The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
WordPress Banner Effect Header: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress Banner Effect Header, in order to execute JavaScript code in the context of the web site...
Xen: use after free via hvm_domain_initialise
An attacker, who is located in a privileged domain, can force the usage of a freed memory area in hvm_domain_initialise() of Xen, in order to trigger a denial of service, and possibly to execute code...
D-Bus: privilege escalation via Midgard2
A local attacker can manipulate the Midgard2 application using D-Bus, in order to escalate his privileges...
WordPress Email: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress Email, in order to execute JavaScript code in the context of the web site...
WordPress Email newsletter: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress Email newsletter, in order to execute JavaScript code in the context of the web site...
WordPress sumome: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress sumome, in order to execute JavaScript code in the context of the web site...
WordPress WP-EMail: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress WP-EMail, in order to execute JavaScript code in the context of the web site...
WordPress SEO Friendly Images: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress SEO Friendly Images, in order to execute JavaScript code in the context of the web site...
WordPress Relevanssi: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress Relevanssi, in order to execute JavaScript code in the context of the web site...
strongSwan: invalid pointer dereference via IKEv2_SA_INIT
An unauthenticated attacker can force an invalid pointer to be dereferenced via an IKEv2_SA_INIT message sent to strongSwan, in order to trigger a denial of service...
Emacs: information disclosure via left-click
An attacker can receive data that were read by the victim with Emacs, in order to obtain sensitive information...
Webmin: file reading via Mailbox
A local attacker can create a symbolic link on his Mailbox, in order to read the pointed file, with privileges of Webmin...
WordPress Cart66 Pro: directory traversal
An attacker can traverse directories of WordPress Cart66 Pro, in order to read a file outside the service root path...
WordPress Cart66 Lite: SQL injection
An attacker can use a SQL injection of WordPress Cart66 Lite, in order to read or alter data...
GnuPG: use after free
An attacker can force the usage of a freed memory area of GnuPG, in order to trigger a denial of service, and possibly to execute code...
F5 BIG-IP ASM: Cross Site Scripting of pl_tree.php
An attacker can trigger a Cross Site Scripting in pl_tree.php of F5 BIG-IP ASM, in order to execute JavaScript code in the context of the web site...
Linux kernel: buffer overflow of batman-adv
An attacker can generate a buffer overflow in the batman-adv module of the Linux kernel, in order to trigger a denial of service, and possibly to execute code...
Windows: privilege escalation via NtApphelpCacheControl
A local attacker can call NtApphelpCacheControl() of Windows, in order to escalate his privileges...
PHP: unreachable memory reading via php-cgi
An attacker can force a read at an invalid address in php-cgi of PHP, in order to trigger a denial of service...
WordPress Sell Downloads: directory traversal
An attacker can traverse directories of WordPress Sell Downloads, in order to read a file outside the service root path...
WordPress DukaPress: directory traversal
An attacker can traverse directories of WordPress DukaPress, in order to read a file outside the service root path...
Joomla Sbahjaoui Contact: SQL injection
An attacker can use a SQL injection of Joomla Sbahjaoui Contact, in order to read or alter data...
WordPress DMSGuestbook: file writing
An attacker can bypass access restrictions of WordPress DMSGuestbook, in order to alter data...
Fine Free file: use after free via apprentice_load
An attacker can invite the victim to analyze a malicious file with Fine Free file, to force the usage of a freed memory area in the apprentice_load() function of libmagic, in order to trigger a denial of service, and possibly to execute code...
Apache httpd mod_lua: privilege escalation via LuaAuthzProvider
When mod_lua is installed on Apache httpd, with LuaAuthzProvider used several times, an attacker can escalate his privileges depending on the order of lines...
PHP: use after free via zend_ts_hash_graceful_destroy
An attacker can force the usage of a freed memory area in the zend_ts_hash_graceful_destroy() function of PHP, in order to trigger a denial of service, and possibly to execute code...
OpenSSL: NULL pointer dereference via ssl23_get_client_hello
An attacker can force a NULL pointer to be dereferenced in ssl23_get_client_hello() of OpenSSL, in order to trigger a denial of service...
WordPress WP Symposium: multiple vulnerabilities
An attacker can use several vulnerabilities of WordPress WP Symposium...
libsndfile: unreachable memory reading via sd2_parse_rsrc_fork
An attacker can force a read at an invalid address in sd2_parse_rsrc_fork() of libsndfile, in order to trigger a denial of service...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 477 478 479 480 481 482 483 484 485 487 489 490 491 492 493 494 495 496 497 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1022