mardi 25 juin 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

pfSense 2.4.4-p2/2.4.4-p3 diag_command.php timePeriod cross site scripting

A vulnerability, which was classified as problematic, has been found in pfSense 2.4.4-p2/2.4.4-p3 (Firewall Software). This issue affects an unknown functionality of the file diag_command.php. The manipulation of the argument timePeriod as part...
Auteur: VulDB

CERTFR-2019-AVI-293 : Vulnérabilité dans le noyau Linux d’Ubuntu (25 juin 2019)

Une vulnérabilité a été découverte dans le noyau Linux d'Ubuntu. Elle permet à un attaquant de provoquer une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Auteur: Cert FR

Xpdf 4.01.01 fofi/FoFiType1C.cc convertToType0 memory corruption

A vulnerability classified as critical was found in Xpdf 4.01.01 (Document Reader Software). This vulnerability affects the function FoFiType1C::convertToType0 of the file fofi/FoFiType1C.cc. The manipulation with an unknown input leads to a...
Auteur: VulDB

Xpdf 4.01.01 fofi/FoFiType1C.cc convertToType1 PDF Document memory corruption

A vulnerability classified as critical has been found in Xpdf 4.01.01 (Document Reader Software). This affects the function FoFiType1C::convertToType1 of the file fofi/FoFiType1C.cc. The manipulation as part of a PDF Document leads to a memory...
Auteur: VulDB

ABB IDAL FTP Server Long String memory corruption

A vulnerability was found in ABB IDAL (affected version not known). It has been rated as critical. Affected by this issue is an unknown code block of the component FTP Server. The manipulation as part of a Long String leads to a memory...
Auteur: VulDB

Mongoose up to 6.14 mg_mqtt.c parse_mqtt() memory corruption

A vulnerability was found in Mongoose up to 6.14. It has been declared as critical. Affected by this vulnerability is the function parse_mqtt() of the file mg_mqtt.c. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

miniOrange SAML SP Single Sign On plugin up to 4.8.72 on WordPress SAML Login Endpoint SAMLresponse cross site scripting

A vulnerability was found in miniOrange SAML SP Single Sign On plugin up to 4.8.72 on WordPress (WordPress Plugin). It has been classified as problematic. Affected is an unknown part of the component SAML Login Endpoint. The manipulation as part...
Auteur: VulDB

Polycom VVX up to 5.9.2 BToE Application weak authentication

A vulnerability was found in Polycom VVX up to 5.9.2 and classified as critical. This issue affects some unknown functionality of the component BToE Application. The manipulation with an unknown input leads to a weak authentication...
Auteur: VulDB

MakerBot Replicator 5G Printer Apache HTTP Server information disclosure

A vulnerability has been found in MakerBot Replicator 5G Printer (Printing Software) (the affected version is unknown) and classified as problematic. This vulnerability affects an unknown functionality of the component Apache HTTP Server. The...
Auteur: VulDB

Quadbase EspressReport ES 7.0 Update 7 cross site request forgery

A vulnerability, which was classified as problematic, was found in Quadbase EspressReport ES 7.0 Update 7 (Reporting Software). This affects an unknown function. The manipulation with an unknown input leads to a cross site request forgery...
Auteur: VulDB

Quadbase EspressReport ES 7.0 Update 7 New User Username Stored cross site request forgery

A vulnerability, which was classified as problematic, has been found in Quadbase EspressReport ES 7.0 Update 7 (Reporting Software). Affected by this issue is some unknown processing of the component New User Handler. The manipulation as part of...
Auteur: VulDB

HotelDruid up to 2.3.0 visualizza_contratto.php n_file denial of service

A vulnerability classified as problematic was found in HotelDruid up to 2.3.0 (Hospitality Software). Affected by this vulnerability is an unknown code block of the file visualizza_contratto.php. The manipulation of the argument n_file as part...
Auteur: VulDB

ABB IDAL HTTP Server Host Header memory corruption

A vulnerability classified as critical has been found in ABB IDAL (version unknown). Affected is an unknown code of the component HTTP Server. The manipulation as part of a Host Header leads to a memory corruption vulnerability. CWE is...
Auteur: VulDB

ABB IDAL FTP server Username Stack-based Format String

A vulnerability was found in ABB IDAL (unknown version). It has been rated as critical. This issue affects an unknown part of the component FTP server. The manipulation with the input value 08x.AAAA.%08x.%08x leads to a format string...
Auteur: VulDB

ABB CP635 HMI Firmware Update Binary File weak encryption

A vulnerability was found in ABB CP635 HMI (SCADA Software) (the affected version is unknown). It has been declared as critical. This vulnerability affects some unknown functionality of the component Firmware Update Handler. The manipulation as...
Auteur: VulDB

