The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
PHP: use after free via SPL ArrayIterator
A local attacker can use a freed memory area in SPL ArrayIterator of PHP, in order to trigger a denial of service, and possibly to execute code...
Symfony: four vulnerabilities
An attacker can use several vulnerabilities of Symfony...
Splunk Enterprise: Cross Site Scripting of Referer Header
An attacker can trigger a Cross Site Scripting in Referer Header of Splunk Enterprise, in order to execute JavaScript code in the context of the web site...
WordPress EWWW Image Optimizer: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress EWWW Image Optimizer, in order to execute JavaScript code in the context of the web site...
WordPress All In One WP Security: SQL injection
An attacker can use a SQL injection of WordPress All In One WP Security, in order to read or alter data...
formail: buffer overflow via quote
An attacker can generate a buffer overflow of formail with a quote, in order to trigger a denial of service, and possibly to execute code...
WordPress Advanced Access Manager: file upload
An attacker can upload a malicious file on WordPress Advanced Access Manager, in order for example to upload a Trojan...
Drupal Avatar Uploader: information disclosure
An attacker can use Drupal Avatar Uploader, in order to obtain sensitive information...
GnuPG: key detection by chassis voltage
An attacker, who is located near a computer performing RSA operations with GnuPG on chosen messages, can measure this computer chassis voltage, in order to guess a 4096 bit RSA key in one hour...
WordPress WP Photo Album Plus: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress WP Photo Album Plus, in order to execute JavaScript code in the context of the web site...
WordPress Contact Form: Cross Site Request Forgery
An attacker can trigger a Cross Site Request Forgery of WordPress Contact Form, in order to force the victim to perform operations...
WordPress Ready Coming Soon: Cross Site Request Forgery
An attacker can trigger a Cross Site Request Forgery of WordPress Ready Coming Soon, in order to force the victim to perform operations...
WordPress Ready Google Maps: Cross Site Request Forgery
An attacker can trigger a Cross Site Request Forgery of WordPress Ready Google Maps, in order to force the victim to perform operations...
WordPress Ready Ecommerce: Cross Site Request Forgery
An attacker can trigger a Cross Site Request Forgery of WordPress Ready Ecommerce, in order to force the victim to perform operations...
WordPress WP RSS Multi Importer: Cross Site Request Forgery
An attacker can trigger a Cross Site Request Forgery of WordPress WP RSS Multi Importer, in order to force the victim to perform operations...
WordPress Easy Media Gallery: Cross Site Request Forgery
An attacker can trigger a Cross Site Request Forgery of WordPress Easy Media Gallery, in order to force the victim to perform operations...
WordPress Huge-IT Image Gallery: SQL injection
An attacker can use a SQL injection of WordPress Huge-IT Image Gallery, in order to read or alter data...
WordPress NativeChurch: information disclosure via download.php
An attacker can use download.php of WordPress NativeChurch, in order to obtain sensitive information...
Firefox, Thunderbird, SeaMonkey: multiple vulnerabilities
An attacker can use several vulnerabilities of Firefox, Thunderbird and SeaMonkey...
TYPO3 Extensions: multiple vulnerabilities
An attacker can use several vulnerabilities of TYPO3 extensions...
Linux kernel: denial of service via kvm_iommu_put_pages
A privileged attacker in a guest system can force a memory leak in the kvm_iommu_put_pages() function of the Linux kernel, in order to trigger a denial of service of the host system...
dhcpcd: denial of service via DHO_OPTIONSOVERLOADED
An attacker, who owns a DHCP server, can use the DHO_OPTIONSOVERLOADED option twice, in order to trigger a denial of service in dhcpcd...
WordPress CuckooTap Theme and eShop: information disclosure via admin-ajax.php
An attacker can use admin-ajax.php of WordPress CuckooTap Theme and eShop, in order to obtain sensitive information...
glibc: denial of service via iconv and IBM93x
An attacker can provide special IBM933, IBM935, IBM937, IBM939 or IBM1364 data to an application linked to the glibc and using iconv(), in order to trigger a denial of service...
glibc: denial of service via iconv and IBM930
An attacker can provide special IBM930 data to an application linked to the glibc and using iconv(), in order to trigger a denial of service...
Sophos Disk Encryption: disk access after sleep mode
An attacker can wake up a sleeping computer with no authentication, in order to read or alter disk data, even if Sophos Disk Encryption is used...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 456 457 458 459 460 461 462 463 464 466 468 469 470 471 472 473 474 475 476 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1022