mardi 16 juillet 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

GitLab Community Edition/Enterprise Edition up to 11.3.10/11.4.7/11.5.0 Webhooks Server-Side Request Forgery

A vulnerability classified as critical was found in GitLab Community Edition and Enterprise Edition up to 11.3.10/11.4.7/11.5.0 (Bug Tracking Software). This vulnerability affects an unknown code of the component Webhooks. The manipulation with...
Auteur: VulDB

GitLab Community Edition/Enterprise Edition up to 11.3.10/11.4.7/11.5.0 Markdown cross site scripting

A vulnerability classified as problematic has been found in GitLab Community Edition and Enterprise Edition up to 11.3.10/11.4.7/11.5.0 (Bug Tracking Software). This affects an unknown part of the component Markdown Handler. The manipulation ...
Auteur: VulDB

GitLab Community Edition/Enterprise Edition up to 11.3.10/11.4.7/11.5.0 Web UI privilege escalation

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 11.3.10/11.4.7/11.5.0 (Bug Tracking Software). It has been rated as critical. Affected by this issue is some unknown functionality of the component Web UI. The...
Auteur: VulDB

GitLab Community Edition/Enterprise Edition up to 10.x/11.3.10/11.4.7/11.5.0 Access Control privilege escalation

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 10.x/11.3.10/11.4.7/11.5.0 (Bug Tracking Software). It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component...
Auteur: VulDB

GitLab Community Edition/Enterprise Edition up to 11.3.10/11.4.7/11.5.0 Prometheus integration Server-Side Request Forgery

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 11.3.10/11.4.7/11.5.0. It has been classified as critical. Affected is an unknown function of the component Prometheus integration. The manipulation with an...
Auteur: VulDB

GitLab Community Edition/Enterprise Edition up to 11.3.10/11.4.7/11.5.0 information disclosure

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 11.3.10/11.4.7/11.5.0 and classified as problematic. This issue affects some unknown processing. The manipulation with an unknown input leads to a information...
Auteur: VulDB

GitLab Community Edition/Enterprise Edition up to 11.3.10/11.4.7/11.5.0 Environment Page Persistent cross site scripting

A vulnerability has been found in GitLab Community Edition and Enterprise Edition up to 11.3.10/11.4.7/11.5.0 and classified as critical. This vulnerability affects an unknown code block of the component Environment Page. The manipulation with...
Auteur: VulDB

Nagios XI up to 5.5.3 Admin Management Page cross site scripting

A vulnerability, which was classified as problematic, was found in Nagios XI up to 5.5.3 (Log Management Software). This affects an unknown code of the component Admin Management Page. The manipulation with an unknown input leads to a cross site...
Auteur: VulDB

DamiCMS 6.0.0 /admin.php directory traversal

A vulnerability, which was classified as critical, has been found in DamiCMS 6.0.0 (Content Management System). Affected by this issue is an unknown part of the file /admin.php?s=Tpl/Add/id/. The manipulation with an unknown input leads to a...
Auteur: VulDB

libpng 1.6.35 PNM Decoding pnm2png.c get_token memory corruption

A vulnerability classified as critical was found in libpng 1.6.35 (Image Processing Software). Affected by this vulnerability is the function get_token of the file pnm2png.c of the component PNM Decoding. The manipulation with an unknown input...
Auteur: VulDB

Vivotek FD8136 set_getparam.cgi sprintf/vlocal_buff_4326 memory corruption

A vulnerability classified as critical has been found in Vivotek FD8136 (version unknown). Affected is the function sprintf/vlocal_buff_4326 of the file set_getparam.cgi. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

Vivotek FD8136 command injection [CVE-2018-14495]

A vulnerability was found in Vivotek FD8136 (unknown version). It has been rated as critical. This issue affects an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability (Command Injection). Using...
Auteur: VulDB

Vivotek FD8136 Busybox/wget command injection [CVE-2018-14494]

A vulnerability was found in Vivotek FD8136 (the affected version is unknown). It has been declared as critical. This vulnerability affects some unknown processing of the component Busybox/wget. The manipulation with an unknown input leads to a...
Auteur: VulDB

Eventum 3.5.0 htdocs/manage/users.php cross site request forgery

A vulnerability was found in Eventum 3.5.0. It has been classified as problematic. This affects an unknown code block of the file htdocs/manage/users.php. The manipulation with an unknown input leads to a cross site request forgery...
Auteur: VulDB

Eventum 3.5.0 /htdocs/list.php cross site scripting

A vulnerability was found in Eventum 3.5.0 and classified as problematic. Affected by this issue is an unknown code of the file /htdocs/list.php. The manipulation of the argument show_notification_list_issues/show_authorized_issues with an...
Auteur: VulDB

