Avis de sécurité
2024
2024-12-13 | High - InvoiceNinja - Unauthenticated Remote Command Execution when APP_KEY known , (CVE-2024-55555) by Rémi Matasse , Mickaël Benassouli
2024-12-13 | Medium - Crater Invoice - Unauthenticated Remote Command Execution when APP_KEY known , (CVE-2024-55556) by Rémi Matasse , Mickaël Benassouli
2024-12-13 | High - Snipe-IT - Unauthenticated Remote Command Execution when APP_KEY known , (CVE-2024-48987) by Rémi Matasse , Mickaël Benassouli
2024-11-28 | Critical - Multiple vulnerabilities in Delmia Apriso 2019 to 2024 , (CVE-2024-3300, CVE-2024-3301) by Mehdi Elyassa
2024-11-21 | High - Local privilege escalation in Windows Velociraptor service , (CVE-2024-10526) by Jean-Baptiste Mesnard-Sense
2024-10-31 | Medium - Local Privilege Escalation in SAP , (CVE-2024-33005) by Julien Egloff
2024-10-08 | Medium - SonarQube - GitHub integration information leakage , (CVE-2024-47910) by Clément Amic , Hugo Vincent
2024-09-23 | Medium - Help Scout - Mass assignment vulnerability on inbox settings by Clément Amic
2024-07-29 | High - Oracle Retail Xstore Suite: pre-authenticated path traversal , (CVE-2024-21136) by Louis Wolfers , Quentin Roland
2024-07-19 | Improper authorization check in ProjectSend <= r1605, Improper authorization check in ProjectSend <= r1605 by Florent Sicchio , Hugo Clout
2024-07-17 | Critical - Remote Code Execution on Pyres Termod before 10.04w , (CVE-2024-39164) by Pierre Martin , Jacques Monin , Rémi Matasse
2024-06-25 | Critical - JpGraph Professional Version - Pre-Authenticated Remote Code Execution , (CVE-2024-39165) by Alexandre Droullé
2024-06-18 | Critical - SSRPM - Arbitrary password reset on default Client Web Interface installation by Clément Amic
2024-06-05 | Critical - Ivanti Sentry / MobileIron Sentry - Unauthenticated Remote Code Execution by Mehdi Elyassa
2024-06-05 | Critical - Ivanti EPMM / MobileIron Core - Multiple Vulnerabilities by Mehdi Elyassa
2024-05-24 | High - Windows 10 PLUGScheduler Elevation of Privilege , (CVE-2024-26238) by Guillaume André
2024-05-17 | Medium - Code execution in Cisco Secure Client with NAM , (CVE-2024-20391) by Julien Egloff , Kevin Tellier
2024-04-15 | Medium - File read in iTop , (CVE-2023-38511) by Jérôme Mampianinazakason
2024-03-26 | Medium - MISP - Arbitrary file read , (CVE-2024-29858, CVE-2024-29859) by Rémi Matasse , Raphaël Lob
2024-03-12 | Low - Multiple vulnerabilities in Collabora Online , (CVE-2024-25114) by Damien Couturier
2024-03-07 | Medium - Dangerous feature in Commvault CommServe < 11.34 by Guillaume André , Hugo Clout
2024-03-11 | Multiple vulnerabilities in Ricoh Device Manager NX <= r97223, Security advisory for Ricoh Device Manager NX by Mehdi Elyassa
2024-01-24 | Multiple vulnerabilities in Cisco Unified Communication Manager, CVE-2024-20253 by Julien Egloff
2024-01-22 | Critical - Multiple vulnerabilities on GestSup 3.2.44 , (CVE-2024-23163, CVE-2024-23164, CVE-2024-23165, CVE-2024-23166, CVE-2024-23167) by Pierre Martin , Romain Brun (BZHunt)
2024-01-17 | Multiple vulnerabilities in Ivanti Connect Secure, CVE-2023-41719, CVE-2023-41720 by Jérôme Mampianinazakason
