History of vulnerabilities analyzed by Vigil@nce: VMware vCenter Server Appliance: privilege escalation via RVC An authenticated attacker can use the RVC of VMware vCenter Server Appliance, in order to escalate his privileges... WordPress Popup Images: Cross Site Scripting An attacker can trigger a Cross Site Scripting of WordPress Popup Images, in order to execute JavaScript code in the context of the web site... WordPress Participants Database: SQL injection An attacker can use a SQL injection of WordPress Participants Database, in order to read or alter data... F5 BIG-IP: Cross Site Scripting of list.jsp An attacker can trigger a Cross Site Scripting in list.jsp of F5 BIG-IP, in order to execute JavaScript code in the context of the web site... McAfee Email Gateway: information disclosure via Portscan An attacker can use a Portscan on McAfee Email Gateway, in order to obtain sensitive information... WordPress Digital Access Pass: Cross Site Scripting An attacker can trigger a Cross Site Scripting of WordPress Digital Access Pass, in order to execute JavaScript code in the context of the web site... VMware Workstation, Player, ESXi: privilege escalation via VMware Tools for Windows 8.1 A local attacker can use the VMware Tools for Windows 8.1 of VMware Workstation, Player, or ESXi, in order to escalate his privileges... GNU Libtasn1: multiple vulnerabilities An attacker can use several vulnerabilities of GNU Libtasn1... GnuTLS: memory corruption via ServerHello An attacker can generate a memory corruption via ServerHello of GnuTLS, in order to trigger a denial of service, and possibly to execute code... Linux kernel: denial of service via CONFIG_AUDITSYSCALL A local attacker can use a system call on a Linux kernel with CONFIG_AUDITSYSCALL, in order to trigger a denial of service... PHP: two vulnerabilities of fileinfo CDF An attacker can use several vulnerabilities of fileinfo of PHP... Windows: changing configuration via DHCP INFORM An attacker can reply to DHCP INFORM queries of Windows, in order to alter its configuration... Trend Micro InterScan Messaging Security Virtual Appliance: Cross Site Scripting An attacker can trigger a Cross Site Scripting of Trend Micro InterScan Messaging Security Virtual Appliance, in order to execute JavaScript code in the context of the web site... WordPress DZS Video Gallery: Cross Site Scripting An attacker can trigger a Cross Site Scripting of WordPress DZS Video Gallery, in order to execute JavaScript code in the context of the web site... Exim: code execution via EXPERIMENTAL_DMARC An attacker can send a malicious email to Exim compiled with EXPERIMENTAL_DMARC, in order to execute code... Drupal Webserver authentication: users creation An attacker can log in as a user created by Drupal Webserver authentication, in order to escalate his privileges... Splunk: Cross Site Scripting of Referer An attacker can trigger a Cross Site Scripting in the Referer processing by Splunk, in order to execute JavaScript code in the context of the web site... Samba: denial of service via DNS Reply An attacker can send a spoofed DNS packet coming from another Samba server, to generate a ping-pong between these two Samba servers, in order to trigger a denial of service... Samba: information disclosure via shadow_copy An attacker, who is authenticated on Samba with Shadow Copy, can use two queries, to read memory fragments, in order to obtain sensitive information... Citrix XenServer: denial of service via Ethernet An attacker can send a malicious Ethernet frame to Citrix XenServer Tools installed on Windows, in order to trigger a denial of service... Apache Tomcat: information disclosure via XML Parser An attacker, who is allowed to install a web application, can change the XML parser used by Apache Tomcat, in order to obtain sensitive information... Apache Tomcat: injecting HTTP headers An attacker can use a special HTTP Content-Length header, in order to desynchronize Apache Tomcat and its proxy, to bypass security features... Apache Tomcat: information disclosure via Directory Listing An attacker can provide an XSLT with an external XML entity, to manipulate data of a Directory Listing of Apache Tomcat, in order to obtain sensitive information... Apache Tomcat: denial of service via Chunked An attacker can send an HTTP Chunked header to Apache Tomcat, in order to trigger a denial of service... TYPO3 Grid Elements: Cross Site Scripting An attacker can trigger a Cross Site Scripting of TYPO3 Grid Elements, in order to execute JavaScript code in the context of the web site... WordPress World of Warcraft Armory Table: vulnerability A vulnerability of WordPress World of Warcraft Armory Table was announced... IBM Tivoli Storage Manager for Virtual Environments: information disclosure An attacker can use IBM Tivoli Storage Manager for Virtual Environments, in order to obtain sensitive information... Check Point Security Gateway: denial of service An attacker can send malicious packets to Check Point Security Gateway, in order to trigger a denial of service... IBM DB2: privilege escalation via acsX and db2iclean A local attacker can create a malicious library, which is loaded by acscim, acsnnas, acsnsan and db2iclean of BMC Patrol for AIX, in order to escalate his privileges... IBM DB2: privilege escalation via Stored Procedure A local attacker, with the CREATE_EXTERNAL_ROUTINE privilege, can create a Stored Procedure of IBM DB2, in order to escalate his privileges on Windows... Previous page Next pageDirect access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1049