The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Linux kernel: use after free via ath_tx_aggr_sleep
An attacker can use a freed memory area in the ath_tx_aggr_sleep() function of the Linux kernel, in order to trigger a denial of service, and possibly to execute code...
WordPress Js-Multi-Hotel: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress Js-Multi-Hotel, in order to execute JavaScript code in the context of the web site...
WordPress GD Star Rating: SQL injection
An attacker can use a SQL injection of WordPress GD Star Rating, in order to read or alter data...
WordPress Ajax Pagination: directory traversal
An attacker can traverse directories of WordPress Ajax Pagination, in order to read a file outside the service root path...
WordPress WP HTML Sitemap: Cross Site Request Forgery
An attacker can trigger a Cross Site Request Forgery of WordPress WP HTML Sitemap, in order to force the victim to perform operations...
Joomla Kunena: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Joomla Kunena, in order to execute JavaScript code in the context of the web site...
RuggedCom ROS: denial of service via HTTP
An attacker can send HTTP queries to RuggedCom ROS, in order to trigger a denial of service...
Cisco IOS: denial of service via High Priority Queue
An attacker can send BFD (Bidirectional Forwarding Detection) or VSS (Virtual Switching Systems) packets, which use the High Priority Queue of Cisco IOS, in order to trigger a denial of service...
Cisco Prime Security Manager: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Cisco Prime Security Manager, in order to execute JavaScript code in the context of the web site...
OpenBSD 5.5: memory corruption via ICMP Redirect
An attacker can send an ICMP Redirect packet to generate a memory corruption in OpenBSD, in order to trigger a denial of service, and possibly to execute code...
IBM Tivoli Storage Manager for Mail: mailbox disclosure
An attacker can request a mailbox to be restored via IBM Tivoli Storage Manager for Mail, in order to obtain sensitive information...
LibYAML: buffer overflow of yaml_parser_scan_uri_escapes
An attacker can generate a buffer overflow of LibYAML, in order to trigger a denial of service, and possibly to execute code...
Fine Free file: denial of service via awk BEGIN
An attacker can invite the victim to analyze a large file with Fine Free file, in order to trigger a denial of service during the AWK format detection...
Cisco IOS, IOS XE: denial of service via SIP
An attacker can send a malicious SIP message to Cisco IOS or IOS XE, in order to trigger a denial of service...
Cisco 7600 Series Route Switch Processor 720: denial of service via 10GE
An attacker can send a malicious IP packet to Cisco 7600 Series Route Switch Processor 720, in order to trigger a denial of service...
Cisco IOS: two vulnerabilities of NAT
An attacker can use several vulnerabilities of the Network Address Translation management by Cisco IOS...
Cisco IOS, IOS XE: memory leak via IPv6
An attacker can send a special IPv6 packet, to create a memory leak in IPv6 of Cisco IOS or IOS XE, in order to trigger a denial of service...
Cisco IOS: memory leak via SSL VPN
An attacker can create a memory leak in the SSL VPN feature of Cisco IOS, in order to trigger a denial of service...
Cisco IOS, IOS XE: denial of service via IKEv2
An attacker can send a malformed IKEv2 packet to Cisco IOS or IOS XE, in order to trigger a denial of service...
OpenSSH: bypassing SSHFP via HostCertificate
An attacker can setup a malicious SSH server with HostCertificate, and invite an OpenSSH client to connect, without checking SSHFP...
RSA Authentication Manager: Cross Frame Scripting
An attacker can trigger a Cross Frame Scripting of RSA Authentication Manager, in order to execute JavaScript code in the context of the web site...
Splunk: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Splunk, in order to execute JavaScript code in the context of the web site...
eZ Publish BC Collected Information Export: information disclosure
An attacker can use eZ Publish BC Collected Information Export, in order to obtain sensitive information...
cURL: incorrect certificate check via SecureTransport/Darwinssl
An attacker can deceive Mac OS X or iOS cURL users with the SecureTransport/Darwinssl backend, in order to trigger a Man-in-the-Middle...
cURL: incorrect certificate check via IP Wildcard
An attacker can invite cURL users to connect to a malicious IP site, in order to trigger a Man-in-the-Middle...
cURL: re-use of non HTTP/FTP connection
In some cases, an application compiled with libcurl and not using HTTP/FTP can access to data belonging to another user...
Xen: denial of service via HVMOP_set_mem_access
An attacker, located in a guest HVM system with qemu-dm, can call HVMOP_set_mem_access of Xen, in order to trigger a denial of service...
Firefox for Android: information disclosure via file
An attacker can use the "file:" protocol on Firefox for Android, in order to obtain sensitive information from victim's local files...
WordPress Felici: file upload
An attacker can upload a malicious file on WordPress Felici, in order for example to upload a Trojan...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 430 431 432 433 434 435 436 437 438 440 442 443 444 445 446 447 448 449 450 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1116