2024-01-10 | Low - Remote Code Execution on Cisco Access Point WAP371 firmware ≤ 1.3.0.7 , (CVE-2024-20287) by Pierre Martin
2023
2023-12-07 | Multiple vulnerabilities in Peplink Balance Two <= 8.3.0, CVE-2023-49226, CVE-2023-49228, CVE-2023-49229, CVE-2023-49230 by Louis Jacotot , Pierre Milioni
2023-11-28 | Critical - Usercube (Netwrix) - Multiple vulnerabilities , (CVE-2023-41264) by Julien Egloff , Antoine Carrincazeaux
2023-10-31 | High - Multiple vulnerabilities in GLPI , (CVE-2023-41321, CVE-2023-41322, CVE-2023-41323, CVE-2023-41324) by Jean-Baptiste Mesnard-Sense
2023-10-26 | High - Unauthenticated Server Side Request Forgery & CRLF injection in Geoserver WMS , (CVE-2023-41339, CVE-2023-43795) by Rémi Matasse , Vincent Herbulot
2023-09-18 | Critical - PHAR deserialization (CVE-2023-28115 patch bypass) , (CVE-2023-41330) by Rémi Matasse
2023-08-08 | Multiple vulnerabilities in Knowage, Security advisory for Knowage server by Florent Sicchio
2023-07-04 | Security advisory for phpList, CVE-2023-35834: Partial File Read in phpList by Vincent Herbulot , Rémi Matasse
2023-06-28 | Multiple vulnerabilities in Kerlink Wirnet iFemtoCell, Security advisory for Kerlink KerOS used in Wirnet iFemtoCell by Guillaume Jacques , Antoine Cervoise
2023-06-27 | Remote code execution in Net2ftp <= 1.3, Remote code execution in Net2ftp <= 1.3 by Florent Sicchio , Hugo Clout
2023-06-26 | Security advisory for Ucopia, CVE-2022-44719 / CVE-2022-44720 by Jean Bonnevie , Paul Barbé
2023-06-13 | Multiple vulnerabilities in PRTG Network Monitor, Security advisory for PRTG Network Monitor by Théo Louis-Tisserand
2023-06-05 | Multiple vulnerabilities in Dassault Systèmes Delmia Apriso, CVE-2023-2139, CVE-2023-2140, CVE-2023-2141 by Mehdi Elyassa , Vincent Herbulot
2023-05-31 | Security advisory for Virtuozzo SSH Gate, Security advisory for Virtuozzo SSH Gate by Raphaël Lob , Jean Bonnevie
2023-05-22 | Multiple vulnerabilities in Danfoss System-Managers model SM800A firmware versions < 3.3, Security advisory for Danfoss SM800A firmware by Florent Sicchio
2023-05-22 | Authentication bypass in Danfoss System-Managers models SM800 & SC255 firmware versions <= v08.095.008, Security advisory for Danfoss SM800 & SC255 firmware by Florent Sicchio
2023-05-17 | Arbitrary email forgery in Webflow, Security advisory for Webflow by Antoine Carrincazeaux
2023-05-09 | Multiple vulnerabilities in n8n <= 0.215.2, CVE-2023-27562, CVE-2023-27563 and CVE-2023-27564. by Antoine Cervoise , Jérôme Mampianinazakason
2023-04-07 | Stored Cross-Site Scripting (XSS) in Zimbra version 8.8.15_GA_4059, CVE-2022-41348 by Kevin Tellier , Guillaume Jacques , Melvil Guillaume
2023-03-23 | Remote Code Execution in Supermicro SuperDoctor5 version < 5.14.0, Security advisory for Supermicro SuperDoctor 5 by Aymeric Palhière , Gaetan Ferry
2023-03-22 | Improper Privilege Management in Grails Spring Security Core <= 5.1.0, CVE-2022-41923 by Benjamin Sepe , Adrien Peter
2023-03-17 | Remote code execution in BIRT Viewer ≤ 4.12.0, CVE-2023-0100 by Louis Wolfers
2023-02-24 | XXE vulnerability in IBM Tivoli Workload Scheduler, CVE-2022-38389 by Geoffrey Bertoli
2023-02-21 | Multiple vulnerabilities in Nokia Airscale ASIKA, CVE-2023-25185, CVE-2023-25186, CVE-2023-25187, CVE-2023-25188 by Lena David , Geoffrey Bertoli
2023-02-21 | Multiple vulnerabilities in Dell Unisphere for PowerMax vApp, VASA Provider vApp and Solutions Enabler vApp, CVE-2022-45103 and CVE-2022-45104 by Antoine Carrincazeaux
2023-02-10 | Multiple vulnerabilities in BMC Control-M < 9.0.20.214, Security advisory for BMC Control-M by Guillaume Jacques
2023-02-03 | Authentication Bypass in Izanami Docker image 1.10.22, CVE-2023-22495 by Raphaël Lob
2023-02-02 | Multiple vulnerabilities in Oracle EPM Workspace version 11.2.3.0.0.05, CVE-2021-2347, CVE-2021-2439 and CVE-2021-2445 by Paul Barbé , Guillaume Jacques , Théo Louis-Tisserand
2023-02-02 | Multiple vulnerabilities in Oracle EAS Console version 11.1.2.0, CVE-2021-35651, CVE-2021-35652, CVE-2021-35653, CVE-2021-35654 and CVE-2021-35655 by Paul Barbé , Guillaume Jacques , Théo Louis-Tisserand
2023-02-02 | Lack of access control in Oracle Hyperion Provider Services APS/JAPI version 11.1.2.5, CVE-2021-2435 by Paul Barbé , Guillaume Jacques , Théo Louis-Tisserand
2023-01-30 | Multiple vulnerabilities in UCOPIA 5.1 and 6.0.2, Security advisory for UCOPIA by Tawfik Bakache
2023-01-25 | Privilege escalation vulnerability in FortiManager version 6.4.5, CVE-2022-26118 by Clément Amic , Pierre Milioni , Adrien Peter
2023-01-20 | Mutliple vulnerabilities in ManageEngine ADSelfService Plus, Security advisory for ManageEngine ADSelfService Plus. by Antoine Cervoise , Wilfried Bécard
2023-01-17 | Sudoedit bypass in Sudo <= 1.9.12p1, CVE-2023-22809 by Matthieu Barjole , Victor Cutillas
2022
2022-12-21 | Multiple Stored Cross-Site Scripting vulnerabilities in Sage Enterprise Intelligence, CVE-2022-34322 by Mickaël Benassouli , Antoine Gicquel
2022-12-21 | Multiple Cross-Site Scripting vulnerabilities in Sage XRT Business Exchange, CVE-2022-34323 by Mickaël Benassouli , Antoine Gicquel
2022-12-21 | Multiple authenticated blind SQL Injections in Sage XRT Business Exchange application, CVE-2022-34324 by Mickaël Benassouli , Antoine Gicquel
2022-12-13 | Raft Remote Code Execution, Raft Survival game Remote Code Execution by Thomas Bouzerar
2022-11-30 | integer overflow in VLC < 3.0.18, CVE-2022-41325 by Kevin Denis
2022-11-29 | Cross-Site Scripting vulnerabilities in CodeIgniter ≤ 3.1.13, Security advisory for CodeIgniter by Antoine Cervoise , Maxime Rinaudo
2022-11-23 | Multiple vulnerabilities in H2O ≤ 3.32.1.3, Security advisory for H2O by Clément Amic , Lena David
2022-11-30 | Unrestricted file upload in Rocket TRUfusion Enterprise <= 7.9.6.0, CVE-2022-36431 by Mehdi Elyassa , Kevin Tellier
2022-10-17 | Weak private key generation in SSH.NET <= 2020.0.1, CVE-2022-29245 by Guillaume André
2022-02-16 | FortiManager 6.4.5 - Multiple Vulnerabilities, CVE-2021-32587, CVE-2021-32597, CVE-2021-32598, CVE-2021-32603 by Adrien Peter , Clément Amic , Pierre Milioni
2022-01-14 | Unsafe Object Deserialization in Html2Pdf <= 5.2.3 (Html2Pdf library), CVE-2021-45394 by Clément Amic , Antoine Gicquel
2021
2021-11-09 | Cisco Nexus 9000 ACI mode 14.2(7f) - Multiple Vulnerabilities , CVE-2021-1583, CVE-2021-1584 by Clément Amic , Pierre Milioni , Adrien Peter
2021-11-09 | Cisco APIC 4.2(7f) - Multiple Cross-Site Scripting, CVE-2021-1582 by Clément Amic , Pierre Milioni , Guillaume Jacques , Adrien Peter
2021-10-28 | Cisco SD WAN IOS XE routers command injection #2, CVE-2021-1529 by Julien Legras
2021-10-20 | Authentication bypass in Jeedom, CVE-2021-42557 by Maxime Rinaudo , Antoine Cervoise
2021-10-15 | Multiple vulnerabilities in Nagios XI < 5.8.6, Security advisory for Nagios XI by Guillaume André
2021-09-16 | Cross-Site Scripting in Cookiebot WordPress plugin, Security advisory for Cookiebot WordPress plugin by Antoine Cervoise
2021-07-28 | Multiple vulnerabilities in Centreon < 20.04.13, 20.10.7 & 21.04.2, Security advisory for Centreon by Guillaume André , Théo Louis-Tisserand
2021-07-21 | Reflected XSS in Enfold < 4.8.2, Security advisory by Julien Legras , Guillaume André
2021-06-28 | WordPress AryoActivityLog vulnerability, Avis de sécurité by Jérôme Mampianinazakason
2021-06-10 | Local privilege escalation in Cisco SD-WAN < 20.4 and 20.5, CVE-2021-1528 by Julien Legras
2021-06-10 | Cisco SD-WAN Multiple vulnerabilities in vManage < 20.5.1, CVE-2021-1481, CVE-2021-1482, CVE-2021-1483, CVE-2021-1484 by Julien Legras , Théo Louis-Tisserand
2021-04-06 | WordPress AjaxSearchPro vulnerability, Avis de sécurité pour un plugin WordPress by Julien Egloff , Jérôme Mampianinazakason
2021-03-19 | Use After Free in CyberArk Digital Vault, Security advisory by Julien Boutet
2021-03-18 | GLPI FusionInventory 9.5.0 injection SQL, Avis de sécurité by Alexis Danizan , Hugo Vincent
2021-02-05 | Evolution CMS unauthenticated SQLI and user enumeration, Security advisory by Thomas Etrillard , Nicolas Biscos
2021-01-25 | YouPHPTube/AVideo multiple vulnerabilities, Security advisory for YouPHPTube/AVideo by Maxime Rinaudo
2021-01-18 | Code Injection in the J-Web component of Junos OS, Security advisory for the J-Web component of Juniper's Junos OS by Lena David , Geoffrey Bertoli
2020
2020-11-10 | Centile Istra - SQL injection, Centile Istra - SQL injection by Thibault Guittet , Julien Clergue
2020-10-05 | SQL injection in LearnPress <= 3.2.7.2, Security advisory for LearnPress WordPress plugin. by Wilfried Bécard
2020-09-23 | Local Privilege Escalation in Fortinet SSL VPN for Linux, Security advisory for Fortinet SSL VPN for Linux by Thomas Chauchefoin
2020-08-26 | Insecure password reset in Sulu < 1.6.35, 2.0.10 & 2.1.1, Security advisory for Sulu framework by Julien Legras
2020-01-17 | MaarchCourrier 19.04, 18.10, 18.04, 17.06 OS Command injection, MaarchCourrier Security Advisory by Tawfik Bakache , Thomas Etrillard
2020-03-25 | Cisco Viptela vManage neo4j injection and stored XSS , CVE-2019-16010 and CVE-2019-16012 by Thomas Etrillard , Julien Legras
2020-04-09 | Android Monospace - Writing and Notes 2.6.3, Broken Encryption Feature by Lena David
2020-05-10 | Cisco SD WAN IOS XE routers command injection, CVE-2019-16011 by Thomas Etrillard , Julien Legras
2019
2019-01-30 | Multiple vulnerabilities in Jenkins Job Import <= 2.1 (vendor announcement), Security advisory by Thomas Chauchefoin , Julien Szlamowicz
