The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
IBM SPSS Modeler: privilege escalation via Root GID
An attacker can use IBM SPSS Modeler, in order to escalate his privileges...
Cisco Unified Communications Manager: directory traversal of RTMT
An attacker can traverse directories in RTMT of Cisco Unified Communications Manager, in order to read or delete a file outside the service root path...
Cisco Unified Communications Manager: SQL injection of BulkViewFileContentsAction.java
An attacker can use a SQL injection in BulkViewFileContentsAction.java of Cisco Unified Communications Manager, in order to read or alter data...
WordPress Elegance: information disclosure
An attacker can read a file with WordPress Elegance, in order to obtain sensitive information...
WordPress Infocus: information disclosure
An attacker can read a file with WordPress Infocus, in order to obtain sensitive information...
WordPress Featured Comments: Cross Site Request Forgery
An attacker can trigger a Cross Site Request Forgery of WordPress Featured Comments, in order to force the victim to perform operations...
WordPress Member Approval: Cross Site Request Forgery
An attacker can trigger a Cross Site Request Forgery in WordPress Member Approval, in order to force the victim to perform operations...
Cisco AsyncOS: Cross Site Scripting of date_range
An attacker can trigger a Cross Site Scripting in date_range of Cisco AsyncOS, in order to execute JavaScript code in the context of the web site...
Linux kernel: information disclosure via media_enum_entities
A local attacker can use the ioctl of the media_enum_entities() function of the Linux kernel, in order to read memory fragments, which may obtain sensitive information...
Zend Framework: data injection via zf-apigility
An attacker can inject invalid data via zf-apigility of Zend Framework, in order to alter the service behavior...
Linux kernel: privilege escalation via futex
An attacker can use a futex on the Linux kernel, in order to escalate his privileges...
OpenSSL: denial of service via ECDH
An attacker, who is located on a TLS server, can use Anonymous ECDH, in order to trigger a denial of service in OpenSSL client applications...
OpenSSL: buffer overflow of DTLS
An attacker can generate a buffer overflow via DTLS of OpenSSL, in order to trigger a denial of service, and possibly to execute code...
OpenSSL: denial of service via DTLS Recursion
An attacker, who is located on a DTLS server, can use a malicious handshake, in order to trigger a denial of service in OpenSSL client applications...
OpenSSL: man in the middle via ChangeCipherSpec
An attacker can act as a man in the middle between a client and a server using OpenSSL, in order to read or alter exchanged data...
PHP: file corruption via configure
A local attacker can create a symbolic link named /tmp/phpglibccheck, in order to alter the pointed file, with privileges of the configure script of PHP...
Xen: write access on ARM
A local attacker can bypass access restrictions on ARM in Xen, in order to alter data of another guest system...
Joomla AllVideos: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Joomla AllVideos, in order to execute JavaScript code in the context of the web site...
FreeBSD: denial of service via execve
A local attacker can use execve() from a multi-threaded process on FreeBSD, in order to trigger a denial of service...
FreeBSD: information disclosure via ktrace
An attacker can use the ktrace() function of FreeBSD, in order to obtain sensitive information...
OpenPAM: bypassing policy
When the OpenPAM configuration is invalid, a local attacker can bypass authentication restrictions...
Joomla JW player: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Joomla JW player, in order to execute JavaScript code in the context of the web site...
Xen: NULL pointer dereference via HVMOP_inject_msi
An attacker in a HVM guest system can dereference a NULL pointer in HVMOP_inject_msi of Xen, in order to trigger a denial of service of the host system...
TYPO3 news: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of TYPO3 news, in order to execute JavaScript code in the context of the web site...
WordPress Query Interface: SQL injection
An attacker can use a SQL injection of WordPress Query Interface, in order to read or alter data...
WordPress Contextual Related Posts: SQL injection
An attacker can use a SQL injection of WordPress Contextual Related Posts, in order to read or alter data...
Horde: bypassing authentication of Horde_Ldap
An attacker can use the Horde_Ldap binding name and an empty password, in order to authenticate on Horde applications...
Linux kernel: denial of service via Hugepage Migration
An attacker can migrate huge pages of the Linux kernel, in order to trigger a denial of service...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 442 443 444 445 446 447 448 449 450 452 454 455 456 457 458 459 460 461 462 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1113