History of vulnerabilities analyzed by Vigil@nce: Linux kernel: use after free via ath_tx_aggr_sleep An attacker can use a freed memory area in the ath_tx_aggr_sleep() function of the Linux kernel, in order to trigger a denial of service, and possibly to execute code... WordPress Js-Multi-Hotel: Cross Site Scripting An attacker can trigger a Cross Site Scripting of WordPress Js-Multi-Hotel, in order to execute JavaScript code in the context of the web site... WordPress GD Star Rating: SQL injection An attacker can use a SQL injection of WordPress GD Star Rating, in order to read or alter data... WordPress Ajax Pagination: directory traversal An attacker can traverse directories of WordPress Ajax Pagination, in order to read a file outside the service root path... WordPress WP HTML Sitemap: Cross Site Request Forgery An attacker can trigger a Cross Site Request Forgery of WordPress WP HTML Sitemap, in order to force the victim to perform operations... Joomla Kunena: Cross Site Scripting An attacker can trigger a Cross Site Scripting of Joomla Kunena, in order to execute JavaScript code in the context of the web site... RuggedCom ROS: denial of service via HTTP An attacker can send HTTP queries to RuggedCom ROS, in order to trigger a denial of service... Cisco IOS: denial of service via High Priority Queue An attacker can send BFD (Bidirectional Forwarding Detection) or VSS (Virtual Switching Systems) packets, which use the High Priority Queue of Cisco IOS, in order to trigger a denial of service... Cisco Prime Security Manager: Cross Site Scripting An attacker can trigger a Cross Site Scripting of Cisco Prime Security Manager, in order to execute JavaScript code in the context of the web site... OpenBSD 5.5: memory corruption via ICMP Redirect An attacker can send an ICMP Redirect packet to generate a memory corruption in OpenBSD, in order to trigger a denial of service, and possibly to execute code... IBM Tivoli Storage Manager for Mail: mailbox disclosure An attacker can request a mailbox to be restored via IBM Tivoli Storage Manager for Mail, in order to obtain sensitive information... LibYAML: buffer overflow of yaml_parser_scan_uri_escapes An attacker can generate a buffer overflow of LibYAML, in order to trigger a denial of service, and possibly to execute code... Fine Free file: denial of service via awk BEGIN An attacker can invite the victim to analyze a large file with Fine Free file, in order to trigger a denial of service during the AWK format detection... Cisco IOS, IOS XE: denial of service via SIP An attacker can send a malicious SIP message to Cisco IOS or IOS XE, in order to trigger a denial of service... Cisco 7600 Series Route Switch Processor 720: denial of service via 10GE An attacker can send a malicious IP packet to Cisco 7600 Series Route Switch Processor 720, in order to trigger a denial of service... Cisco IOS: two vulnerabilities of NAT An attacker can use several vulnerabilities of the Network Address Translation management by Cisco IOS... Cisco IOS, IOS XE: memory leak via IPv6 An attacker can send a special IPv6 packet, to create a memory leak in IPv6 of Cisco IOS or IOS XE, in order to trigger a denial of service... Cisco IOS: memory leak via SSL VPN An attacker can create a memory leak in the SSL VPN feature of Cisco IOS, in order to trigger a denial of service... Cisco IOS, IOS XE: denial of service via IKEv2 An attacker can send a malformed IKEv2 packet to Cisco IOS or IOS XE, in order to trigger a denial of service... OpenSSH: bypassing SSHFP via HostCertificate An attacker can setup a malicious SSH server with HostCertificate, and invite an OpenSSH client to connect, without checking SSHFP... RSA Authentication Manager: Cross Frame Scripting An attacker can trigger a Cross Frame Scripting of RSA Authentication Manager, in order to execute JavaScript code in the context of the web site... Splunk: Cross Site Scripting An attacker can trigger a Cross Site Scripting of Splunk, in order to execute JavaScript code in the context of the web site... eZ Publish BC Collected Information Export: information disclosure An attacker can use eZ Publish BC Collected Information Export, in order to obtain sensitive information... cURL: incorrect certificate check via SecureTransport/Darwinssl An attacker can deceive Mac OS X or iOS cURL users with the SecureTransport/Darwinssl backend, in order to trigger a Man-in-the-Middle... cURL: incorrect certificate check via IP Wildcard An attacker can invite cURL users to connect to a malicious IP site, in order to trigger a Man-in-the-Middle... cURL: re-use of non HTTP/FTP connection In some cases, an application compiled with libcurl and not using HTTP/FTP can access to data belonging to another user... Xen: denial of service via HVMOP_set_mem_access An attacker, located in a guest HVM system with qemu-dm, can call HVMOP_set_mem_access of Xen, in order to trigger a denial of service... Firefox for Android: information disclosure via file An attacker can use the "file:" protocol on Firefox for Android, in order to obtain sensitive information from victim's local files... WordPress Felici: file upload An attacker can upload a malicious file on WordPress Felici, in order for example to upload a Trojan... Previous page Next pageDirect access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1116