The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Chrome: multiple vulnerabilities
An attacker can use several vulnerabilities of Chrome...
WordPress Google Captcha reCAPTCHA: privilege escalation
An attacker can use WordPress Google Captcha reCAPTCHA, in order to escalate his privileges...
WordPress Captcha: privilege escalation
An attacker can use WordPress Captcha, in order to escalate his privileges...
WordPress Gravity Forms: file upload
An attacker can upload a malicious file on WordPress Gravity Forms, in order for example to upload a Trojan...
WordPress EZ Portfolio: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress EZ Portfolio, in order to execute JavaScript code in the context of the web site...
WordPress Photocrati Theme: SQL injection
An attacker can use a SQL injection of WordPress Photocrati Theme, in order to read or alter data...
WordPress Calculated Fields Form: SQL injection
An attacker can use a SQL injection of WordPress Calculated Fields Form, in order to read or alter data...
Windows: privilege escalation via NVIDIA Display Driver
A local attacker can use an NVIDIA Display Driver on Windows, in order to escalate his privileges...
Zope: Cross Site Scripting of Products.PluggableAuthService
An attacker can trigger a Cross Site Scripting in Products.PluggableAuthService of Zope, in order to execute JavaScript code in the context of the web site...
WebSphere MQ 8.0: two vulnerabilities
An attacker can use several vulnerabilities of WebSphere MQ...
Bouncy Castle: vulnerability of CTR DRBG
An attacker can predict randoms generated by the CTR DRBG of Bouncy Castle...
Word: memory corruption via Line Formatting
An attacker can generate a memory corruption of Word, in order to trigger a denial of service, and possibly to execute code...
WordPress IP Blacklist Cloud: SQL injection
An attacker can use a SQL injection of WordPress IP Blacklist Cloud, in order to read or alter data...
PuTTY: reading keys from memory
An attacker, who can read the PuTTY process memory, can read private keys of PuTTY users, in order to escalate his privileges...
GnuPG: key detection by LLC cache
An attacker, who is located in a virtual machine of a computer performing operations with GnuPG on chosen messages, can analyze the LLC of this computer, in order to guess a decryption key...
GnuPG: key detection by radio listening
An attacker, who is located near a computer performing Elgamal operations with GnuPG on chosen messages, can listen radio signals from this computer, in order to guess a decryption key...
PuTTY: DH exponent not checked
An attacker can use a special DH exponent during the session establishment with PuTTY, in order to lower the security level of the session...
WordPress WPBook: Cross Site Request Forgery
An attacker can trigger a Cross Site Request Forgery of WordPress WPBook, in order to force the victim to perform operations...
WordPress WP Media Cleaner: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress WP Media Cleaner, in order to execute JavaScript code in the context of the web site...
Linux kernel: spoofing Netlink messages
A local attacker can send a fake Netlink message, in order to deceive an application...
Cisco IOS, IOS-XE: denial of service via IPv6 Router Solicitation
An attacker can send an IPv6 Router Solicitation packet to Cisco IOS or IOS-XE during a state change, in order to trigger a denial of service...
Cisco IOS: privilege escalation via Authentication Proxy
An attacker can use the Authentication Proxy feature of Cisco IOS, and hope that the AAA server returns an unknown code, in order to escalate his privileges...
Cisco Prime LMS: Cross Site Scripting of Common Services Help Page
An attacker can trigger a Cross Site Scripting in Common Services Help Page of Cisco Prime LMS, in order to execute JavaScript code in the context of the web site...
eCryptfs: unsalted key
An attacker can more easily perform a brute force attack on keys used by eCryptfs, in order to access to encrypted data...
glibc: unreachable memory reading via fnmatch
An attacker can force a read at an invalid address in fnmatch() of the glibc, in order to trigger a denial of service...
WordPress WP All Import: privilege escalation via PMXI_Controller_Admin
An attacker can use PMXI_Controller_Admin of WordPress WP All Import, in order to escalate his privileges...
WordPress Shopping Cart: privilege escalation via ec_ajax
An attacker can use admin-ajax.php with WordPress Shopping Cart, in order to escalate his privileges...
Cisco ESA, SMA, WSA: Cross Site Scripting of uploader.swf
An attacker can trigger a Cross Site Scripting in uploader.swf of Cisco ESA, SMA, WSA, in order to execute JavaScript code in the context of the web site...
glibc: buffer overflow of scanf
An attacker can generate a buffer overflow in scanf() functions of the glibc, in order to trigger a denial of service, and possibly to execute code...
OpenSAML Java: invalid trust by MetadataPKIX
An attacker with a certificate provided by one of the Trust Anchors indicated in shibmd:KeyAuthority can impersonate the identity of an entity, in order to escalate his privileges on an application using OpenSAML Java...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 490 491 492 493 494 495 496 497 498 500 502 503 504 505 506 507 508 509 510 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1103