The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
1 Linux kernel: denial of service via SCTP cookies
An attacker can make the kernel code that manage SCTP cookies, dereference a NULL pointer, in order to trigger a denial of service...
3 WordPress: multiple vulnerabilities of Slash WP theme
An attacker can use several vulnerabilities of the Slash WP theme for WordPress...
1 Linux kernel: privilege escalation via fwpostfix
An attacker can pass a malicious value to the parameter fwpostfix of the Linux kernel module b43, in order to escalate his privileges...
3 Puppet: code injection via YAML
An attacker can send a YAML message including Ruby code to Puppet server, in order to make the server run the code...
3 Drupal: two vulnerabilities of Login Security
An attacker can use several vulnerabilities of Login Security of Drupal...
1 Gnome Shell: privilege escalation via session locking
An attacker can trigger an error in Gnome Shell, in order to unlock a Gnome session and get the access rights of the logged in user...
3 Symantec Endpoint Protection Manager: buffer overflow of secars.dll
An attacker can generate a buffer overflow in secars.dll of Symantec Endpoint Protection Manager, in order to trigger a denial of service, and possibly to execute code...
3 Oracle JRE, JDK, JavaFX: multiple vulnerabilities
An attacker can use several vulnerabilities of Oracle JRE, JDK, JavaFX...
2 IBM WebSphere AS 8.5: multiple vulnerabilities
An attacker can use several vulnerabilities of IBM WebSphere AS 8.5...
2 Cisco Prime Central: Cross Site Scripting
An attacker can trigger a Cross Site Scripting in Cisco Prime Central, in order to execute JavaScript code in the context of the web site...
3 Cisco ASA-CX: denial of service via TCP
An attacker can send specially crafted TCP packets to a node running Cisco ASA-CX, in order to trigger a denial of service...
2 OTRS: privilege escalation via tickets watching
An attacker can submit specially crafted URL to the ticket watching module of OTRS, in order to read data the access rights of them should make them unreadable...
2 WordPress Ultimate Auction Plugin: Cross Site Request Forgery
An attacker can trigger a Cross Site Request Forgery in WordPress Ultimate Auction Plugin, in order to force the victim to perform operations...
2 FreeBSD: memory corruption via mmap and ptrace
When a process uses mmap(), an attacker can use ptrace() to modify data or even code within the traced process...
2 IBM WebSphere AS: privilege escalation via Oauth
An attacker can spoof the identity of a user of IBM WebSphere AS using OAuth, in order to escalate his privileges...
2 FortiGate: privilege escalation
An attacker can use the Guest account of FortiGate, in order to read and modify data related to others users...
3 Siemens: multiple vulnerabilities of SIMATIC
An attacker can use several vulnerabilities of SIMATIC from Siemens...
2 Mozilla Firefox, MS Internet Explorer: denial of service via JavaScript loops
An attacker can use an endless recursive call chain in JavaScript with Mozilla Firefox, MS Internet Explorer, in order to trigger a denial of service...
2 CheckPoint Security Gateway: information disclosure via VoIP
When SecureXL is enabled on caller side, an attacker can capture VoIP communications of CheckPoint Security Gateway, in order to obtain sensitive information...
2 IBM WebSphere MQ: privilege escalation via CHLAUTH
When access rules are defined via CHLAUTH, an attacker can connect to IBM WebSphere MQ, in order to escalate his privileges...
2 Juniper SA, UAC: site spoofing via Trusted Server CA Root
An attacker, who has access to the development certification authority of Juniper, can create a fake site, which is not detected by Junos Pulse Secure Access Service (SSL VPN) nor Junos Pulse Access Control Service (UAC)...
2 IBM Notes: privilege escalation via ntmulti.exe
A local attacker can use the IBM Notes Multi User Profile Cleanup feature, in order to execute code with privileges of the next user...
1 IBM Notes: password reading in memory
A local attacker, who can access to the memory of processes, can read recently used passwords...
1 dbus: denial of service via _dbus_printf_string_upper_bound
An attacker can send messages to be processed by _dbus_printf_string_upper_bound of dbus, in order to trigger a denial of service...
2 WordPress NextGEN Gallery: file upload without authentication
An unauthenticated attacker can directly call the upload script of WordPress NextGEN Gallery, in order to upload a file on the server...
2 Drupal Display Suite: Cross Site Scripting of Entity Bundle Labels
An attacker can trigger a Cross Site Scripting in Entity Bundle Labels of Drupal Display Suite, in order to execute JavaScript code in the context of the web site...
2 WordPress Mail Subscribe List: Cross Site Scripting of sml_name
An attacker can trigger a Cross Site Scripting in sml_name of WordPress Mail Subscribe List, in order to execute JavaScript code in the context of the web site...
2 OpenBSD 5.3: two vulnerabilities of vio driver
An attacker can use several vulnerabilities of vio driver of OpenBSD 5.3...
2 OpenBSD 5.3: use after free in tftpd
An attacker can use a freed memory area in tftpd of OpenBSD 5.3, in order to trigger a denial of service, and possibly to execute code...
1 XDM: denial of service via crypt
An attacker can attempt to login with XDM using crypt(), in order to trigger a denial of service...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 380 381 382 383 384 385 386 387 388 390 392 393 394 395 396 397 398 399 400 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 996