mardi 11 décembre 2018    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Pippo 1.11.0 jaxb/JaxbEngine.java XML External Entity

A vulnerability, which was classified as critical, was found in Pippo 1.11.0. Affected is an unknown function of the file jaxb/JaxbEngine.java. The manipulation with an unknown input leads to a privilege escalation vulnerability (XXE). CWE is...
Auteur: VulDB

Evernote up to 7.5 on MacOS Attachment Preview directory traversal

A vulnerability, which was classified as problematic, has been found in Evernote up to 7.5 on MacOS. This issue affects an unknown function of the component Attachment Preview. The manipulation with an unknown input leads to a directory...
Auteur: VulDB

D-Link DIR-605L/DIR-619L /bin/boa sysCmd privilege escalation

A vulnerability classified as critical was found in D-Link DIR-605L and DIR-619L (the affected version is unknown). This vulnerability affects an unknown function of the file /bin/boa. The manipulation of the argument sysCmd as part of a POST...
Auteur: VulDB

D-Link DIR-605L/DIR-619L /bin/boa currTime memory corruption

A vulnerability classified as critical has been found in D-Link DIR-605L and DIR-619L (the affected version unknown). This affects an unknown function of the file /bin/boa. The manipulation of the argument currTime as part of a Parameter leads...
Auteur: VulDB

VeryNginx 0.3.3 Web Application Firewall privilege escalation

A vulnerability has been found in VeryNginx 0.3.3 and classified as critical. Affected by this vulnerability is an unknown function of the component Web Application Firewall. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

GNU binutils 2.31 libbfd syms.c _bfd_generic_read_minisymbols denial of service

A vulnerability was found in GNU binutils 2.31. It has been declared as problematic. This vulnerability affects the function _bfd_generic_read_minisymbols of the file syms.c of the component libbfd. The manipulation with an unknown input leads...
Auteur: VulDB

libav 12.3 libavcodec/apedec.c range_decode_culshift denial of service

A vulnerability was found in libav 12.3. It has been classified as problematic. This affects the function range_decode_culshift of the file libavcodec/apedec.c. The manipulation with an unknown input leads to a denial of service vulnerability....
Auteur: VulDB

Apereo Bedework bw-webdav up to 4.0.2 XML Data MethodBase.java XML External Entity

A vulnerability was found in Apereo Bedework bw-webdav up to 4.0.2 and classified as critical. Affected by this issue is an unknown function of the file webdav/servlet/common/MethodBase.java of the component XML Data Handler. The manipulation ...
Auteur: VulDB

S-Cms 3.0 S_id sql injection

A vulnerability was found in S-Cms 3.0. It has been rated as critical. Affected by this issue is an unknown function of the file /1/?type=productinfo&S_id=140. The manipulation of the argument S_id as part of a Parameter leads to a sql injection...
Auteur: VulDB

SEMCMS 3.5 SEMCMS_Main.php cross site scripting

A vulnerability was found in SEMCMS 3.5. It has been declared as problematic. Affected by this vulnerability is an unknown function of the file SEMCMS_Main.php. The manipulation with an unknown input leads to a cross site scripting...
Auteur: VulDB

YzmCMS 5.2 admin/role/add.html cross site request forgery

A vulnerability was found in YzmCMS 5.2. It has been classified as problematic. Affected is an unknown function of the file admin/role/add.html. The manipulation with an unknown input leads to a cross site request forgery vulnerability. CWE is...
Auteur: VulDB

PHPCMF 4.1.3 index.php cross site scripting

A vulnerability was found in PHPCMF 4.1.3 and classified as problematic. This issue affects an unknown function of the file index.php?s=member&c=register&m=index. The manipulation with an unknown input leads to a cross site scripting...
Auteur: VulDB

DomainMod 4.11.01 assets/add/category.php Category Name/Stakeholder cross site scripting

A vulnerability has been found in DomainMod 4.11.01 and classified as problematic. This vulnerability affects an unknown function of the file assets/add/category.php. The manipulation of the argument Category Name/Stakeholder with an unknown...
Auteur: VulDB

DomainMod 4.11.01 ssl-provider-account.php username cross site scripting

A vulnerability, which was classified as problematic, was found in DomainMod 4.11.01. This affects an unknown function of the file assets/add/ssl-provider-account.php. The manipulation of the argument username with an unknown input leads to a...
Auteur: VulDB

