dimanche 22 septembre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Code42 Enterprise up to 6.7.5/6.8.8/7.0.0 File Upload Remote Code Execution

A vulnerability was found in Code42 Enterprise up to 6.7.5/6.8.8/7.0.0. It has been declared as critical. Affected by this vulnerability is an unknown code of the component File Upload. There is no information about possible countermeasures...
Auteur: VulDB

HRworks 1.16.1 Login URL Reflected cross site scripting

A vulnerability was found in HRworks 1.16.1. It has been classified as problematic. Affected is an unknown part of the component Login. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

ScoreMe Theme up to 2016-04-01 on WordPress cross site scripting

A vulnerability was found in ScoreMe Theme up to 2016-04-01 on WordPress and classified as problematic. This issue affects some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

music-store Plugin up to 1.0.42 on WordPress admin.php from_year cross site scripting

A vulnerability has been found in music-store Plugin up to 1.0.42 on WordPress and classified as problematic. This vulnerability affects an unknown functionality of the file wp-admin/admin.php?page=music-store-menu-reports. Upgrading to version...
Auteur: VulDB

imdb-widget Plugin up to 1.0.8 on WordPress Local File Inclusion privilege escalation

A vulnerability, which was classified as critical, was found in imdb-widget Plugin up to 1.0.8 on WordPress. This affects an unknown function. Upgrading to version 1.0.9 eliminates this vulnerability.
Auteur: VulDB

wp-cerber Plugin up to 2.6 on WordPress HTTP Header X-Forwarded-For cross site scripting

A vulnerability, which was classified as problematic, has been found in wp-cerber Plugin up to 2.6 on WordPress. Affected by this issue is some unknown processing of the component HTTP Header Handler. Upgrading to version 2.7 eliminates this...
Auteur: VulDB

leenkme Plugin up to 2.5.x on WordPress admin.php cross site request forgery

A vulnerability classified as problematic was found in leenkme Plugin up to 2.5.x on WordPress. Affected by this vulnerability is an unknown code block of the file wp-admin/admin.php?page=leenkme_facebook. Upgrading to version 2.6.0 eliminates...
Auteur: VulDB

leenkme Plugin up to 2.5.x on WordPress Stored cross site scripting

A vulnerability classified as problematic has been found in leenkme Plugin up to 2.5.x on WordPress. Affected is an unknown code. Upgrading to version 2.6.0 eliminates this vulnerability.
Auteur: VulDB

persian-woocommerce-sms Plugin up to 3.3.3 on WordPress ps_sms_numbers cross site scripting

A vulnerability was found in persian-woocommerce-sms Plugin up to 3.3.3 on WordPress. It has been rated as problematic. This issue affects an unknown part. Upgrading to version 3.3.4 eliminates this vulnerability.
Auteur: VulDB

tweet-wheel Plugin up to 1.0.3.2 on WordPress cross site scripting

A vulnerability was found in tweet-wheel Plugin up to 1.0.3.2 on WordPress. It has been declared as problematic. This vulnerability affects some unknown functionality. Upgrading to version 1.0.3.3 eliminates this vulnerability.
Auteur: VulDB

echosign Plugin up to 1.1 on WordPress add_templates.php id cross site scripting

A vulnerability was found in echosign Plugin up to 1.1 on WordPress. It has been classified as problematic. This affects an unknown functionality of the file templates/add_templates.php. Upgrading to version 1.2 eliminates this vulnerability.
Auteur: VulDB

echosign Plugin up to 1.1 on WordPress inc.php page cross site scripting

A vulnerability was found in echosign Plugin up to 1.1 on WordPress and classified as problematic. Affected by this issue is an unknown function of the file inc.php. Upgrading to version 1.2 eliminates this vulnerability.
Auteur: VulDB

ghost Plugin up to 0.5.5 on WordPress Access Control tools.php privilege escalation