Eventum 3.5.0 /htdocs/popup.php cat cross site scripting

A vulnerability has been found in Eventum 3.5.0 and classified as problematic. Affected by this vulnerability is an unknown part of the file /htdocs/popup.php. The manipulation of the argument cat as part of a Parameter leads to a cross site...
Auteur: VulDB

Eventum 3.5.0 /htdocs/validate.php values cross site scripting

A vulnerability, which was classified as problematic, was found in Eventum 3.5.0. Affected is some unknown functionality of the file /htdocs/validate.php. The manipulation of the argument values as part of a Parameter leads to a cross site...
Auteur: VulDB

Eventum 3.5.0 htdocs/switch.php current_page cross site scripting

A vulnerability, which was classified as problematic, has been found in Eventum 3.5.0. This issue affects an unknown functionality of the file htdocs/switch.php. The manipulation of the argument current_page as part of a Parameter leads to a...
Auteur: VulDB

Eventum 3.5.0 htdocs/ajax/update.php field_name cross site scripting

A vulnerability classified as problematic was found in Eventum 3.5.0. This vulnerability affects an unknown function of the file htdocs/ajax/update.php. The manipulation of the argument field_name as part of a Parameter leads to a cross site...
Auteur: VulDB

e107 CMS 2.1.7 Filter cross site scripting

A vulnerability classified as problematic has been found in e107 CMS 2.1.7 (Content Management System). This affects some unknown processing of the component Filter. The manipulation with an unknown input leads to a cross site scripting...
Auteur: VulDB

America's Army Proving Grounds Application Server UDP Packet Amplification denial of service

A vulnerability was found in America's Army Proving Grounds (affected version not known). It has been rated as problematic. Affected by this issue is an unknown code block of the component Application Server. The manipulation as part of a UDP...
Auteur: VulDB

PHP up to 7.x Security Policy main/streams/xp_socket.c hostname privilege escalation

A vulnerability was found in PHP up to 7.x (Programming Language Software). It has been declared as critical. Affected by this vulnerability is an unknown code of the file main/streams/xp_socket.c of the component Security Policy. The...
Auteur: VulDB

PayPal adaptivepayments-sdk-php 3.9.2 cross site scripting

A vulnerability was found in PayPal adaptivepayments-sdk-php 3.9.2 (Programming Language Software). It has been classified as problematic. Affected is an unknown part of the file paypal/adaptivepayments-sdk-php. The manipulation with an unknown...
Auteur: VulDB

libpng up to 1.6.31 Chunk unknown vulnerability [CVE-2017-12652]

A vulnerability was found in libpng up to 1.6.31 (Image Processing Software) and classified as problematic. This issue affects some unknown functionality of the component Chunk Handler. The impact remains unknown. The weakness was published ...
Auteur: VulDB

Juniper Networks Releases Multiple Security Updates

Original release date: July 10, 2019Juniper Networks has released security updates to address multiple vulnerabilities in various products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The...
Auteur: US Cert
First45678910111213Last

Événements SSI

BLACK HAT

Événement majeur mondial sur la sécurité de l'information la conférence Black Hat USA a lieu du 3 au 8 août 2019 à Las Vegas (Mandalay Bay). Organisé par UBM.


Présentation par l'organisateur

Now in its 22nd year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2019 opens with four days of technical Trainings (August 3-6) followed by the two-day main conference (August 7-8) featuring Briefings, Arsenal, Business Hall, and more.

 Plus d'infos sur le site dédié à l'événement.

LES ASSISES

Grand rendez-vous annuel des RSSI, les Assises de la sécurité des systèmes d'information se tiennent à Monaco (Grimaldi Forum) du 9 au 12 octobre 2019. Organisées par DG Consultants.

Présentation par l'organisateur



Retour sur Les Assises 2018

La 18ème édition des Assises de la Sécurité à Monaco, c’est terminé ! Encore merci aux 2800 participants dont les 160 partenaires qui pendant trois jours se sont retrouvés pour faire vivre cet événement unique en France. Conférences, one-to-one, tables-rondes, ateliers, moments de networking… Par leur contenu, par la qualité des visiteurs et par la richesse des échanges, les Assises se positionnent plus que jamais comme le rendez-vous incontournable de tous les professionnels de la cybersécurité. A l’image du marché qui ne cesse d’évoluer, les Assises savent adapter leur offre afin de répondre au mieux aux attentes du secteur. Ainsi cette édition a-t-elle voulu mettre en avant les grands enjeux du moment en multipliant les prises de parole, les démonstrations et les retours d’expérience.

Rendez-vous maintenant pour la prochaine édition qui aura lieu du 9 au 12 octobre 2019

Plus d'informations sur le site dédié à l'événement.

RSS