The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
FortiGate: Cross Site Request Forgery of System-Settings and Firewall-Policies
An attacker can trigger a Cross Site Request Forgery in System-Settings and Firewall-Policies of FortiGate, in order to force the victim to perform operations...
WordPress Xorbin Digital Flash Clock: Cross Site Scripting
An attacker can trigger a Cross Site Scripting in WordPress Xorbin Digital Flash Clock, in order to execute JavaScript code in the context of the web site...
WordPress Xorbin Analog Flash Clock: Cross Site Scripting
An attacker can trigger a Cross Site Scripting in WordPress Xorbin Analog Flash Clock, in order to execute JavaScript code in the context of the web site...
Joomla Xorbin Analog Flash Clock: Cross Site Scripting
An attacker can trigger a Cross Site Scripting in Joomla Xorbin Analog Flash Clock, in order to execute JavaScript code in the context of the web site...
Cisco IronPort: Cross Site Request Forgery
An attacker can trigger a Cross Site Request Forgery in the appliances Cisco IronPort, in order to force the victim to perform operations...
RHEL: denial of service via IP_REPOPTS
An attacker can submit datagrams with IP_REPOPTS options to the kernel of RHEL, in order to trigger a denial of service...
IBM WebSphere MQ: buffer overflow of mqm
An attacker can generate a buffer overflow in mqm of IBM WebSphere MQ, in order to trigger a denial of service, and possibly to execute code...
HP Switch, Router: information disclosure and code execution
An attacker can send specially crafted data to an HP switch or router, in order to obtain sensitive information or to make the node execute code...
phpMyAdmin: Configuration change via import function
An authenticated attacker can use the import function of phpMyAdmin in order to overwrite some globals variables, and so change the application configuration...
Alcatel-Lucent OmniTouch My Teamwork: Cross Site Scripting of the URL /ics?action=signin
An attacker can trigger a Cross Site Scripting with the URL /ics?action=signin of Alcatel-Lucent OmniTouch My Teamwork, in order to execute JavaScript code in the context of the web site...
WordPress plugins: SQL injection of WP Private Messages
An attacker can use a SQL injection in WP Private Messages of WordPress plugins, in order to read or alter data...
EMC Avamar: privilege escalation via Client
An attacker can use the temporary files left by the EMC Avamar client, in order to get sensitive information or escalate his privileges...
Ruby: bypassing of server host name check in X.509 certificates
An attacker can send an X.509 certificate containing a null byte to a client written in Ruby in order to spoof another server...
Nagios: unauthorized access to the service monitor Web interface
An attacker can access to more information pages about monitored services that specified in the Nagios configuration...
Cisco Prime Central for Hosted Collaboration Solution: information disclosure about the filesystem
An attacker can send specially crafted HTTP requests to Cisco Prime Central for Hosted Collaboration Solution, in order to obtain information about the filenames and directory names of the host...
Cisco Unified Communications Manager: Cross Site Request Forgery of Unified Serviceability
An attacker can trigger a Cross Site Request Forgery in Unified Serviceability of Cisco Unified Communications Manager, in order to force the victim to perform operations...
Drupal: Cross Site Scripting of Display Suite
An attacker can trigger a Cross Site Scripting in Display Suite of Drupal, in order to execute JavaScript code in the context of the web site...
Drupal: access rights bypass in Fast Permissions Administration
An attacker can access to a permission definition form in Fast Permissions Administration of Drupal, in order to escalate his privileges...
Cisco ASA: denial of service via NGFW
An attacker can send unauthorized fragmented packets to a anode running Cisco ASA with the NGFW module, in order to trigger a denial of service...
Xen: denial of service via the paging management
An attacker can raise a fatal exception in the page table management of Xen, in order to trigger a denial of service...
WordPress: multiple vulnerabilities
An attacker can use several vulnerabilities of WordPress...
Firefox, Thunderbird, SeaMonkey: multiple vulnerabilities
An attacker can use several vulnerabilities of Firefox, Thunderbird...
IBM WebSphere AS 7.0: multiple vulnerabilities
An attacker can use several vulnerabilities of IBM WebSphere AS 7.0...
Drupal: five vulnerabilities of core
An attacker can use five vulnerabilities of the Drupal core...
WordPress Plugins: Cross Site Request Forgery of WP Maintenance Mode
An attacker can trigger a Cross Site Request Forgery in the plugin WP Maintenance Mode for WordPress, in order to force the victim to perform operations...
VLC: multiple vulnerabilities
An attacker can use several vulnerabilities of VLC...
WordPress Stream Video Player Plugin: Cross Site Request Forgery
An attacker can trigger a Cross Site Request Forgery in the plugin Stream Video Player for WordPress, in order to force the victim to perform operations...
Xen: privilege escalation via libxenlight
An attacker can hijack the pseudo files of XenStore managed by libxenlight of Xen, in order to escalate his privileges...
curl: buffer overflow of curl_easy_unescape
An attacker can generate a buffer overflow in curl_easy_unescape of curl, in order to trigger a denial of service, and possibly to execute code...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 382 383 384 385 386 387 388 389 391 393 394 395 396 397 398 399 400 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1050