vendredi 20 septembre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

supportflow Plugin up to 0.6 on WordPress Discussion Ticket Title cross site scripting

A vulnerability classified as problematic was found in supportflow Plugin up to 0.6 on WordPress (WordPress Plugin). Affected by this vulnerability is an unknown part of the component Discussion Ticket Title Handler. Upgrading to version 0.7...
Auteur: VulDB

peepso-core Plugin up to 1.6.0 on WordPress PeepSoProfilePreferencesAjax->save() privilege escalation

A vulnerability classified as critical has been found in peepso-core Plugin up to 1.6.0 on WordPress. Affected is the function PeepSoProfilePreferencesAjax->save(). Upgrading to version 1.6.1 eliminates this vulnerability.
Auteur: VulDB

real3d-flipbook-lite Plugin 1.0 on WordPress flipbooks.php bookId cross site scripting

A vulnerability was found in real3d-flipbook-lite Plugin 1.0 on WordPress. It has been rated as problematic. This issue affects an unknown functionality of the file wp-content/plugins/real3d-flipbook/includes/flipbooks.php. There is no...
Auteur: VulDB

real3d-flipbook-lite Plugin 1.0 on WordPress File Upload bookName directory traversal

A vulnerability was found in real3d-flipbook-lite Plugin 1.0 on WordPress. It has been declared as critical. This vulnerability affects an unknown function of the component File Upload. There is no information about possible countermeasures...
Auteur: VulDB

real3d-flipbook-lite Plugin 1.0 on WordPress deleteBook directory traversal

A vulnerability was found in real3d-flipbook-lite Plugin 1.0 on WordPress (WordPress Plugin). It has been classified as problematic. This affects some unknown processing. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

dwnldr Plugin up to 1.00 on WordPress User-Agent cross site scripting

A vulnerability was found in dwnldr Plugin up to 1.00 on WordPress and classified as problematic. Affected by this issue is an unknown code block. Upgrading to version 1.01 eliminates this vulnerability.
Auteur: VulDB

icegram Plugin up to 1.9.18 on WordPress cross site scripting

A vulnerability has been found in icegram Plugin up to 1.9.18 on WordPress and classified as problematic. Affected by this vulnerability is an unknown code. Upgrading to version 1.9.19 eliminates this vulnerability.
Auteur: VulDB

icegram Plugin up to 1.9.18 on WordPress wp-admin/edit.php option_name cross site request forgery

A vulnerability, which was classified as problematic, was found in icegram Plugin up to 1.9.18 on WordPress (WordPress Plugin). Affected is an unknown part of the file wp-admin/edit.php. Upgrading to version 1.9.19 eliminates this vulnerability.
Auteur: VulDB

colorway Theme up to 3.4.1 on WordPress contactName cross site scripting

A vulnerability, which was classified as problematic, has been found in colorway Theme up to 3.4.1 on WordPress. This issue affects some unknown functionality. Upgrading to version 3.4.2 eliminates this vulnerability.
Auteur: VulDB

wsecure Plugin up to 2.3 on WordPress wsecure-config.php publish Remote Code Execution

A vulnerability classified as critical was found in wsecure Plugin up to 2.3 on WordPress. This vulnerability affects an unknown functionality of the file wsecure-config.php. Upgrading to version 2.4 eliminates this vulnerability.
Auteur: VulDB

estatik Plugin up to 2.3.0 on WordPress File Upload wp-admin/admin-ajax.php es_media_images[] privilege escalation

A vulnerability classified as critical has been found in estatik Plugin up to 2.3.0 on WordPress. This affects an unknown function of the file wp-admin/admin-ajax.php of the component File Upload. Upgrading to version 2.3.1 eliminates this...
Auteur: VulDB

estatik Plugin up to 2.2.x on WordPress File Upload wp-admin/admin-ajax.php es_media_images[] privilege escalation

A vulnerability was found in estatik Plugin up to 2.2.x on WordPress (WordPress Plugin). It has been rated as critical. Affected by this issue is some unknown processing of the file wp-admin/admin-ajax.php of the component File Upload. Upgrading...
Auteur: VulDB

Akal Theme up to 2016-08-22 on WordPress preview.php sc cross site scripting

A vulnerability was found in Akal Theme up to 2016-08-22 on WordPress (WordPress Plugin). It has been declared as problematic. Affected by this vulnerability is an unknown code block of the file framework/brad-shortcodes/tinymce/preview.php....
Auteur: VulDB