2019-02-27 | Command Execution in elFinder's < 2.1.48 PHP connector (CVE-2019-9194), Security advisory by Thomas Chauchefoin
2019-03-01 | IPv6 fragmentation vulnerability in OpenBSD Packet Filter (CVE-2019-5597), Security advisory by Corentin Bayet , Nicolas Collignon , Luca Moro
2019-02-25 | Path traversal in BlueMind 4.0 < beta3 and 3.5.x < 3.5.11-7 (CVE-2019-9563), Security advisory by Damien Picard , Julien Szlamowicz
2019-03-11 | TIBCO JasperReports Server XML Entity Expansion Vulnerability (CVE-2019-8986), Security advisory by Sébastien Dudek , Julien Szlamowicz
2019-04-16 | Unsafe deserialization in Sitecore CMS leading to RCE (CVE-2019-9874 and CVE-2019-9875), Security advisory by Julien Legras , Adrien Peter
2019-04-23 | GLPI 9.4.0 Timing attack user enumeration (CVE-2019-10233), Security advisory by Damien Picard , Julien Szlamowicz
2019-04-23 | GLPI 9.4.0 FusionInventory plugin RCE (CVE-2019-10477), Security advisory by Damien Picard , Julien Szlamowicz
2019-04-23 | GLPI 9.4.0 Type juggling authentication bypass (CVE-2019-10231), Security advisory by Damien Picard , Julien Szlamowicz
2019-04-29 | Pre-authenticated SQL injection in GLPI <= 9.3.3 (CVE-2019-10232), Security advisory by Thomas Chauchefoin
2019-07-04 | Stored XSS in GLPI <= 9.4.2, CVE-2019-13239 by Julien Legras
2019-07-04 | Unsafe password reset in GLPI <= 9.4.0, CVE-2019-13240 by Julien Legras
2019-07-05 | Arbitrary File Disclosure in Ad Inserter (< 2.4.9), Security advisory by Wilfried Bécard
2019-01-18 | Livebox 3 - Weak password reset procedure, Security advisory by Gaetan Ferry , Julien Szlamowicz
2019-03-10 | Huawei ManageOne ServiceCenter ACL Bypass, Security advisory by Sébastien Dudek , Julien Legras
2019-04-11 | Local file disclosure in mysqljs package 2.17.1, Security advisory by Julien Legras
2018
2018-10-01 | Multiple vulnerabilities in Vectra Cognito: CVE-2018-14889, CVE-2018-14890 and CVE-2018-14891, Security advisory by Julien Egloff , Thibault Guittet
2018-10-16 | Critical vulnerabilities in PineApp Mail Secure 5.1, Security advisory by Thomas Chauchefoin , Gaetan Ferry
2018-04-05 | CVE-2018-9325 (CVE-2018-9326, CVE-2018-9327, CVE-2018-9845), Multiple arbitrary code execution and information leaks in the project Etherpad by Thomas Chauchefoin
2018-04-10 | Missing XML Validation vulnerability in SAP Control Center and SAP Cockpit Framework, SAP Patch by Thomas Chauchefoin , Sébastien Dudek
2018-04-23 | Cross-Site Scripting in Zend Server < 9.1.3 (CVE-2018-10230), Security advisory by Thomas Chauchefoin , Julien Egloff
2018-06-28 | SQL injection in FlySpray <= v1.0-rc6, Security advisory by Thomas Chauchefoin , Bastien Faure
2018-07-17 | Multiple buffer overflows in Visual TOM <= 5.7.4, Security advisory by Julien Egloff , Florian Guilbert
2018-08-24 | SQL injection in Image Intense, Security advisory by Thomas Chauchefoin , Julien Legras
2018-08-29 | Arbitrary code execution in Duplicator Pro < 1.2.42, Security advisory by Thomas Chauchefoin , Julien Legras
2018-09-14 | Cisco Nexus 9000 Series Fabric Switches ACI Mode Shell Escape (CVE-2019-1591), Security advisory by Nicolas Biscos , Gaetan Ferry
