The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
WordPress Blubrry PowerPress: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress Blubrry PowerPress, in order to execute JavaScript code in the context of the web site...
VMware vSphere Data Protection: Man-in-the-Middle
An attacker can act as a Man-in-the-Middle of VMware vSphere Data Protection, in order to obtain or manipulate sensitive data...
WordPress Photo Gallery: SQL injection
An attacker can use a SQL injection of WordPress Photo Gallery, in order to read or alter data...
Linux kernel: use after free via SCTP INIT
An attacker can force the usage of a freed memory area via SCTP INIT packets sent to the Linux kernel, in order to trigger a denial of service, and possibly to execute code...
Linux kernel: information disclosure via handle_to_path
A local attacker can read a memory fragment via a call to handle_to_path() on the Linux kernel, in order to obtain sensitive information...
Xen: denial of service via vgic ARM
A local attacker can use vgic of Xen, in order to trigger a denial of service on ARM...
glibc: use after free via getaddrinfo AI_IDN
An attacker can force the usage of a freed memory area in applications using getaddrinfo() of the glibc, in order to trigger a denial of service, and possibly to execute code...
glibc: denial of service via getaddrinfo File Descriptors
An attacker can force an application using getaddrinfo() to resolve an address, to write data partially controlled by the attacker to a bad file descriptor, in order to trigger a denial of service or to write data on the file system...
Fortinet FortiOS: multiple vulnerabilities of CAPWAP
An attacker can use several vulnerabilities of CAPWAP of Fortinet FortiOS...
Fortinet FortiClient: two vulnerabilities
An attacker can use several vulnerabilities of Fortinet FortiClient...
Drupal Certify: information disclosure
An attacker can use Drupal Certify, in order to obtain sensitive information...
Drupal Node Invite: multiple vulnerabilities
An attacker can use several vulnerabilities of Drupal Node Invite...
Drupal GD Infinite Scroll: multiple vulnerabilities
An attacker can use several vulnerabilities of Drupal GD Infinite Scroll...
Drupal Amazon AWS: denial of service
An attacker can use Drupal Amazon AWS, in order to trigger a denial of service...
Asterisk: multiple vulnerabilities
An attacker can use several vulnerabilities of Asterisk...
Cisco Prime Service Catalog: external XML entity injection
An attacker can transmit malicious XML data to Cisco Prime Service Catalog, in order to read a file, scan sites, or trigger a denial of service...
WordPress Photo Gallery: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress Photo Gallery, in order to execute JavaScript code in the context of the web site...
Puppet: information disclosure via puppetlabs-rabbitmq
An attacker can obtain the cookie of puppetlabs-rabbitmq of Puppet, in order to obtain sensitive information...
EMC Unisphere Central: multiple vulnerabilities
An attacker can use several vulnerabilities of EMC Unisphere Central...
FreeBSD: read-write access via SCTP Stream ID
A local attacker can use a large SCTP Stream ID on FreeBSD, in order to read or alter kernel memory data...
FreeBSD: unreachable memory reading via VT_WAITACTIVE
An attacker can force a read at an invalid address in VT_WAITACTIVE of FreeBSD, in order to trigger a denial of service...
FreeBSD: NULL pointer dereference via SCTP RE_CONFIG
An attacker can force a NULL pointer to be dereferenced via a SCTP RE_CONFIG packet sent to FreeBSD, in order to trigger a denial of service...
VMware ESXi, Player, Workstation: multiple vulnerabilities
An attacker can use several vulnerabilities of VMware ESXi, Player, Workstation...
ClamAV: multiple vulnerabilities
An attacker can use several vulnerabilities of ClamAV...
Adobe Flash Player: use after free
An attacker can force the usage of a freed memory area of Adobe Flash Player, in order to trigger a denial of service, and possibly to execute code...
Joomla J-ClassifiedsManager: multiple vulnerabilities
An attacker can use several vulnerabilities of Joomla J-ClassifiedsManager...
Linux kernel: privilege escalation via KVM SYSENTER
A local attacker can use the SYSENTER instruction on KVM of the Linux kernel, in order to escalate his privileges...
WordPress Geo Mashup: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress Geo Mashup, in order to execute JavaScript code in the context of the web site...
glibc: buffer overflow of gethostbyname, GHOST
An attacker can for example send an email using a long IPv4 address, to force the messaging server to resolve this address, and to generate a buffer overflow in gethostbyname() of the glibc, in order to trigger a denial of service, and possibly to execute code. Several programs using the gethostbyname() function are vulnerable with a similar attack vector...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 483 484 485 486 487 488 489 490 491 493 495 496 497 498 499 500 501 502 503 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1022