A vulnerability has been found in ghost Plugin up to 0.5.5 on WordPress and classified as critical. Affected by this vulnerability is some unknown processing of the file wp-admin/tools.php?ghostexport=true of the component Access Control....
Auteur: VulDB

kento-post-view-counter Plugin up to 2.8 on WordPress admin.php cross site request forgery

A vulnerability, which was classified as critical, was found in kento-post-view-counter Plugin up to 2.8 on WordPress. Affected is an unknown code block of the file wp-admin/admin.php?page=kentopvc_settings. There is no information about possible...
Auteur: VulDB

kento-post-view-counter Plugin up to 2.8 on WordPress Stored cross site scripting

A vulnerability, which was classified as problematic, has been found in kento-post-view-counter Plugin up to 2.8 on WordPress. This issue affects an unknown code. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

kento-post-view-counter Plugin up to 2.8 on WordPress kento_pvc_geo cross site scripting

A vulnerability classified as problematic was found in kento-post-view-counter Plugin up to 2.8 on WordPress. This vulnerability affects an unknown part. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

fossura-tag-miner Plugin up to 1.1.4 on WordPress cross site scripting

A vulnerability classified as problematic has been found in fossura-tag-miner Plugin up to 1.1.4 on WordPress. This affects some unknown functionality. Upgrading to version 1.1.5 eliminates this vulnerability.
Auteur: VulDB

fossura-tag-miner Plugin up to 1.1.4 on WordPress cross site request forgery

A vulnerability was found in fossura-tag-miner Plugin up to 1.1.4 on WordPress. It has been rated as critical. Affected by this issue is an unknown functionality. Upgrading to version 1.1.5 eliminates this vulnerability.
Auteur: VulDB

nelio-ab-testing Plugin bis on WordPress filename directory traversal

A vulnerability was found in nelio-ab-testing Plugin bis on WordPress. It has been declared as critical. Affected by this vulnerability is an unknown function. Upgrading to version 4.5.0 eliminates this vulnerability.
Auteur: VulDB

safe-editor Plugin up to 1.1 on WordPress se_save cross site scripting

A vulnerability was found in safe-editor Plugin up to 1.1 on WordPress. It has been classified as problematic. Affected is some unknown processing. Upgrading to version 1.2 eliminates this vulnerability.
Auteur: VulDB

fluid-responsive-slideshow Plugin up to 2.2.6 on WordPress skin Reflected cross site scripting

A vulnerability was found in fluid-responsive-slideshow Plugin up to 2.2.6 on WordPress and classified as problematic. This issue affects an unknown code block. Upgrading to version 2.2.7 eliminates this vulnerability.
Auteur: VulDB

fluid-responsive-slideshow Plugin up to 2.2.6 on WordPress frs_save cross site scripting

A vulnerability has been found in fluid-responsive-slideshow Plugin up to 2.2.6 on WordPress and classified as problematic. This vulnerability affects the function frs_save. Upgrading to version 2.2.7 eliminates this vulnerability.
Auteur: VulDB

VMware Releases Security Updates for Multiple Products

Original release date: September 17, 2019VMware has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The...
Auteur: US Cert

2019 CWE Top 25 Most Dangerous Software Errors

Original release date: September 17, 2019MITRE has released the 2019 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Errors list. The Top 25 is a compilation of the most frequent and critical errors that can lead to serious...
Auteur: US Cert

CERTFR-2019-AVI-447 : Vulnérabilité dans les produit Cisco (17 septembre 2019)

Une vulnérabilité a été découverte dans les produit Cisco. Elle permet à un attaquant de provoquer un déni de service à distance.

Auteur: Cert FR
First45678910111213Last

Événements SSI

LES ASSISES

Grand rendez-vous annuel des RSSI, les Assises de la sécurité des systèmes d'information se tiennent à Monaco (Grimaldi Forum) du 9 au 12 octobre 2019. Organisées par DG Consultants.

BLOCKCHAIN

Conférence et exposition sur les applications d'entreprise de la blockchain à Paris, cité universitaire internationale, les 13 et 14 novembre 2019. Organisés par Corp Agency.

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS