The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Varnish HTTP Cache: weak access control
An attacker can access to Varnish HTTP Cache, even if the server configuration states that his IP address should be blocked...
WordPress NextGEN Gallery: Cross Site Scripting of swfupload.swf
An attacker can trigger a Cross Site Scripting in swfupload.swf of WordPress NextGEN Gallery, in order to execute JavaScript code in the context of the web site...
WordPress: denial of service via class-phpass.php
An attacker can change the hash complexity of class-phpass.php of WordPress, in order to trigger a denial of service...
Cisco Access Control Server: privilege escalation via Report View
An attacker can access to Report View of Cisco Access Control Server, in order to escalate his privileges...
Linux kernel: invalid memory access via KVM
An attacker located in a guest can manage the virtual memory map, in order to read or write the host kernel memory...
Linux kernel: denial of service via KVM Interrupts
An attacker located inside a KVM guest can access the virtual memory and manage guest interrupts, in order to trigger a denial of service...
WordPress Ambience: Cross Site Scripting
An attacker can trigger a Cross Site Scripting in the WordPress Ambience theme, in order to execute JavaScript code in the context of the web site...
Debian: user access to mysql-server
A local attacker can read the file /etc/mysql/debian.cnf while the installation script of mysql-server of Debian is running, in order to get a privileged access to the database server...
Linux kernel: multiple vulnerabilities of usb-audio
An attacker can use several vulnerabilities of usb-audio of the Linux kernel...
mesa: buffer overflow via shader
An attacker can generate a buffer overflow in the mesa library, in order to trigger a denial of service, and possibly to execute code...
Wireshark 1.6: multiple vulnerabilities of dissectors
An attacker can use several vulnerabilities of dissectors of Wireshark 1.6...
Wireshark 1.8: multiple vulnerabilities of dissectors
An attacker can use several vulnerabilities of dissectors of Wireshark 1.8...
AIX: privilege escalation via arp.ib
An attacker can use a vulnerability of arp.ib of AIX, in order to escalate his privileges...
AIX: privilege escalation via ibstat
A local attacker can use a vulnerability of the ibstat command of AIX, in order to escalate his privileges...
WordPress Uk Cookie: Cross Site Request Forgery
An attacker can trigger a Cross Site Request Forgery in WordPress Uk Cookie, in order to force the victim to perform operations...
PHP: buffer overflow of quoted_printable_encode
An attacker can generate a buffer overflow in the quoted_printable_encode() function of PHP, in order to trigger a denial of service, and possibly to execute code...
WordPress Simple Paypal Shopping Cart: Cross Site Request Forgery
An attacker can trigger a Cross Site Request Forgery in WordPress Simple Paypal Shopping Cart, in order to force the victim to perform operations...
Linux kernel: data modification via xen/blkback
When a device is mounted as read-only, an attacker located in a Xen guest system can alter or delete data...
Perl: code execution via Module-Signature
An attacker can create a malicious CPAN package containing a fake Digest module, to force the Module::Signature module to execute Perl code during the signature verification process...
Linux kernel: information disclosure via cdrom
A local attacker can use an invalid cdrom, in order to obtain a fragment of the kernel memory...
Drupal Services: Cross Site Request Forgery
An attacker can trigger a Cross Site Request Forgery in the Drupal Services module, in order to force the victim to perform operations...
phpMyAdmin: Cross Site Scripting of Create View
An attacker can trigger a Cross Site Scripting in Create View page of phpMyAdmin, in order to execute JavaScript code in the context of the web site...
Xen: privilege escalation via libelf
An attacker, who is administrator in a PV/HVM kernel, can load a malicious kernel/firmware, to corrupt the memory of libelf of Xen, in order to escalate his privileges on the host system...
Dotclear: Cross Site Scripting of Admin
An administrator attacker can trigger a Cross Site Scripting in the administration interface of Dotclear, in order to execute JavaScript code in the context of the web site...
Linux kernel: multiple vulnerabilities of perf
Several vulnerabilities were announced in the perf interface of the Linux kernel, which is used to measure system performance...
Linux kernel: information disclosure via fanotify
When Filesystem Wide Access Notification is enabled, a local attacker can use read(), in order to obtain one byte of the kernel memory...
Linux kernel: information disclosure via Compaq Smart
When Compaq Smart is enabled, a local attacker can use two ioctls, in order to obtain fragments of the kernel memory...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 378 379 380 381 382 383 384 385 386 388 390 391 392 393 394 395 396 397 398 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1013