The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Cisco Unified Communications Manager: Cross Site Request Forgery of User WebDialer
An attacker can trigger a Cross Site Request Forgery in User WebDialer of Cisco Unified Communications Manager, in order to force the victim to perform operations...
Cisco Unified Communications Manager: information disclosure via Stack Trace
An attacker can trigger a Stack Trace of Cisco Unified Communications Manager, in order to obtain sensitive information...
TYPO3 Formhandler: multiple vulnerabilities
An attacker can use several vulnerabilities of TYPO3 Formhandler...
TYPO3 Front End User Registration: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of TYPO3 Front End User Registration, in order to execute JavaScript code in the context of the web site...
phpMyAdmin: Clickjacking
An attacker can include the phpMyAdmin site in a Frame, in order to force the victim to perform operations on the site...
Joomla: Cross Site Scripting of idna_convert
An attacker can trigger a Cross Site Scripting in idna_convert of Joomla, in order to execute JavaScript code in the context of the web site...
TYPO3 Extensions: multiple vulnerabilities
An attacker can use several vulnerabilities of TYPO3 extensions...
Samba: infinite loop of EA List
An attacker can generate an infinite loop in the EA List processing by Samba, in order to trigger a denial of service...
WordPress WPtouch: multiple vulnerabilities
An attacker can use several vulnerabilities of WPtouch for WordPress...
NetBSD: denial of service via tcpdrop
A local attacker can use the tcpdrop utility of NetBSD, in order to stop TCP sessions, to trigger a denial of service...
Windows Phone: information disclosure via WiFi WPA2 PEAP-MS-CHAPv2
An attacker can create a fake WiFi WPA2 access point to obtain encrypted data, then decrypt the PEAP-MS-CHAPv2 algorithm, in order to obtain victim's password, to access to sensitive information...
SSL, TLS: information disclosure via compression, BREACH
An attacker can use several SSL/TLS compressed sessions, in order to obtain sensitive information from the server...
Joomla: arbitrary file upload
An attacker can upload any file type on Joomla, in order for example to execute them...
Joomla Cobalt: corrupting files
The Joomla Cobalt extension creates directories with permission 0777, so a local attacker can alter uploaded files...
WordPress SexyBookmarks: Cross Site Request Forgery
An attacker can trigger a Cross Site Request Forgery in WordPress SexyBookmarks, in order to force the victim to perform operations...
strongSwan: denial of service via is_asn1
An attacker can send malicious XAuth/EAP/PEM data to strongSwan, in order to trigger a denial of service...
Symantec PGP/Encryption Desktop: privilege escalation via RDDService
A local attacker can store a malicious program in the PATH of RDDService of Symantec PGP/Encryption Desktop, in order to escalate his privileges...
OSPF: corrupting the routing database
An attacker can spoof OSPF messages, in order to corrupt the routing database...
Check Point R75.40VS: information disclosure via SecureXL
An attacker can capture SIP/MGCP packets when SecureXL is enabled on Check Point R75.40VS, in order to obtain sensitive information...
WordPress Comment Extra Fields: Cross Site Scripting of swfupload.swf
An attacker can trigger a Cross Site Scripting in swfupload.swf of WordPress Comment Extra Fields, in order to execute JavaScript code in the context of the web site...
Drupal Flippy: information disclosure
An attacker can bypass access restrictions of Drupal Flippy, in order to discover a protected document...
McAfee Email/Web Gateway, Web Security: multiple vulnerabilities of iDRAC, iLO and IPMI
An attacker can use several vulnerabilities of iDRAC, iLO and IPMI of McAfee Web Gateway, McAfee Email Gateway and McAfee Web Security appliances...
Siemens SIMATIC HMI: multiple vulnerabilities of WinCC TIA Portal
An attacker can use several vulnerabilities of WinCC TIA Portal of Siemens SIMATIC HMI...
Splunk: Clickjacking
An attacker can include the Splunk site in a Frame, in order to force the victim to perform operations on the site...
WordPress Better WP Security: Cross Site Scripting of logs
An attacker can trigger a Cross Site Scripting in WordPress Better WP Security, in order to execute JavaScript code in the context of the web site...
Perl Data-UUID: file corruption via UUID_STATE
A local attacker can create a symbolic link during the usage of the Perl Data::UUID module, in order to corrupt a file with victim's privileges...
NetBSD: memory reading via netstat
A local attacker can use the netstat command of NetBSD, in order to obtain sensitive information from the kernel memory...
TYPO3: multiple vulnerabilities
An attacker can use several vulnerabilities of TYPO3...
HP SiteScope: code execution via SOAP
An attacker can use the SOAP feature of HP SiteScope, in order to execute code...
EMC NetWorker: information disclosure via nsradmin
An attacker can use the nsradmin utility of EMC NetWorker, in order to obtain sensitive information about the configuration...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 387 388 389 390 391 392 393 394 395 397 399 400 401 402 403 404 405 406 407 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1050