mardi 16 juillet 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CyberPower PowerPanel Business Edition 3.4.0 Agent/Center POST Request cross site request forgery

A vulnerability, which was classified as problematic, has been found in CyberPower PowerPanel Business Edition 3.4.0. Affected by this issue is an unknown functionality of the component Agent/Center. The manipulation as part of a POST Request...
Auteur: VulDB

Hunesion i-oneNet up to 3.0.53/4.0.16 Integrity Check Update privilege escalation

A vulnerability classified as critical was found in Hunesion i-oneNet up to 3.0.53/4.0.16. Affected by this vulnerability is an unknown function of the component Integrity Check. The manipulation as part of a Update leads to a privilege...
Auteur: VulDB

Hunesion i-oneNet up to 3.0.53/4.0.16 Upload Web Module Code Execution

A vulnerability classified as critical has been found in Hunesion i-oneNet up to 3.0.53/4.0.16. Affected is some unknown processing of the component Upload Web Module. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

Teclib News Plugin up to 1.5.2 on GLPI $_POST['name'] Stored cross site scripting

A vulnerability was found in Teclib News Plugin up to 1.5.2 on GLPI. It has been rated as problematic. This issue affects an unknown code block. The manipulation of the argument $_POST['name'] as part of a Parameter leads to a cross site...
Auteur: VulDB

Teclib Fields Plugin up to 1.9.2 on GLPI ajax/reorder.php container_id/old_order sql injection

A vulnerability was found in Teclib Fields Plugin up to 1.9.2 on GLPI. It has been declared as critical. This vulnerability affects an unknown code of the file ajax/reorder.php. The manipulation of the argument container_id/old_order as part of...
Auteur: VulDB

Wikimedia MediaWiki up to 1.27.5/1.30.1/1.31.1/1.32.1 API information disclosure

A vulnerability was found in Wikimedia MediaWiki up to 1.27.5/1.30.1/1.31.1/1.32.1 (Content Management System). It has been classified as problematic. This affects an unknown part of the component API. The manipulation with an unknown input...
Auteur: VulDB

Wikimedia MediaWiki up to 1.27.5/1.30.1/1.31.1/1.32.1 API denial of service

A vulnerability was found in Wikimedia MediaWiki up to 1.27.5/1.30.1/1.31.1/1.32.1 (Content Management System) and classified as problematic. Affected by this issue is some unknown functionality of the component API. The manipulation with an...
Auteur: VulDB

CERTFR-2019-AVI-327 : Multiples vulnérabilités dans Cisco ASA et FTD (11 juillet 2019)

De multiples vulnérabilités ont été découvertes dans Cisco ASA et FTD. Elles permettent à un attaquant de provoquer un déni de service à distance.

Auteur: Cert FR

Wikimedia MediaWiki up to 1.27.5/1.30.1/1.31.1/1.32.1 Access Control $wgBlockCIDRLimit privilege escalation

A vulnerability has been found in Wikimedia MediaWiki up to 1.27.5/1.30.1/1.31.1/1.32.1 (Content Management System) and classified as critical. Affected by this vulnerability is an unknown functionality of the component Access Control. The...
Auteur: VulDB

Wikimedia MediaWiki up to 1.27.5/1.30.1/1.31.1/1.32.1 cross site scripting

A vulnerability, which was classified as problematic, was found in Wikimedia MediaWiki up to 1.27.5/1.30.1/1.31.1/1.32.1 (Content Management System). Affected is an unknown function. The manipulation with an unknown input leads to a cross site...
Auteur: VulDB

Wikimedia MediaWiki up to 1.27.5/1.30.1/1.31.1/1.32.1 RevisionDelete Page information disclosure

A vulnerability, which was classified as problematic, has been found in Wikimedia MediaWiki up to 1.27.5/1.30.1/1.31.1/1.32.1 (Content Management System). This issue affects some unknown processing of the component RevisionDelete Page. The...
Auteur: VulDB

Wikimedia MediaWiki up to 1.27.5/1.30.1/1.31.1/1.32.1 Special:EditTags Username information disclosure

A vulnerability classified as problematic was found in Wikimedia MediaWiki up to 1.27.5/1.30.1/1.31.1/1.32.1 (Content Management System). This vulnerability affects an unknown code block of the component Special:EditTags. The manipulation with...
Auteur: VulDB

Wikimedia MediaWiki up to 1.32.1 Special:ChangeEmail weak authentication

A vulnerability classified as critical has been found in Wikimedia MediaWiki up to 1.32.1 (Content Management System). This affects an unknown code of the component Special:ChangeEmail. The manipulation with an unknown input leads to a weak...
Auteur: VulDB

Wikimedia MediaWiki up to 1.27.5/1.30.1/1.31.1/1.32.1 Special:ChangeEmail Spam privilege escalation

