The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Joomla plg_codehighlight: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Joomla plg_codehighlight, in order to execute JavaScript code in the context of the web site...
WordPress Premium Gallery Manager: file upload
An attacker can upload a malicious file on WordPress Premium Gallery Manager, in order for example to upload a Trojan...
McAfee NSM: decrypting via DUAL_EC_DRBG
An attacker can predict random numbers used by McAfee NSM, in order for example to decrypt data...
Zend Framework: privilege escalation via OpenID
An attacker can setup a malicious OpenID service, in order to spoof the identity of a Zend Framework user...
Zend Framework: external XML entity injection via PHP XML Functions
An attacker can transmit malicious XML data via PHP functions to Zend Framework, in order to read a file, scan sites, or trigger a denial of service...
AIX: read-write access via ftpd WPAR
An attacker can bypass access restrictions via ftpd on AIX WPAR, in order to read or alter data...
HP-UX: privilege escalation via m4
A local attacker can use m4 on HP-UX, in order to escalate his privileges...
WordPress Barclaycart: file upload
An attacker can upload a malicious file on WordPress Barclaycart, in order for example to upload a Trojan...
Net-SNMP: denial of service via AgentX
An attacker can send a special SNMP GET query to Net-SNMP, in order to trigger a denial of service in AgentX...
Drupal Mime Mail: directory traversal
An attacker can traverse directories of Drupal Mime Mail, in order to read a file outside the service root path...
Drupal Masquerade: privilege escalation
An attacker can use Drupal Masquerade, in order to escalate his privileges...
Drupal NewsFlash: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Drupal NewsFlash, in order to execute JavaScript code in the context of the web site...
NetBSD: denial of service via posix_spawn
A local attacker can use posix_spawn(), in order to trigger a denial of service on the NetBSD kernel...
libssh, stunnel: shared random via fork
An attacker can use a process of libssh or stunnel, which has the same randoms that another process, in order to possibly decrypt this session...
sudo: privilege escalation via env_reset
When env_reset is disabled, an attacker can use the LD_PRELOAD environment variable on the sudo command line, in order to escalate his privileges...
WordPress Relevanssi: SQL injection
An attacker can use a SQL injection of WordPress Relevanssi, in order to read or alter data...
Net-SNMP: denial of service via trap
An attacker can dereference a NULL pointer in snmptrapd of Net-SNMP, in order to trigger a denial of service...
HP SiteScope: command execution via loadFileContents
An attacker can call the loadFileContents function of HP SiteScope, in order to execute a command on the server...
Puppet Enterprise: multiple vulnerabilities
An attacker can use several vulnerabilities of Puppet Enterprise...
FFmpeg: several vulnerabilities
An attacker can create a malicious video, and invite the victim to display it with an application linked to FFmpeg, in order to stop it or to execute code on his computer...
WordPress Welcart e-Commerce: SQL injection
An attacker can use a SQL injection of WordPress Welcart e-Commerce, in order to read or alter data...
Joomla ActiveHelper LiveHelp: SQL injection
An attacker can use a SQL injection of Joomla ActiveHelper LiveHelp, in order to read or alter data...
Linux kernel: denial of service via keyring_detect_cycle_iterator
A local attacker can create two keyrings with the same name, to trigger a BUG_ON in keyring_detect_cycle_iterator(), in order to trigger a denial of service of the Linux kernel...
nginx: memory corruption via SPDY
An attacker can generate a memory corruption in the SPDY implementation of nginx, in order to trigger a denial of service, and possibly to execute code...
Linux kernel: NULL pointer dereference via COOKIE_ECHO
An attacker can dereference a NULL pointer via a COOKIE_ECHO, in order to trigger a denial of service of the Linux kernel...
Linux kernel: use after free via inet_frag_lru_add
An attacker can use a freed memory area in inet_frag_lru_add() of the Linux kernel, in order to trigger a denial of service, and possibly to execute code...
Fine Free file: denial of service via PE
An attacker can invite the victim to analyze a malicious PE file with Fine Free file, in order to trigger a denial of service...
WordPress Google Analytics MU: Cross Site Request Forgery
An attacker can trigger a Cross Site Request Forgery of WordPress Google Analytics MU, in order to force the victim to perform operations...
WordPress thecotton: file upload
An attacker can upload a malicious file on WordPress thecotton, in order for example to upload a Trojan...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 426 427 428 429 430 431 432 433 434 436 438 439 440 441 442 443 444 445 446 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1103