mardi 25 juin 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

ABB IDAL FTP Server Long String memory corruption

A vulnerability was found in ABB IDAL (affected version not known). It has been rated as critical. Affected by this issue is an unknown code block of the component FTP Server. The manipulation as part of a Long String leads to a memory...
Auteur: VulDB

Mongoose up to 6.14 mg_mqtt.c parse_mqtt() memory corruption

A vulnerability was found in Mongoose up to 6.14. It has been declared as critical. Affected by this vulnerability is the function parse_mqtt() of the file mg_mqtt.c. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

miniOrange SAML SP Single Sign On plugin up to 4.8.72 on WordPress SAML Login Endpoint SAMLresponse cross site scripting

A vulnerability was found in miniOrange SAML SP Single Sign On plugin up to 4.8.72 on WordPress (WordPress Plugin). It has been classified as problematic. Affected is an unknown part of the component SAML Login Endpoint. The manipulation as part...
Auteur: VulDB

Polycom VVX up to 5.9.2 BToE Application weak authentication

A vulnerability was found in Polycom VVX up to 5.9.2 and classified as critical. This issue affects some unknown functionality of the component BToE Application. The manipulation with an unknown input leads to a weak authentication...
Auteur: VulDB

MakerBot Replicator 5G Printer Apache HTTP Server information disclosure

A vulnerability has been found in MakerBot Replicator 5G Printer (Printing Software) (the affected version is unknown) and classified as problematic. This vulnerability affects an unknown functionality of the component Apache HTTP Server. The...
Auteur: VulDB

Quadbase EspressReport ES 7.0 Update 7 cross site request forgery

A vulnerability, which was classified as problematic, was found in Quadbase EspressReport ES 7.0 Update 7 (Reporting Software). This affects an unknown function. The manipulation with an unknown input leads to a cross site request forgery...
Auteur: VulDB

Quadbase EspressReport ES 7.0 Update 7 New User Username Stored cross site request forgery

A vulnerability, which was classified as problematic, has been found in Quadbase EspressReport ES 7.0 Update 7 (Reporting Software). Affected by this issue is some unknown processing of the component New User Handler. The manipulation as part of...
Auteur: VulDB

HotelDruid up to 2.3.0 visualizza_contratto.php n_file denial of service

A vulnerability classified as problematic was found in HotelDruid up to 2.3.0 (Hospitality Software). Affected by this vulnerability is an unknown code block of the file visualizza_contratto.php. The manipulation of the argument n_file as part...
Auteur: VulDB

ABB IDAL HTTP Server Host Header memory corruption

A vulnerability classified as critical has been found in ABB IDAL (version unknown). Affected is an unknown code of the component HTTP Server. The manipulation as part of a Host Header leads to a memory corruption vulnerability. CWE is...
Auteur: VulDB

ABB IDAL FTP server Username Stack-based Format String

A vulnerability was found in ABB IDAL (unknown version). It has been rated as critical. This issue affects an unknown part of the component FTP server. The manipulation with the input value 08x.AAAA.%08x.%08x leads to a format string...
Auteur: VulDB

ABB CP635 HMI Firmware Update Binary File weak encryption

A vulnerability was found in ABB CP635 HMI (SCADA Software) (the affected version is unknown). It has been declared as critical. This vulnerability affects some unknown functionality of the component Firmware Update Handler. The manipulation as...
Auteur: VulDB

LiveZilla Server up to 8.0.1.0 knowledgebase.php depth denial of service

A vulnerability was found in LiveZilla Server up to 8.0.1.0. It has been classified as critical. This affects an unknown functionality of the file knowledgebase.php. The manipulation of the argument depth as part of a Parameter leads to a denial...
Auteur: VulDB

LiveZilla up to 8.0.1.0 server.php p_ext_rse sql injection

A vulnerability was found in LiveZilla up to 8.0.1.0 and classified as critical. Affected by this issue is an unknown function of the file server.php. The manipulation of the argument p_ext_rse as part of a Parameter leads to a sql injection...
Auteur: VulDB

Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure

A vulnerability has been found in Analogic Poste.io 2.1.6 on Apache and classified as problematic. Affected by this vulnerability is some unknown processing of the file logs/ of the component RoundCube. The manipulation with an unknown input...
Auteur: VulDB

BCN Quark Quarking Password Manager 3.1.84 Clickjacking privilege escalation

A vulnerability, which was classified as critical, was found in BCN Quark Quarking Password Manager 3.1.84. Affected is an unknown code block. The manipulation with an unknown input leads to a privilege escalation vulnerability (Clickjacking)....
Auteur: VulDB

Phoenix Contact PC Worx/PC Worx Express/Config+ up to 1.86 Project File Use-After-Free memory corruption