DomainMod 4.11.01 ssl-provider.php cross site scripting

A vulnerability, which was classified as problematic, has been found in DomainMod 4.11.01. Affected by this issue is an unknown function of the file assets/add/ssl-provider.php. The manipulation with an unknown input leads to a cross site...
Auteur: VulDB

PHPOK 5.0.055 api.php title cross site scripting

A vulnerability classified as problematic was found in PHPOK 5.0.055. Affected by this vulnerability is an unknown function of the file api.php?c=post&f=save. The manipulation of the argument title with an unknown input leads to a cross site...
Auteur: VulDB

Mini-XML 2.12 mxml-search.c mxmlWalkNext memory corruption

A vulnerability classified as critical has been found in Mini-XML 2.12. Affected is the function mxmlWalkNext of the file mxml-search.c. The manipulation with an unknown input leads to a memory corruption vulnerability (Use-After-Free). CWE is...
Auteur: VulDB

Mini-XML 2.12 mxml-file.c mxml_write_node memory corruption

A vulnerability was found in Mini-XML 2.12. It has been rated as critical. This issue affects the function mxml_write_node of the file mxml-file.c. The manipulation with an unknown input leads to a memory corruption vulnerability (Stack-based)....
Auteur: VulDB

Signal Messenger 4.24.8 on Android Disappearing Messages Cache information disclosure

A vulnerability was found in Signal Messenger 4.24.8 on Android. It has been rated as problematic. Affected by this issue is an unknown function of the component Disappearing Messages Handler. The manipulation with an unknown input leads to a...
Auteur: VulDB

IBM WebSphere Application Server 9 API httpServletRequest#authenticate() URI information disclosure

A vulnerability has been found in IBM WebSphere Application Server 9 and classified as problematic. This vulnerability affects the function httpServletRequest#authenticate() of the component API. The manipulation as part of a URI leads to a...
Auteur: VulDB

Nucleus CMS 3.70 index.php body cross site scripting

A vulnerability, which was classified as problematic, has been found in Nucleus CMS 3.70. Affected by this issue is an unknown function of the file index.php. The manipulation of the argument body as part of a Parameter leads to a cross site...
Auteur: VulDB

BlackCat CMS 1.3.2 willkommen.php cross site scripting

A vulnerability classified as problematic was found in BlackCat CMS 1.3.2. Affected by this vulnerability is an unknown function of the file willkommen.php?lang=DE. The manipulation with an unknown input leads to a cross site scripting...
Auteur: VulDB

AccuSoft PrizmDoc HTML5 Document Viewer up to 13.4 XML Data XML External Entity

A vulnerability classified as critical has been found in AccuSoft PrizmDoc HTML5 Document Viewer up to 13.4. Affected is an unknown function of the component XML Data Handler. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

Cloud Foundry Bits Service up to 2.17.x Signing Key Timing information disclosure

A vulnerability was found in Cloud Foundry Bits Service up to 2.17.x. It has been rated as problematic. This issue affects an unknown function of the component Signing Key. The manipulation with an unknown input leads to a information disclosure...
Auteur: VulDB

Groovy Plugin up to 2.59 Sandbox SandboxTransformer.java privilege escalation

A vulnerability was found in Groovy Plugin up to 2.59. It has been classified as critical. This affects an unknown function in the library groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java of the file...
Auteur: VulDB
12345678910Last

Événements SSI

FIC

Le 11ème Forum International de la Cybersécurité occupe les 22 et 23 janvier 2019 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RENCONTRES AMRAE

Les 27èmes Rencontres de l'AMRAE (Association française des professionnels de la gestion des risques et des assurances) , le congrès annuel de référence des métiers du risque et des assurances, ont lieu du 6 au 8 février 2019 à Deauville (Centre International) sur le thème : "Le risque au coeur de la transformation". Organisées par l'AMRAE.

ACCESSECURITY

AccesSecurity, salon euro-méditerranéen de la sécurité globale, se tient à Marseille (Chanot) les 6 et 7 mars 2019. Organisé par Safim.

IT & IT SECURITY MEETINGS

IT & IT Security Meetings, «salon des réseaux, du cloud, de la mobilité et de la sécurité informatique», se tient à Cannes, Palais des Festivals et des Congrès du 19 au 21 mars 2019. Organisé par Weyou Group.

RSS