LiveZilla Server up to 8.0.1.0 knowledgebase.php depth denial of service

A vulnerability was found in LiveZilla Server up to 8.0.1.0. It has been classified as critical. This affects an unknown functionality of the file knowledgebase.php. The manipulation of the argument depth as part of a Parameter leads to a denial...
Auteur: VulDB

LiveZilla up to 8.0.1.0 server.php p_ext_rse sql injection

A vulnerability was found in LiveZilla up to 8.0.1.0 and classified as critical. Affected by this issue is an unknown function of the file server.php. The manipulation of the argument p_ext_rse as part of a Parameter leads to a sql injection...
Auteur: VulDB

Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure

A vulnerability has been found in Analogic Poste.io 2.1.6 on Apache and classified as problematic. Affected by this vulnerability is some unknown processing of the file logs/ of the component RoundCube. The manipulation with an unknown input...
Auteur: VulDB

BCN Quark Quarking Password Manager 3.1.84 Clickjacking privilege escalation

A vulnerability, which was classified as critical, was found in BCN Quark Quarking Password Manager 3.1.84. Affected is an unknown code block. The manipulation with an unknown input leads to a privilege escalation vulnerability (Clickjacking)....
Auteur: VulDB

Phoenix Contact PC Worx/PC Worx Express/Config+ up to 1.86 Project File Use-After-Free memory corruption

A vulnerability, which was classified as critical, has been found in Phoenix Contact PC Worx, PC Worx Express and Config+ up to 1.86. This issue affects an unknown code of the component Project File Handler. The manipulation with an unknown...
Auteur: VulDB

Phoenix Contact PC Worx/PC Worx Express/Config+ up to 1.86 Project File Uninitialized Pointer memory corruption

A vulnerability classified as critical was found in Phoenix Contact PC Worx, PC Worx Express and Config+ up to 1.86. This vulnerability affects an unknown part of the component Project File Handler. The manipulation with an unknown input leads...
Auteur: VulDB

Phoenix Contact PC Worx/PC Worx Express/Config+ up to 1.86 Project File Out-of-Bounds memory corruption

A vulnerability classified as critical has been found in Phoenix Contact PC Worx, PC Worx Express and Config+ up to 1.86. This affects some unknown functionality of the component Project File Handler. The manipulation with an unknown input leads...
Auteur: VulDB

FasterXML jackson-databind up to 2.9.8 logback-core privilege escalation

A vulnerability was found in FasterXML jackson-databind up to 2.9.8. It has been rated as critical. Affected by this issue is the function logback-core. The manipulation with an unknown input leads to a privilege escalation vulnerability...
Auteur: VulDB

Hosting Controller HC10 10.14 HC.Server Service Pointer denial of service

A vulnerability was found in Hosting Controller HC10 10.14 (Hosting Control Software). It has been declared as problematic. Affected by this vulnerability is an unknown function of the component HC.Server Service. The manipulation with an...
Auteur: VulDB

Citrix AppDNA prior 7.1906.1.0.472 Access Control privilege escalation

A vulnerability was found in Citrix AppDNA (Connectivity Software). It has been classified as critical. Affected is some unknown processing of the component Access Control. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB
12345678910Last

Événements SSI

BLACK HAT

Événement majeur mondial sur la sécurité de l'information la conférence Black Hat USA a lieu du 3 au 8 août 2019 à Las Vegas (Mandalay Bay). Organisé par UBM.


Présentation par l'organisateur

Now in its 22nd year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2019 opens with four days of technical Trainings (August 3-6) followed by the two-day main conference (August 7-8) featuring Briefings, Arsenal, Business Hall, and more.

 Plus d'infos sur le site dédié à l'événement.

LES ASSISES

Grand rendez-vous annuel des RSSI, les Assises de la sécurité des systèmes d'information se tiennent à Monaco (Grimaldi Forum) du 9 au 12 octobre 2019. Organisées par DG Consultants.

Présentation par l'organisateur



Retour sur Les Assises 2018

La 18ème édition des Assises de la Sécurité à Monaco, c’est terminé ! Encore merci aux 2800 participants dont les 160 partenaires qui pendant trois jours se sont retrouvés pour faire vivre cet événement unique en France. Conférences, one-to-one, tables-rondes, ateliers, moments de networking… Par leur contenu, par la qualité des visiteurs et par la richesse des échanges, les Assises se positionnent plus que jamais comme le rendez-vous incontournable de tous les professionnels de la cybersécurité. A l’image du marché qui ne cesse d’évoluer, les Assises savent adapter leur offre afin de répondre au mieux aux attentes du secteur. Ainsi cette édition a-t-elle voulu mettre en avant les grands enjeux du moment en multipliant les prises de parole, les démonstrations et les retours d’expérience.

Rendez-vous maintenant pour la prochaine édition qui aura lieu du 9 au 12 octobre 2019

Plus d'informations sur le site dédié à l'événement.

RSS