The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
MongoDB: denial of service via BSON
An attacker can send malformed BSON data to MongoDB, in order to trigger a denial of service...
WordPress Ya'aburnee: privilege escalation via ec_ajax
An attacker can use admin-ajax.php with WordPress Ya'aburnee, in order to escalate his privileges...
WordPress Dignitas: privilege escalation via ec_ajax
An attacker can use admin-ajax.php with WordPress Dignitas, in order to escalate his privileges...
WordPress Contact Form DB: Cross Site Request Forgery
An attacker can trigger a Cross Site Request Forgery of WordPress Contact Form DB, in order to force the victim to perform operations...
Cisco Secure ACS: privilege escalation via Tomcat
An authenticated attacker can use the Tomcat administration interface of Cisco Secure ACS, in order to escalate his privileges...
Cisco IOS XR: denial of service via RSVP
An attacker can send a malicious RSVP packet to Cisco IOS XR, in order to trigger a denial of service...
F5 BIG-IP: buffer overflow of MCPQ
An attacker, authenticated as an administrator, can generate a buffer overflow in MCPQ of F5 BIG-IP, in order to trigger a denial of service, and possibly to execute code...
Xen: information disclosure via HYPERVISOR_xen_version
A local attacker can read a memory fragment via HYPERVISOR_xen_version() of Xen, in order to obtain sensitive information...
Xen: information disclosure via handle_xyz_io
A local attacker can read a memory fragment via the handle_xyz_io functions of Xen, in order to obtain sensitive information...
Wireshark 1.10: three vulnerabilities
An attacker can use several vulnerabilities of Wireshark 1.10...
Wireshark 1.12: six vulnerabilities
An attacker can use several vulnerabilities of Wireshark 1.12...
VLC: buffer overflow of mpgatofixed32.c
An attacker can generate a buffer overflow in mpgatofixed32.c of VLC, in order to trigger a denial of service, and possibly to execute code...
phpMyAdmin: information disclosure via BREACH
An attacker can use the BREACH attack on phpMyAdmin, in order to obtain a cookie to perform operations on the service...
Drupal Webform: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Drupal Webform, in order to execute JavaScript code in the context of the web site...
Drupal Commerce Ogone: bypassing payment
An attacker can bypass the process of Drupal Commerce Ogone, in order to deceive the seller...
Drupal Simple Subscription: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Drupal Simple Subscription, in order to execute JavaScript code in the context of the web site...
Drupal Mover: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Drupal Mover, in order to execute JavaScript code in the context of the web site...
Drupal Campaign Monitor: Cross Site Request Forgery
An attacker can trigger a Cross Site Request Forgery of Drupal Campaign Monitor, in order to force the victim to perform operations...
Drupal Trick Question: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Drupal Trick Question, in order to execute JavaScript code in the context of the web site...
Drupal Finder: open redirect
An attacker can deceive the user of Drupal Finder, in order to redirect him to a malicious site...
Drupal Taxonomy Accordion: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Drupal Taxonomy Accordion, in order to execute JavaScript code in the context of the web site...
Drupal Registration codes: two vulnerabilities
An attacker can use several vulnerabilities of Drupal Registration codes...
Drupal Ubercart Discount Coupons: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Drupal Ubercart Discount Coupons, in order to execute JavaScript code in the context of the web site...
Drupal Tracking Code: Cross Site Request Forgery
An attacker can trigger a Cross Site Request Forgery of Drupal Tracking Code, in order to force the victim to perform operations...
WordPress Max Banner Ads: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress Max Banner Ads, in order to execute JavaScript code in the context of the web site...
WordPress Newsletter: open redirect
An attacker can deceive the user of WordPress Newsletter, in order to redirect him to a malicious site...
Apache httpd mod_lua: denial of service via WebSocket PING
An attacker can send a malicious PING message to Apache httpd using mod_lua with a WebSocket, in order to trigger a denial of service...
OpenSSL, LibReSSL, Mono, JSSE: weakening TLS encryption via FREAK
An attacker, located as a Man-in-the-Middle, can force the Chrome, JSSE, LibReSSL, Mono or OpenSSL client to accept a weak export algorithm, in order to more easily capture or alter exchanged data...
JSSE, CyaSSL, Mono, OpenSSL: clear text session via SKIP-TLS
An attacker, who has a TLS server, can force the JSSE, CyaSSL, Mono or OpenSSL client/server to use a clear text session, in order to allow a third party to capture or alter exchanged data...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 491 492 493 494 495 496 497 498 499 501 503 504 505 506 507 508 509 510 511 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1047