkins Plugin). It has been rated as critical. Affected by this issue is some unknown functionality of the component Permission Check. The manipulation with an unknown...
Auteur: VulDB

ElectricFlow Plugin up to 1.1.5 on Jenkins cross site request forgery

A vulnerability was found in ElectricFlow Plugin up to 1.1.5 on Jenkins (Jenkins Plugin). It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation with an unknown input leads to a cross...
Auteur: VulDB

Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability

A vulnerability was found in Apache HTTP Server up to 2.4.38 (Web Server). It has been classified as critical. Affected is an unknown function of the component Slash Handler. The manipulation as part of a Regular Expression leads to a unknown...
Auteur: VulDB

Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service

A vulnerability was found in Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 (Web Server) and classified as problematic. This issue affects some unknown processing of the component HTTP2 Handler. The manipulation as part of a Request leads...
Auteur: VulDB
First234567891011Last

Événements SSI

HACK IN PARIS

Pour sa 9ème édition la conférence Hack In Paris sur la sécurité IT se tient du 16 au 20 juin 2019 à Paris, Maison de la Chimie. Organisée par Sysdream.

LES ASSISES

Grand rendez-vous annuel des RSSI, les Assises de la sécurité des systèmes d'information se tiennent à Monaco (Grimaldi Forum) du 9 au 12 octobre 2019. Organisées par DG Consultants.

Présentation par l'organisateur



Retour sur Les Assises 2018

La 18ème édition des Assises de la Sécurité à Monaco, c’est terminé ! Encore merci aux 2800 participants dont les 160 partenaires qui pendant trois jours se sont retrouvés pour faire vivre cet événement unique en France. Conférences, one-to-one, tables-rondes, ateliers, moments de networking… Par leur contenu, par la qualité des visiteurs et par la richesse des échanges, les Assises se positionnent plus que jamais comme le rendez-vous incontournable de tous les professionnels de la cybersécurité. A l’image du marché qui ne cesse d’évoluer, les Assises savent adapter leur offre afin de répondre au mieux aux attentes du secteur. Ainsi cette édition a-t-elle voulu mettre en avant les grands enjeux du moment en multipliant les prises de parole, les démonstrations et les retours d’expérience.

Rendez-vous maintenant pour la prochaine édition qui aura lieu du 9 au 12 octobre 2019

Plus d'informations sur le site dédié à l'événement.

RSS