L’enregistrement vidéo ou la capture d’écran couplé à l’enregistrement des conversations téléphoniques au travail

Dans un objectif de formation du personnel ou d’évaluation, des employeurs souhaitent enregistrer l’historique des « actions informatiques » de leurs employés lors de conversations téléphoniques avec des clients, des prestataires ou autre...
Auteur: Cnil

mail-masta Plugin 1.0 on WordPress count_of_send.php privilege escalation

A vulnerability was found in mail-masta Plugin 1.0 on WordPress (WordPress Plugin). It has been classified as critical. Affected is an unknown code of the file count_of_send.php. There is no information about possible countermeasures known. It...
Auteur: VulDB

FasterXML jackson-databind up to 2.9.9 unknown vulnerability

A vulnerability was found in FasterXML jackson-databind up to 2.9.9 and classified as problematic. Upgrading to version 2.9.10 eliminates this vulnerability.
Auteur: VulDB

Bludit 3.9.2 Categories Name Persistent cross site scripting

A vulnerability has been found in Bludit 3.9.2 and classified as problematic. This vulnerability affects some unknown functionality of the component Categories Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

GetSimple CMS 3.3.15 admin/theme-edit.php cross site scripting

A vulnerability, which was classified as problematic, was found in GetSimple CMS 3.3.15 (Content Management System). This affects an unknown functionality of the file admin/theme-edit.php. There is no information about possible countermeasures...
Auteur: VulDB

api-bearer-auth Plugin on WordPress swagger-config.yaml.php server cross site scripting

A vulnerability, which was classified as problematic, has been found in api-bearer-auth Plugin on WordPress (WordPress Plugin) (affected version not known). Affected by this issue is an unknown function of the file swagger-config.yaml.php....
Auteur: VulDB

FasterXML jackson-databind up to 2.9.9 unknown vulnerability

A vulnerability classified as problematic was found in FasterXML jackson-databind up to 2.9.9. Upgrading to version 2.9.10 eliminates this vulnerability.
Auteur: VulDB

CERTFR-2019-AVI-445 : Multiples vulnérabilités dans Moodle (16 septembre 2019)

De multiples vulnérabilités ont été découvertes dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un contournement de la politique de sécurité et une atteinte à la...
Auteur: Cert FR

Les journées Educnum à Poitiers du 20 au 22 septembre 2019 : venez résoudre en famille et en classe les énigmes du numérique !

Le collectif Educnum avec la CNIL, le Groupe VYV et l’An@é organisent, en partenariat avec la ville de Poitiers du 20 au 22 septembre prochain, les 1ères Journées Educnum afin d’engager le dialogue sur les enjeux liés au numérique. Les familles...
Auteur: Cnil

ScadaBR up to 1.0CE/1.1.0-RC dwr/test/ PATH_INFO cross site scripting

A vulnerability classified as problematic has been found in ScadaBR up to 1.0CE/1.1.0-RC (SCADA Software). Affected is an unknown code block of the file dwr/test/. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Cobham Sea Tel up to v194 225444 SNMP Service Default Credentials information disclosure

A vulnerability was found in Cobham Sea Tel up to v194 225444. It has been rated as problematic. This issue affects an unknown code of the component SNMP Service. Addressing this vulnerability is possible by firewalling udp/161 (snmp).
Auteur: VulDB

Wireshark up to 3.0.3 Gryphon Dissector packet-gryphon.c denial of service

A vulnerability was found in Wireshark up to 3.0.3 (Packet Analyzer Software). It has been declared as problematic. This vulnerability affects an unknown part of the file plugins/epan/gryphon/packet-gryphon.c of the component Gryphon Dissector....
Auteur: VulDB
First45678910111213Last

Événements SSI

LES ASSISES

Grand rendez-vous annuel des RSSI, les Assises de la sécurité des systèmes d'information se tiennent à Monaco (Grimaldi Forum) du 9 au 12 octobre 2019. Organisées par DG Consultants.

BLOCKCHAIN

Conférence et exposition sur les applications d'entreprise de la blockchain à Paris, cité universitaire internationale, les 13 et 14 novembre 2019. Organisés par Corp Agency.

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS