History of vulnerabilities analyzed by Vigil@nce: MongoDB: denial of service via BSON An attacker can send malformed BSON data to MongoDB, in order to trigger a denial of service... WordPress Ya'aburnee: privilege escalation via ec_ajax An attacker can use admin-ajax.php with WordPress Ya'aburnee, in order to escalate his privileges... WordPress Dignitas: privilege escalation via ec_ajax An attacker can use admin-ajax.php with WordPress Dignitas, in order to escalate his privileges... WordPress Contact Form DB: Cross Site Request Forgery An attacker can trigger a Cross Site Request Forgery of WordPress Contact Form DB, in order to force the victim to perform operations... Cisco Secure ACS: privilege escalation via Tomcat An authenticated attacker can use the Tomcat administration interface of Cisco Secure ACS, in order to escalate his privileges... Cisco IOS XR: denial of service via RSVP An attacker can send a malicious RSVP packet to Cisco IOS XR, in order to trigger a denial of service... F5 BIG-IP: buffer overflow of MCPQ An attacker, authenticated as an administrator, can generate a buffer overflow in MCPQ of F5 BIG-IP, in order to trigger a denial of service, and possibly to execute code... Xen: information disclosure via HYPERVISOR_xen_version A local attacker can read a memory fragment via HYPERVISOR_xen_version() of Xen, in order to obtain sensitive information... Xen: information disclosure via handle_xyz_io A local attacker can read a memory fragment via the handle_xyz_io functions of Xen, in order to obtain sensitive information... Wireshark 1.10: three vulnerabilities An attacker can use several vulnerabilities of Wireshark 1.10... Wireshark 1.12: six vulnerabilities An attacker can use several vulnerabilities of Wireshark 1.12... VLC: buffer overflow of mpgatofixed32.c An attacker can generate a buffer overflow in mpgatofixed32.c of VLC, in order to trigger a denial of service, and possibly to execute code... phpMyAdmin: information disclosure via BREACH An attacker can use the BREACH attack on phpMyAdmin, in order to obtain a cookie to perform operations on the service... Drupal Webform: Cross Site Scripting An attacker can trigger a Cross Site Scripting of Drupal Webform, in order to execute JavaScript code in the context of the web site... Drupal Commerce Ogone: bypassing payment An attacker can bypass the process of Drupal Commerce Ogone, in order to deceive the seller... Drupal Simple Subscription: Cross Site Scripting An attacker can trigger a Cross Site Scripting of Drupal Simple Subscription, in order to execute JavaScript code in the context of the web site... Drupal Mover: Cross Site Scripting An attacker can trigger a Cross Site Scripting of Drupal Mover, in order to execute JavaScript code in the context of the web site... Drupal Campaign Monitor: Cross Site Request Forgery An attacker can trigger a Cross Site Request Forgery of Drupal Campaign Monitor, in order to force the victim to perform operations... Drupal Trick Question: Cross Site Scripting An attacker can trigger a Cross Site Scripting of Drupal Trick Question, in order to execute JavaScript code in the context of the web site... Drupal Finder: open redirect An attacker can deceive the user of Drupal Finder, in order to redirect him to a malicious site... Drupal Taxonomy Accordion: Cross Site Scripting An attacker can trigger a Cross Site Scripting of Drupal Taxonomy Accordion, in order to execute JavaScript code in the context of the web site... Drupal Registration codes: two vulnerabilities An attacker can use several vulnerabilities of Drupal Registration codes... Drupal Ubercart Discount Coupons: Cross Site Scripting An attacker can trigger a Cross Site Scripting of Drupal Ubercart Discount Coupons, in order to execute JavaScript code in the context of the web site... Drupal Tracking Code: Cross Site Request Forgery An attacker can trigger a Cross Site Request Forgery of Drupal Tracking Code, in order to force the victim to perform operations... WordPress Max Banner Ads: Cross Site Scripting An attacker can trigger a Cross Site Scripting of WordPress Max Banner Ads, in order to execute JavaScript code in the context of the web site... WordPress Newsletter: open redirect An attacker can deceive the user of WordPress Newsletter, in order to redirect him to a malicious site... Apache httpd mod_lua: denial of service via WebSocket PING An attacker can send a malicious PING message to Apache httpd using mod_lua with a WebSocket, in order to trigger a denial of service... OpenSSL, LibReSSL, Mono, JSSE: weakening TLS encryption via FREAK An attacker, located as a Man-in-the-Middle, can force the Chrome, JSSE, LibReSSL, Mono or OpenSSL client to accept a weak export algorithm, in order to more easily capture or alter exchanged data... JSSE, CyaSSL, Mono, OpenSSL: clear text session via SKIP-TLS An attacker, who has a TLS server, can force the JSSE, CyaSSL, Mono or OpenSSL client/server to use a clear text session, in order to allow a third party to capture or alter exchanged data... Previous page Next pageDirect access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1022