The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
WordPress MainWP-Child: privilege escalation
An attacker can use WordPress MainWP-Child, in order to escalate his privileges...
WordPress Fraction: Cross Site Request Forgery
An attacker can trigger a Cross Site Request Forgery of WordPress Fraction, in order to force the victim to perform operations...
Xen: memory corruption via Segment Override
An attacker in a guest system can generate a memory corruption with a Segment Override of Xen, in order to trigger a denial of service, and possibly to execute code on the host system...
Xen: denial of service via PCI Command Register
An attacker in a guest system can change the PCI Command Register on Xen, in order to trigger a denial of service on the host system...
tcpdump: four vulnerabilities
An attacker can use several vulnerabilities of tcpdump...
DRAM: privilege escalation via Row Hammer
A local attacker can alter the content of DRAM memory, in order to corrupt data. If these data are located in a page used by a privileged process, this attack can lead to a privilege escalation...
HP Operations Manager i Management Pack for SAP: privilege escalation
An attacker authenticated as a SAP administrator can use HP Operations Manager i Management Pack for SAP, in order to escalate his privileges...
HP Operations Manager Smart Plugin for SAP: privilege escalation
An attacker authenticated as a SAP administrator can use HP Operations Manager Smart Plugin for SAP, in order to escalate his privileges...
pfSense: Cross Site Request Forgery of system_firmware_restorefullbackup.php
An attacker can trigger a Cross Site Request Forgery in system_firmware_restorefullbackup.php of pfSense, in order to force the victim to delete a file...
pfSense: Cross Site Scripting of WebGUI
An attacker can trigger a Cross Site Scripting in WebGUI of pfSense, in order to execute JavaScript code in the context of the web site...
Spring Framework: predictability of SockJS
An attacker can predict the session identifier of the SockJS client of Spring Framework, in order to inject messages in a session...
WordPress WPTouch: open redirect
An attacker can deceive the user of WordPress WPTouch, in order to redirect him to a malicious site...
WordPress Custom Community: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress Custom Community, in order to execute JavaScript code in the context of the web site...
WordPress Wpshop eCommerce: file upload
An attacker can upload a malicious file on WordPress Wpshop eCommerce, in order for example to upload a Trojan...
WordPress Download Monitor: directory traversal
An attacker can traverse directories of WordPress Download Monitor, in order to list a directory outside the service root path...
WordPress FormGet Contact Form: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress FormGet Contact Form, in order to execute JavaScript code in the context of the web site...
WordPress Google Analytics by Yoast: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress Google Analytics by Yoast, in order to execute JavaScript code in the context of the web site...
OpenSSL: NULL pointer dereference via X509_to_X509_REQ
An attacker can force a NULL pointer to be dereferenced in X509_to_X509_REQ() of OpenSSL, in order to trigger a denial of service...
OpenSSL: use after free via d2i_ECPrivateKey
An attacker can force the usage of a freed memory area in d2i_ECPrivateKey of OpenSSL, in order to trigger a denial of service, and possibly to execute code...
Varnish: buffer overflow of Content-Length
An attacker, who is located behind Varnish, can generate a buffer overflow via a Content-Length on Varnish, in order to trigger a denial of service, and possibly to execute code...
WordPress Daily Edition: two vulnerabilities
An attacker can use several vulnerabilities of WordPress Daily Edition...
WordPress Download Manager: privilege escalation via basic_settings
An attacker can use admin-ajax.php with WordPress Ya'aburnee, in order to escalate his privileges...
WordPress All In One WP Security & Firewall: Cross Site Request Forgery
An attacker can trigger a Cross Site Request Forgery of WordPress All In One WP Security & Firewall, in order to force the victim to perform operations...
WordPress All In One WP Security & Firewall: SQL injection
An attacker can use a SQL injection of WordPress All In One WP Security & Firewall, in order to read or alter data...
Cisco IOS XE: adding entries via of ANI
An attacker can send ANI messages to Cisco IOS XE, in order to alter the configuration...
Cisco IOS, XE: denial of service via RADIUS
An attacker can send a malicious RADIUS packet to Cisco IOS, or IOS XE, in order to trigger a denial of service...
Cisco IOS XR: denial of service via SNMPv2
An attacker can send a malicious SNMPv2 packet to Cisco IOS XR, in order to trigger a denial of service...
Windows Schannel: weakening TLS encryption via FREAK
An attacker, located as a Man-in-the-Middle, can force the Windows Schannel client to accept a weak export algorithm, in order to more easily capture or alter exchanged data...
SIMATIC: code execution via a DLL
An attacker can create a malicious DLL, and store it in a directory and invite the victim to open a SIMATIC document from this directory, in order to execute code...
SIMATIC S7-300: denial of service via ISO-TSAP/Profibus
An attacker can send a malicious ISO-TSAP packet to SIMATIC S7-300, in order to trigger a denial of service...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 492 493 494 495 496 497 498 499 500 502 504 505 506 507 508 509 510 511 512 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1105