The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Cisco AsyncOS: privilege escalation via Microsoft AD
When Cisco AsyncOS is configured with Microsoft Active Directory, an attacker can escalate his privileges...
Oracle JavaMail: injection of SMTP header via setSubject
An attacker, who is allowed to choose the subject of an email, can use a line feed, in order to force the setSubject() method of Oracle JavaMail to inject a new SMTP header...
WordPress cnhk-slideshow: file upload
An attacker can upload a malicious file on WordPress cnhk-slideshow, in order for example to upload a Trojan...
Joomla EasyBlog: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Joomla EasyBlog, in order to execute JavaScript code in the context of the web site...
Cisco IOS XE: denial of service via SNMP Polling
An authenticated attacker can send SNMP Polling queries to Cisco IOS XE, in order to trigger a denial of service...
Dotclear: three vulnerabilities
An attacker can use several vulnerabilities of Dotclear...
Cisco NX-OS: directory traversal via the CLI
An authenticated attacker can traverse directories in the CLI of Cisco NX-OS, in order to read a file outside the service root path...
Nagios Plugins: information disclosure via check_dhcp
An attacker can use check_dhcp of Nagios Plugins, to read a file with INI format, in order to obtain sensitive information...
Cisco IOS, IOS XE: denial of service via LISP
An attacker can send malicious LISP (Locator/ID Separation Protocol) messages to Cisco IOS or IOS XE, to disable Cisco Express Forwarding, in order to trigger a denial of service...
Cisco IOS: denial of service via ScanSafe HTTPS
An attacker can send malicious HTTPS packets to Cisco IOS with ScanSafe, in order to trigger a denial of service...
Windows: weakness of Microsoft Update Client communications
An attacker can potentially capture messages of Microsoft Update Client of Windows...
Drupal Field API Tab Editor: read-write access
An attacker can bypass access restrictions of Drupal Field API Tab Editor, in order to alter data...
Drupal AddressField Tokens: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Drupal AddressField Tokens, in order to execute JavaScript code in the context of the web site...
Drupal Commerce Postfinance ePayment: buying without paying
An attacker can order on a site with Drupal Commerce Postfinance ePayment, in order to buy without paying...
Drupal Realname Registration: information disclosure
An attacker can use Drupal Realname Registration, in order to obtain sensitive information...
Juniper Space: code execution
A remote attacker can connect to Juniper Space when the firewall is disabled, in order to execute privileged code...
Juniper NSM: code execution via XDB
A remote attacker can use XDB of Juniper NSM, in order to execute privileged code...
Linux kernel: NULL pointer dereference via futex_wait_requeue_pi
An attacker can dereference a NULL pointer in the futex_wait_requeue_pi() function of the Linux kernel, in order to trigger a denial of service...
WordPress Formidable Forms: file upload
An attacker can upload a malicious file on WordPress Formidable Forms, in order for example to upload a Trojan...
Magento Enterprise Edition: multiple vulnerabilities
An attacker can use several vulnerabilities of Magento Enterprise Edition...
Xen: information disclosure via ARM Kernel
An attacker, who is allowed to alter the kernel of an ARM guest, can read a fragment of Xen memory, in order to obtain sensitive information...
Internet Explorer: two vulnerabilities
An attacker can use several vulnerabilities of Internet Explorer...
Windows: denial of service via iSCSI
An attacker can send numerous iSCSI packets to Windows, in order to trigger a denial of service...
Windows: privilege escalation via ShellExecute
A local attacker can use ShellExecute, in order to escalate his privileges on Windows...
Microsoft .NET: memory corruption via TypeFilterLevel
An unauthenticated attacker can generate a memory corruption via Microsoft .NET Remoting, in order to trigger a denial of service, and possibly to execute code...
Windows: privilege escalation via Group Policy Preferences
An authenticated attacker can obtain passwords distributed by the Group Policy Preferences of Windows, in order to escalate his privileges...
Microsoft Office: bypassing ASLR via MSCOMCTL
An attacker can obtain memory addresses, to bypass ASLR, in order to facilitate the development of an attack tool...
Microsoft Office: two vulnerabilities
An attacker can use several vulnerabilities of Microsoft Office...
Microsoft SharePoint: multiple vulnerabilities
An attacker can use several vulnerabilities of Microsoft SharePoint...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 439 440 441 442 443 444 445 446 447 449 451 452 453 454 455 456 457 458 459 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1114