The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
WordPress Ajax Store Locator: directory traversal
An attacker can traverse directories of WordPress Ajax Store Locator, in order to read a file outside the service root path...
Check Point, Cisco, IBM, F5, FortiOS: information disclosure via POODLE on TLS
An attacker, located as a Man-in-the-Middle, can decrypt a Terminating TLS session, in order to obtain sensitive information...
ISC BIND: denial of service via GeoIP
An attacker can force an assertion error in GeoIP of ISC BIND, in order to trigger a denial of service...
ISC BIND: infinite loop of Delegation
An attacker, who owns a malicious DNS server and who invites a client of BIND to query this server, can generate an infinite loop in the delegation processing of ISC BIND, in order to trigger a denial of service...
WebSphere AS 8.5: multiple vulnerabilities
An attacker can use several vulnerabilities of IBM WebSphere AS 8.5...
Xen: denial of service via p2m
An attacker, who is administrator in a guest system, can forbid Xen from writing, in order to trigger a denial of service...
WordPress jRSS Widget: information disclosure
An attacker can use WordPress jRSS Widget, in order to obtain sensitive information...
Joomla failedloginattempts: information disclosure
An attacker can use Joomla failedloginattempts, in order to obtain sensitive information...
Sendmail: privilege escalation via File Descriptors
A local attacker can access to file descriptors left open by Sendmail, in order to escalate his privileges...
Internet Explorer: use after free via display run-in
An attacker can force the usage of a freed memory area via display:run-in on Internet Explorer, in order to trigger a denial of service, and possibly to execute code...
Linux kernel: bypassing ASLR via offset2lib
An attacker, who knows only one memory address, can obtain the libc address, in order to exploit a vulnerability using the ROP (Return Oriented Programming) technique...
OpenBSD: denial of service via PIPEX
An attacker can send a malicious PIPEX packet to OpenBSD, in order to trigger a denial of service...
VMware vCenter Server: invalid certificate check
An attacker can act as a Man-in-the-Middle of VMware vCenter Server, in order to obtain or alter information about the CIM service...
VMware vCenter Server Appliance: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of VMware vCenter Server Appliance, in order to execute JavaScript code in the context of the web site...
JasPer: two vulnerabilities of jpc_dec.c
An attacker can use several vulnerabilities of JasPer...
QEMU: memory corruption via cirrus
An attacker who is privileged in the guest system can generate a memory corruption in the host system via cirrus of QEMU, in order to trigger a denial of service, and possibly to execute code...
WordPress Cart66 Lite: SQL injection
An attacker can use a SQL injection of WordPress Cart66 Lite, in order to read or alter data...
procmail: buffer overflow of getlline
A local attacker can edit his ~/.procmailrc file, to generate a buffer overflow in the getlline() function of procmail, in order to trigger a denial of service, and possibly to execute code...
Drupal Webform Invitation: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Drupal Webform Invitation, in order to execute JavaScript code in the context of the web site...
Drupal Hierarchical Select: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Drupal Hierarchical Select, in order to execute JavaScript code in the context of the web site...
phpMyAdmin: two vulnerabilities
An attacker can use several vulnerabilities of phpMyAdmin...
WordPress Google Analytics by Yoast: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress Google Analytics by Yoast, in order to execute JavaScript code in the context of the web site...
WordPress Nextend Facebook Connect: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress Nextend Facebook Connect, in order to execute JavaScript code in the context of the web site...
F5 BIG-IP ASM: Cross Site Scripting of pl_tree.php
An attacker can trigger a Cross Site Scripting in pl_tree.php of F5 BIG-IP ASM, in order to execute JavaScript code in the context of the web site...
WordPress CM Download Manager: two vulnerabilities
An attacker can use several vulnerabilities of WordPress CM Download Manager...
Adobe Acrobat, Reader: file creation via MoveFileEx
An attacker can use MoveFileEx on Adobe Acrobat or Reader, in order to store a malicious program on victim's computer...
OpenVPN: denial of service via tls-authenticated
An authenticated attacker can send a malicious message in tls-authenticated mode of OpenVPN, in order to trigger a denial of service...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 472 473 474 475 476 477 478 479 480 482 484 485 486 487 488 489 490 491 492 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1022