A vulnerability, which was classified as critical, has been found in Phoenix Contact PC Worx, PC Worx Express and Config+ up to 1.86. This issue affects an unknown code of the component Project File Handler. The manipulation with an unknown...
Auteur: VulDB

Phoenix Contact PC Worx/PC Worx Express/Config+ up to 1.86 Project File Uninitialized Pointer memory corruption

A vulnerability classified as critical was found in Phoenix Contact PC Worx, PC Worx Express and Config+ up to 1.86. This vulnerability affects an unknown part of the component Project File Handler. The manipulation with an unknown input leads...
Auteur: VulDB

Phoenix Contact PC Worx/PC Worx Express/Config+ up to 1.86 Project File Out-of-Bounds memory corruption

A vulnerability classified as critical has been found in Phoenix Contact PC Worx, PC Worx Express and Config+ up to 1.86. This affects some unknown functionality of the component Project File Handler. The manipulation with an unknown input leads...
Auteur: VulDB

FasterXML jackson-databind up to 2.9.8 logback-core privilege escalation

A vulnerability was found in FasterXML jackson-databind up to 2.9.8. It has been rated as critical. Affected by this issue is the function logback-core. The manipulation with an unknown input leads to a privilege escalation vulnerability...
Auteur: VulDB

Hosting Controller HC10 10.14 HC.Server Service Pointer denial of service

A vulnerability was found in Hosting Controller HC10 10.14 (Hosting Control Software). It has been declared as problematic. Affected by this vulnerability is an unknown function of the component HC.Server Service. The manipulation with an...
Auteur: VulDB

Citrix AppDNA prior 7.1906.1.0.472 Access Control privilege escalation

A vulnerability was found in Citrix AppDNA (Connectivity Software). It has been classified as critical. Affected is some unknown processing of the component Access Control. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

Micro Focus NetIQ up to 4.3 Self Service Password Reset information disclosure

A vulnerability was found in Micro Focus NetIQ up to 4.3 and classified as problematic. This issue affects an unknown code block of the component Self Service Password Reset. The manipulation with an unknown input leads to a information...
Auteur: VulDB

Micro Focus NetIQ up to 4.3 Self Service Password Reset cross site scripting

A vulnerability has been found in Micro Focus NetIQ up to 4.3 and classified as problematic. This vulnerability affects an unknown code of the component Self Service Password Reset. The manipulation with an unknown input leads to a cross site...
Auteur: VulDB

Ultimate Member Plugin 2.39 on WordPress Picture user_id privilege escalation

A vulnerability, which was classified as problematic, was found in Ultimate Member Plugin 2.39 on WordPress (WordPress Plugin). This affects an unknown part of the component Picture Handler. The manipulation of the argument user_id as part of a...
Auteur: VulDB

expat up to 2.2.6 libexpat XML Name Resource Exhaustion denial of service

A vulnerability, which was classified as problematic, has been found in expat up to 2.2.6. Affected by this issue is some unknown functionality of the component libexpat. The manipulation as part of a XML Name leads to a denial of service...
Auteur: VulDB
12345678910Last

Événements SSI

BLACK HAT

Événement majeur mondial sur la sécurité de l'information la conférence Black Hat USA a lieu du 3 au 8 août 2019 à Las Vegas (Mandalay Bay). Organisé par UBM.


Présentation par l'organisateur

Now in its 22nd year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2019 opens with four days of technical Trainings (August 3-6) followed by the two-day main conference (August 7-8) featuring Briefings, Arsenal, Business Hall, and more.

 Plus d'infos sur le site dédié à l'événement.

LES ASSISES

Grand rendez-vous annuel des RSSI, les Assises de la sécurité des systèmes d'information se tiennent à Monaco (Grimaldi Forum) du 9 au 12 octobre 2019. Organisées par DG Consultants.

Présentation par l'organisateur



Retour sur Les Assises 2018

La 18ème édition des Assises de la Sécurité à Monaco, c’est terminé ! Encore merci aux 2800 participants dont les 160 partenaires qui pendant trois jours se sont retrouvés pour faire vivre cet événement unique en France. Conférences, one-to-one, tables-rondes, ateliers, moments de networking… Par leur contenu, par la qualité des visiteurs et par la richesse des échanges, les Assises se positionnent plus que jamais comme le rendez-vous incontournable de tous les professionnels de la cybersécurité. A l’image du marché qui ne cesse d’évoluer, les Assises savent adapter leur offre afin de répondre au mieux aux attentes du secteur. Ainsi cette édition a-t-elle voulu mettre en avant les grands enjeux du moment en multipliant les prises de parole, les démonstrations et les retours d’expérience.

Rendez-vous maintenant pour la prochaine édition qui aura lieu du 9 au 12 octobre 2019

Plus d'informations sur le site dédié à l'événement.

RSS