A vulnerability was found in Wikimedia MediaWiki up to 1.27.5/1.30.1/1.31.1/1.32.1 (Content Management System). It has been rated as critical. Affected by this issue is an unknown part of the component Special:ChangeEmail. The manipulation with...
Auteur: VulDB

Wikimedia MediaWiki up to 1.32.1 cross site request forgery [CVE-2019-12466]

A vulnerability was found in Wikimedia MediaWiki up to 1.32.1 (Content Management System). It has been declared as problematic. Affected by this vulnerability is some unknown functionality. The manipulation with an unknown input leads to a cross...
Auteur: VulDB

CERTFR-2019-AVI-326 : Multiples vulnérabilités dans le noyau Linux de SUSE (11 juillet 2019)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

NetIQ Advanced Authentication Framework up to 5.x Man-in-the-Middle weak encryption

A vulnerability was found in NetIQ Advanced Authentication Framework up to 5.x. It has been classified as critical. Affected is an unknown functionality. The manipulation with an unknown input leads to a weak encryption vulnerability...
Auteur: VulDB

GE Aespire 7900 privilege escalation [CVE-2019-10966]

A vulnerability was found in GE Aestiva 7100, Aestiva 7900, Aespire 7100 and Aespire 7900 (unknown version) and classified as critical. This issue affects an unknown function. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

CERTFR-2019-AVI-325 : Multiples vulnérabilités dans les produits Juniper (11 juillet 2019)

De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la...
Auteur: Cert FR

Hsycms 1.1 /news/*.html sql injection

A vulnerability has been found in Hsycms 1.1 and classified as critical. This vulnerability affects some unknown processing of the file /news/*.html. The manipulation with an unknown input leads to a sql injection vulnerability. The CWE...
Auteur: VulDB

eQ-3 Homematic CCU2/Homematic CCU3 ReGa ise GmbH HTTP-Server Code Execution memory corruption

A vulnerability, which was classified as critical, was found in eQ-3 Homematic CCU2 and Homematic CCU3 (the affected version unknown). This affects an unknown code block of the component ReGa ise GmbH HTTP-Server. The manipulation with an...
Auteur: VulDB

eQ-3 Homematic CCU2/Homematic CCU3 Authorization Session information disclosure

A vulnerability, which was classified as problematic, has been found in eQ-3 Homematic CCU2 and Homematic CCU3 (affected version not known). Affected by this issue is an unknown code of the component Authorization. The manipulation with an...
Auteur: VulDB

eQ-3 Homematic CCU2/Homematic CCU3 Session ID weak authentication

A vulnerability classified as critical was found in eQ-3 Homematic CCU2 and Homematic CCU3 (affected version unknown). Affected by this vulnerability is an unknown part of the component Session ID Handler. The manipulation with an unknown input...
Auteur: VulDB

eQ-3 Homematic CCU2/Homematic CCU3 Authorization privilege escalation

A vulnerability classified as critical has been found in eQ-3 Homematic CCU2 and Homematic CCU3 (version unknown). Affected is some unknown functionality of the component Authorization. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

SAP Diagnostic Agent 7.2 OS Command Plugin Code Injection privilege escalation

A vulnerability was found in SAP Diagnostic Agent 7.2. It has been rated as critical. This issue affects an unknown functionality of the component OS Command Plugin. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB
First234567891011Last

Événements SSI

BLACK HAT

Événement majeur mondial sur la sécurité de l'information la conférence Black Hat USA a lieu du 3 au 8 août 2019 à Las Vegas (Mandalay Bay). Organisé par UBM.


Présentation par l'organisateur

Now in its 22nd year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2019 opens with four days of technical Trainings (August 3-6) followed by the two-day main conference (August 7-8) featuring Briefings, Arsenal, Business Hall, and more.

 Plus d'infos sur le site dédié à l'événement.

LES ASSISES

Grand rendez-vous annuel des RSSI, les Assises de la sécurité des systèmes d'information se tiennent à Monaco (Grimaldi Forum) du 9 au 12 octobre 2019. Organisées par DG Consultants.

Présentation par l'organisateur



Retour sur Les Assises 2018

La 18ème édition des Assises de la Sécurité à Monaco, c’est terminé ! Encore merci aux 2800 participants dont les 160 partenaires qui pendant trois jours se sont retrouvés pour faire vivre cet événement unique en France. Conférences, one-to-one, tables-rondes, ateliers, moments de networking… Par leur contenu, par la qualité des visiteurs et par la richesse des échanges, les Assises se positionnent plus que jamais comme le rendez-vous incontournable de tous les professionnels de la cybersécurité. A l’image du marché qui ne cesse d’évoluer, les Assises savent adapter leur offre afin de répondre au mieux aux attentes du secteur. Ainsi cette édition a-t-elle voulu mettre en avant les grands enjeux du moment en multipliant les prises de parole, les démonstrations et les retours d’expérience.

Rendez-vous maintenant pour la prochaine édition qui aura lieu du 9 au 12 octobre 2019

Plus d'informations sur le site dédié à l'événement.

RSS