The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Linux kernel: information disclosure via llc2_timeout_table
A local attacker can read a memory fragment from llc2_timeout_table of the Linux kernel, in order to obtain sensitive information...
Apache mod_gnutls: client certificate not checked
An attacker can use any X.509 certificate if the GnuTLSClientVerify directive of mod_gnutls is not located in the directory, in order to access to resources requiring a valid client certificate...
WordPress Easy Social Icons: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress Easy Social Icons, in order to execute JavaScript code in the context of the web site...
WordPress WooCommerce: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress WooCommerce, in order to execute JavaScript code in the context of the web site...
e2fsprogs: buffer overflow via ext2fs_flush2
An attacker can generate a buffer overflow in e2fsprogs, in order to trigger a denial of service, and possibly to execute code...
Cisco IOS XR: denial of service via IPv6
An attacker can send a malicious IPv6 packet to Cisco IOS XR, in order to trigger a denial of service...
WordPress Huge IT Slider: SQL injection
An attacker can use a SQL injection of WordPress Huge IT Slider, in order to read or alter data...
Cisco WSA: bypassing HTTP Proxy
An unauthenticated attacker can send a malicious HTTP query to Cisco WSA, in order to send a traffic which should be blocked...
NSS: useless warnings
Applications linked to NSS can display useless warning messages, so users gets used to ignore messages...
ImageMagick: four vulnerabilities
An attacker can use several vulnerabilities of ImageMagick...
FreeType: multiple vulnerabilities
An attacker can use several vulnerabilities of FreeType...
WordPress Store Locator: SQL injection
An attacker can use a SQL injection of WordPress Store Locator, in order to read or alter data...
WordPress WonderPlugin Audio Player: two vulnerabilities
An attacker can use several vulnerabilities of WordPress WonderPlugin Audio Player...
WordPress Duplicator: information disclosure
An attacker can use WordPress Duplicator, in order to obtain sensitive information...
TYPO3 Core: bypassing authentication of rsaauth
An attacker can use the rsaauth extension of TYPO3 Core, in order to authenticate on a restricted frontend area...
Cisco Web Security Appliance: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Cisco Web Security Appliance, in order to execute JavaScript code in the context of the web site...
Drupal Services Basic Authentication: information disclosure
An authenticated attacker can use Drupal RESTful Web Services, in order to obtain sensitive information...
Drupal RESTful Web Services: information disclosure
An authenticated attacker can use Drupal RESTful Web Services, in order to obtain sensitive information...
Drupal Term Queue: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Drupal Term Queue, in order to execute JavaScript code in the context of the web site...
Drupal Navigate: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Drupal Navigate, in order to execute JavaScript code in the context of the web site...
Drupal Avatar Uploader: file upload
An attacker can upload a malicious file on Drupal Avatar Uploader, in order for example to upload a Trojan...
Drupal Panopoly Magic: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Drupal Panopoly Magic, in order to execute JavaScript code in the context of the web site...
Zend Framework: SQL injection of PostgreSQL Zend\Db
An attacker can use a SQL injection in PostgreSQL Zend\Db of Zend Framework, in order to read or alter data...
Squid cache: three vulnerabilities
An attacker can use several vulnerabilities of Squid cache...
BIND: denial of service via DNSSEC Trust Anchor
An attacker can invite BIND to perform a DNSSEC validation, in order to trigger a denial of service...
Linux kernel: weakness of ASLR via mmap_rnd
An attacker can use a weakness of ASLR of the Linux kernel, in order to more easily guess a memory address...
FFmpeg: unreachable memory reading via mjpegdec.c
An attacker can force a read at an invalid address in mjpegdec.c of FFmpeg, in order to trigger a denial of service...
JDOM: two vulnerabilities
An attacker can use several vulnerabilities of JDOM...
Linux kernel: buffer overflow of ecryptfs_decode_from_filename
An attacker can generate a buffer overflow in the ecryptfs_decode_from_filename() function of the Linux kernel, in order to trigger a denial of service, and possibly to execute code...
UnZip: buffer overflow of charset_to_intern
An attacker can generate a buffer overflow in the charset_to_intern() function of UnZip, in order to trigger a denial of service, and possibly to execute code...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 488 489 490 491 492 493 494 495 496 498 500 501 502 503 504 505 506 507 508 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1022