The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
VMware vCenter Server Appliance: privilege escalation via RVC
An authenticated attacker can use the RVC of VMware vCenter Server Appliance, in order to escalate his privileges...
WordPress Popup Images: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress Popup Images, in order to execute JavaScript code in the context of the web site...
WordPress Participants Database: SQL injection
An attacker can use a SQL injection of WordPress Participants Database, in order to read or alter data...
F5 BIG-IP: Cross Site Scripting of list.jsp
An attacker can trigger a Cross Site Scripting in list.jsp of F5 BIG-IP, in order to execute JavaScript code in the context of the web site...
McAfee Email Gateway: information disclosure via Portscan
An attacker can use a Portscan on McAfee Email Gateway, in order to obtain sensitive information...
WordPress Digital Access Pass: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress Digital Access Pass, in order to execute JavaScript code in the context of the web site...
VMware Workstation, Player, ESXi: privilege escalation via VMware Tools for Windows 8.1
A local attacker can use the VMware Tools for Windows 8.1 of VMware Workstation, Player, or ESXi, in order to escalate his privileges...
GNU Libtasn1: multiple vulnerabilities
An attacker can use several vulnerabilities of GNU Libtasn1...
GnuTLS: memory corruption via ServerHello
An attacker can generate a memory corruption via ServerHello of GnuTLS, in order to trigger a denial of service, and possibly to execute code...
Linux kernel: denial of service via CONFIG_AUDITSYSCALL
A local attacker can use a system call on a Linux kernel with CONFIG_AUDITSYSCALL, in order to trigger a denial of service...
PHP: two vulnerabilities of fileinfo CDF
An attacker can use several vulnerabilities of fileinfo of PHP...
Windows: changing configuration via DHCP INFORM
An attacker can reply to DHCP INFORM queries of Windows, in order to alter its configuration...
Trend Micro InterScan Messaging Security Virtual Appliance: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Trend Micro InterScan Messaging Security Virtual Appliance, in order to execute JavaScript code in the context of the web site...
WordPress DZS Video Gallery: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress DZS Video Gallery, in order to execute JavaScript code in the context of the web site...
Exim: code execution via EXPERIMENTAL_DMARC
An attacker can send a malicious email to Exim compiled with EXPERIMENTAL_DMARC, in order to execute code...
Drupal Webserver authentication: users creation
An attacker can log in as a user created by Drupal Webserver authentication, in order to escalate his privileges...
Splunk: Cross Site Scripting of Referer
An attacker can trigger a Cross Site Scripting in the Referer processing by Splunk, in order to execute JavaScript code in the context of the web site...
Samba: denial of service via DNS Reply
An attacker can send a spoofed DNS packet coming from another Samba server, to generate a ping-pong between these two Samba servers, in order to trigger a denial of service...
Samba: information disclosure via shadow_copy
An attacker, who is authenticated on Samba with Shadow Copy, can use two queries, to read memory fragments, in order to obtain sensitive information...
Citrix XenServer: denial of service via Ethernet
An attacker can send a malicious Ethernet frame to Citrix XenServer Tools installed on Windows, in order to trigger a denial of service...
Apache Tomcat: information disclosure via XML Parser
An attacker, who is allowed to install a web application, can change the XML parser used by Apache Tomcat, in order to obtain sensitive information...
Apache Tomcat: injecting HTTP headers
An attacker can use a special HTTP Content-Length header, in order to desynchronize Apache Tomcat and its proxy, to bypass security features...
Apache Tomcat: information disclosure via Directory Listing
An attacker can provide an XSLT with an external XML entity, to manipulate data of a Directory Listing of Apache Tomcat, in order to obtain sensitive information...
Apache Tomcat: denial of service via Chunked
An attacker can send an HTTP Chunked header to Apache Tomcat, in order to trigger a denial of service...
TYPO3 Grid Elements: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of TYPO3 Grid Elements, in order to execute JavaScript code in the context of the web site...
WordPress World of Warcraft Armory Table: vulnerability
A vulnerability of WordPress World of Warcraft Armory Table was announced...
IBM Tivoli Storage Manager for Virtual Environments: information disclosure
An attacker can use IBM Tivoli Storage Manager for Virtual Environments, in order to obtain sensitive information...
Check Point Security Gateway: denial of service
An attacker can send malicious packets to Check Point Security Gateway, in order to trigger a denial of service...
IBM DB2: privilege escalation via acsX and db2iclean
A local attacker can create a malicious library, which is loaded by acscim, acsnnas, acsnsan and db2iclean of BMC Patrol for AIX, in order to escalate his privileges...
IBM DB2: privilege escalation via Stored Procedure
A local attacker, with the CREATE_EXTERNAL_ROUTINE privilege, can create a Stored Procedure of IBM DB2, in order to escalate his privileges on Windows...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 442 443 444 445 446 447 448 449 451 453 454 455 456 457 458 459 460 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1049