2018-01-25 | Multiple vulnerabilities in WordPress Health Check & Troubleshooting, Security advisory by Julien Legras
2017
2017-06-23 | TSIG authentication bypass through signature forgery in Knot DNS, Security advisory by Clément Berthaux
2017-07-06 | TSIG authentication bypass through signature forgery in ISC BIND (CVE-2017-3143), Security advisory by Clément Berthaux
2017-07-06 | TSIG authentication bypass for zone transfer operations in ISC BIND (CVE-2017-3142), Security advisory by Clément Berthaux
2016
2016-03-16 | Multiple vulnerabilities in Citrix Provisioning Services (CVE-2016-9676, CVE-2016-9677, CVE-2016-9678, CVE-2016-9679, CVE-2016-9680), Security advisories by Fabien Perigaud
2016-03-09 | Sensitive information disclosure in the RESTX framework, Security advisory by Julien Legras
2016-02-01 | Multiple vulnerabilities in Oracle ECB and COM products (CVE-2016-3513, CVE-2016-3514, CVE-2016-3515 and CVE-2016-3516) (#1, #2, #3, #4), Security advisories by Nicolas Collignon , Sébastien Dudek
2016-09-12 | CVE-2016-1470 (CVE-2016-1471, CVE-2016-1472, CVE-2016-1473), Multiple vulnerabilities in Cisco Switch SG220 by Nicolas Collignon , Renaud Dubourguais
2015
2015-04-24 | Pre-authentication XXE vulnerability in the Services Drupal module, Security advisory by Renaud Dubourguais
2015-11-01 | Security Researcher Acknowledgments for Microsoft Online Services, Security advisory by Jan Kopec
2015-12-24 | CVE-2015-6409: Cisco Jabber STARTTLS Downgrade Vulnerability, Security advisory by Renaud Dubourguais , Sébastien Dudek
2014
2014-01-15 | Remote code execution in Cisco Jabber for Windows (CVE-2014-0666), Security advisory by Fabien Perigaud
2014-02-26 | Detection and exploitation of a race condition based arbitrary file upload leading to remote code execution (CVE-2014-2223), Security advisory by Bastien Faure
2014-03-01 | Privilege Escalation and Cross Site Scripting vulnerabilities in IBM InfoSphere Master Data Management Collaborative Edition (CVE-2014-8896, CVE-2014-8897, CVE-2014-8898, CVE-2014-8899), Security advisories by Jan Kopec
2014-01-14 | Discovery of a backdoor on Linksys routers, Description and PoC by Eloi Benoist-Vanderbeken
2014-03-01 | Discovery and patching of a Remote Code Execution in the WP-Filebase plugin, Security advisory by Samir Megueddem
2014-03-05 | Cross-Site Scripting in the Converse.js XMPP/Jabber client, Security advisory by Renaud Dubourguais
2014-04-16 | Arbitrary code execution to escape the Google App Engine Python sandbox, Security vulnerability by Nicolas Collignon
2014-04-18 | Reverse engineering of the Sercomm feature to reactivate the TCP/32764 backdoor on several routers (PoC), Security vulnerability by Eloi Benoist-Vanderbeken
2013
2013-12-10 | OWASP ESAPI library HMAC validation bypass, Security advisory by Renaud Dubourguais , Renaud Feil
2011
2011-10-01 | Discovery and patching of SQL injections in the WordPress wp-polls plugin, Security advisory by Renaud Feil
2010
2010-04-27 | MS10-025 Remote code execution in Microsoft Windows Media Services (CVE-2010-0478), Security advisory by Fabien Perigaud