The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

computer vulnerability announce 19337

WordPress Stop User Enumeration: security improvement

Synthesis of the vulnerability

The security of WordPress Stop User Enumeration was improved.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 11/04/2016.
Identifiers: VIGILANCE-VUL-19337.

Description of the vulnerability

The Stop User Enumeration plugin can be installed on WordPress.

However, users can still be enumerated.

The security of WordPress Stop User Enumeration was therefore improved.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 19336

Joomla Image Upload: file upload

Synthesis of the vulnerability

An attacker can upload a malicious file on Joomla Image Upload, in order for example to upload a Trojan.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 11/04/2016.
Identifiers: VIGILANCE-VUL-19336.

Description of the vulnerability

The Image Upload extension can be installed on Joomla.

It can be used to upload a file. However, as the file type is not restricted, a PHP file can be uploaded on the server, and then executed.

An attacker can therefore upload a malicious file on Joomla Image Upload, in order for example to upload a Trojan.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability 19335

WordPress Product Options for WooCommerce: file upload

Synthesis of the vulnerability

An attacker can upload a malicious file on WordPress Product Options for WooCommerce, in order for example to upload a Trojan.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 11/04/2016.
Identifiers: VIGILANCE-VUL-19335.

Description of the vulnerability

The Product Options for WooCommerce plugin can be installed on WordPress.

It can be used to upload a file. However, as the file type is not restricted, a PHP file can be uploaded on the server, and then executed.

An attacker can therefore upload a malicious file on WordPress Product Options for WooCommerce, in order for example to upload a Trojan.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-3076

Python Pillow: integer overflow of Jpeg2KEncode.c

Synthesis of the vulnerability

An attacker can generate an integer overflow in Jpeg2KEncode.c of Python Pillow, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 11/04/2016.
Identifiers: CVE-2016-3076, FEDORA-2016-35700c5956, FEDORA-2016-6ad4474058, VIGILANCE-VUL-19334.

Description of the vulnerability

An attacker can generate an integer overflow in Jpeg2KEncode.c of Python Pillow, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2015-8106

LaTeX2rtf: memory corruption via CmdKeywords

Synthesis of the vulnerability

An attacker can generate a memory corruption in CmdKeywords of LaTeX2rtf, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 11/04/2016.
Identifiers: CVE-2015-8106, FEDORA-2016-246417376c, FEDORA-2016-b9368247d4, VIGILANCE-VUL-19333.

Description of the vulnerability

An attacker can generate a memory corruption in CmdKeywords of LaTeX2rtf, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 19332

EncFS: vulnerability

Synthesis of the vulnerability

A vulnerability of EncFS was announced.
Impacted products: Fedora.
Severity: 1/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Creation date: 11/04/2016.
Identifiers: FEDORA-2016-858277b967, FEDORA-2016-f61f02e9e2, VIGILANCE-VUL-19332.

Description of the vulnerability

A vulnerability of EncFS was announced.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-2184 CVE-2016-2185 CVE-2016-2186

Linux kernel: five vulnerabilities of USB Device Descriptor

Synthesis of the vulnerability

Several vulnerabilities were announced in the Linux kernel.
Impacted products: Debian, Fedora, Android OS, Linux, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: physical access.
Number of vulnerabilities in this bulletin: 5.
Creation date: 11/04/2016.
Identifiers: CERTFR-2016-AVI-156, CERTFR-2016-AVI-159, CERTFR-2016-AVI-186, CERTFR-2016-AVI-199, CERTFR-2016-AVI-267, CERTFR-2017-AVI-034, CERTFR-2017-AVI-282, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2187, CVE-2016-2188, DLA-516-1, DLA-922-1, DSA-3607-1, FEDORA-2016-7e602c0e5e, FEDORA-2016-ed5110c4bb, openSUSE-SU-2016:1008-1, openSUSE-SU-2016:1382-1, openSUSE-SU-2016:2144-1, openSUSE-SU-2016:2649-1, SUSE-SU-2016:1019-1, SUSE-SU-2016:1203-1, SUSE-SU-2016:1672-1, SUSE-SU-2016:1690-1, SUSE-SU-2016:1696-1, SUSE-SU-2016:1707-1, SUSE-SU-2016:1764-1, SUSE-SU-2016:1985-1, SUSE-SU-2016:2074-1, SUSE-SU-2016:2245-1, SUSE-SU-2017:0333-1, SUSE-SU-2017:2342-1, USN-2965-1, USN-2965-2, USN-2965-3, USN-2965-4, USN-2968-1, USN-2968-2, USN-2969-1, USN-2970-1, USN-2971-1, USN-2971-2, USN-2971-3, USN-2989-1, USN-2996-1, USN-2997-1, USN-2998-1, USN-3000-1, USN-3001-1, USN-3002-1, USN-3003-1, USN-3004-1, USN-3005-1, USN-3006-1, USN-3007-1, VIGILANCE-VUL-19331.

Description of the vulnerability

Several vulnerabilities were announced in the Linux kernel.

An attacker can force a NULL pointer to be dereferenced in powermate, in order to trigger a denial of service. [severity:1/4; CVE-2016-2186]

An attacker can force a NULL pointer to be dereferenced in gtco, in order to trigger a denial of service. [severity:1/4; CVE-2016-2187]

An attacker can force a NULL pointer to be dereferenced in iowarrior, in order to trigger a denial of service. [severity:1/4; CVE-2016-2188]

An attacker can force a NULL pointer to be dereferenced in snd_usb_audio, in order to trigger a denial of service. [severity:1/4; CVE-2016-2184]

An attacker can force a NULL pointer to be dereferenced in ati_remote2, in order to trigger a denial of service. [severity:1/4; CVE-2016-2185]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-3686

F5 BIG-IP: SessionID disclosure in the URL

Synthesis of the vulnerability

An attacker can read URLs used after a redirection by F5 BIG-IP, in order to obtain the session cookie, and possibly to access to the service.
Impacted products: BIG-IP Hardware, TMOS.
Severity: 2/4.
Consequences: user access/rights, data reading.
Provenance: intranet server.
Creation date: 11/04/2016.
Identifiers: CERTFR-2016-AVI-118, CVE-2016-3686, SOL82679059, VIGILANCE-VUL-19330.

Description of the vulnerability

The F5 BIG-IP product uses a session cookie which can be stored in the F5SSO_SID or F5Networks-SSO-Resp variables.

However, after a redirection, this session cookie is added in the URL. An attacker who reads this value can then access to the service.

An attacker can therefore read URLs used after a redirection by F5 BIG-IP, in order to obtain the session cookie, and possibly to access to the service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 19328

WordPress Multiple Meta Box: SQL injection of multi_metabox_listing

Synthesis of the vulnerability

An attacker can use a SQL injection in the multi_metabox_listing parameter of WordPress Multiple Meta Box, in order to read or alter data.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 08/04/2016.
Identifiers: VIGILANCE-VUL-19328.

Description of the vulnerability

The WordPress Multiple Meta Box product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection in the multi_metabox_listing parameter of WordPress Multiple Meta Box, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 19327

Joomla User Group FTW For Hikashop: vulnerability

Synthesis of the vulnerability

A vulnerability of Joomla User Group FTW For Hikashop was announced.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: internet client.
Creation date: 08/04/2016.
Identifiers: VIGILANCE-VUL-19327.

Description of the vulnerability

A vulnerability of Joomla User Group FTW For Hikashop was announced.
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1814 1815 1816 1817 1818 1819 1820 1821 1822 1823 1824 1825 1826 1827 1828 1829 1830 1831 1832 1833 1834 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2899