The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
libgd, PHP: unreachable memory reading via gd_gif_in.c
An attacker can force a read at an invalid address in gd_gif_in.c of libgd or PHP, in order to trigger a denial of service...
GnuTLS: incoherence of signature algorithms
An attacker can use an incoherent X.509 certificate with an application linked with GnuTLS, in order to weaken the security level...
GnuTLS: forgery of RSA PKCS #1 signature
An attacker can for example use MD5 to sign RSA PKCS #1 data of an application linked to GnuTLS, in order to more easily create a forged signature...
Qt: denial of service via BMP
An attacker can invite the user of a Qt application to use a malicious BMP image, in order to trigger a denial of service...
Cisco IP Phone: interacting with phone
A remote attacker can send a malicious XML query to Cisco Small Business SPA 300 and 500, in order to listen to an audio stream, or to make phone calls...
Varnish: cache poisoning via CR
An attacker can use special HTTP headers with Varnish, in order to read or alter cache data...
WordPress WP Marketplace: two vulnerabilities
An attacker can use several vulnerabilities of WordPress WP Marketplace...
WordPress Photo Gallery: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress Photo Gallery, in order to execute JavaScript code in the context of the web site...
WordPress Ajax Search Lite/Pro: code execution via wpdreams-ajaxinput
An attacker can use WordPress Ajax Search Lite/Pro, in order to execute code...
Cisco IOS: denial of service via ANI
An attacker can send ANI messages to Cisco IOS XE, in order to alter the configuration, to trigger a denial of service...
WordPress AB Google Map Travel: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress AB Google Map Travel, in order to execute JavaScript code in the context of the web site...
PHP: four vulnerabilities
An attacker can use several vulnerabilities of PHP...
Firefox, SeaMonkey: read-write access via JIT
An attacker can bypass access restrictions of JIT in Firefox or SeaMonkey, in order to read or alter the memory, to execute code...
Firefox, SeaMonkey: privilege escalation via SVG Navigation
An attacker can use the SVG Navigation feature of Firefox or SeaMonkey, in order to escalate his privileges...
NetBSD: two vulnerabilities of COMPAT_
An attacker can use several vulnerabilities of compatibility layers of NetBSD...
WordPress All-in-One WP Migration: read access
An attacker can bypass access restrictions of WordPress All-in-One WP Migration, in order to read data...
Shibboleth Service Provider: unreachable memory reading via SAML
An authenticated attacker can force a read at an invalid address via SAML of Shibboleth Service Provider, in order to trigger a denial of service...
Apache Xerces-C++: unreachable memory reading via XMLReader.cpp
An attacker can force a read at an invalid address in XMLReader.cpp of Apache Xerces-C++, in order to trigger a denial of service...
Aruba Remote Access Point: privilege escalation via RAP Console
A local attacker can use the console of Aruba Remote Access Point, in order to escalate his privileges...
OpenSSL 0.9/1.0.0/1.0.1: five vulnerabilities
An attacker can use several vulnerabilities of OpenSSL 0.9/1.0.0/1.0.1...
OpenSSL 1.0.2: nine vulnerabilities
An attacker can use several vulnerabilities of OpenSSL 1.0.2...
Cisco Content Services Switch: privilege escalation via SSH Forwarding
An attacker can use the SSH Forwarding of Cisco Content Services Switch, in order to escalate his privileges...
Cisco AnyConnect Secure Mobility Client: buffer overflow of IPC
A local attacker can generate a buffer overflow in an IPC of Cisco AnyConnect Secure Mobility Client, in order to trigger a denial of service, and possibly to execute code...
Drupal Profile2 Privacy: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Drupal Profile2 Privacy, in order to execute JavaScript code in the context of the web site...
Drupal Chaos tool suite: two vulnerabilities
An attacker can use several vulnerabilities of Drupal Chaos tool suite...
Drupal Webform: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Drupal Webform, in order to execute JavaScript code in the context of the web site...
Drupal Core: two vulnerabilities
An attacker can use several vulnerabilities of Drupal Core...
Joomla Web-Dorado ECommerce-WD: SQL injection
An attacker can use a SQL injection of Joomla Web-Dorado ECommerce-WD, in order to read or alter data...
Websense TRITON AP-EMAIL: thirteen vulnerabilities
An attacker can use several vulnerabilities of Websense TRITON AP-EMAIL...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 495 496 497 498 499 500 501 502 503 505 507 508 509 510 511 512 513 514 515 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1104