The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Cisco Secure ACS: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Cisco Secure ACS, in order to execute JavaScript code in the context of the web site...
Cisco Web Security Appliance: Cross Site Scripting of Web Tracking Report
An attacker can trigger a Cross Site Scripting in Web Tracking Report of Cisco Web Security Appliance, in order to execute JavaScript code in the context of the web site...
Cisco Unified Contact Center Enterprise: directory traversal
An attacker can traverse directories of Cisco Unified Contact Center Enterprise, in order to read a file outside the service root path...
Cisco Email Security Appliance: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Cisco Email Security Appliance, in order to execute JavaScript code in the context of the web site...
Cisco IOS: denial of service via ISDN Q931 SETUP
An attacker can send a malicious ISDN Q931 SETUP packet to Cisco IOS, in order to trigger a denial of service...
Axis: read-write access via Common Name
An attacker can bypass access restrictions of Common Name of Axis, in order to read or alter data...
SPICE: buffer overflow of Password
An attacker can generate a buffer overflow in Password of SPICE, in order to trigger a denial of service, and possibly to execute code...
phpMyAdmin: two vulnerabilities
An attacker can use several vulnerabilities of phpMyAdmin...
Mozilla NSS: update of the certification authority list
The security of Mozilla NSS was improved with an updated list of CA certificates...
Python: accepting Wildcard IDN
An attacker can create a Wildcard IDN certificate, which is accepted by Python, in order to perform a Man-in-the-Middle...
PHP: file access via the null character
When a PHP application does not filter null characters in its parameters, and then uses these parameters to access to a file, the name of the file which is really accessed is truncated...
Apache Tomcat: privilege escalation via Web Application
An attacker can create a malicious application, and invite the administrator to install it on Apache Tomcat, in order to escalate his privileges...
PHP: denial of service via multipart/form-data
An attacker can send specially formed multipart/form-data data to PHP, in order to trigger a denial of service...
PHP: integer overflow of ftp_genlist
An attacker can generate an integer overflow in ftp_genlist() of PHP, in order to trigger a denial of service, and possibly to execute code...
PHP: memory corruption via phar_tar_process_metadata
An attacker can generate a memory corruption in the phar_tar_process_metadata() function of PHP, in order to trigger a denial of service, and possibly to execute code...
PHP: memory corruption via phar_parse_tarfile
An attacker can generate a memory corruption in phar_parse_tarfile() of PHP, in order to trigger a denial of service, and possibly to execute code...
WordPress Encrypted Contact Form: Cross Site Request Forgery
An attacker can trigger a Cross Site Request Forgery of WordPress Encrypted Contact Form, in order to force the victim to perform operations...
Linux kernel: four vulnerabilities of ozwpan
An attacker can use several vulnerabilities of ozwpan of the Linux kernel...
QEMU: file corruption via /tmp/qemu-smb
A local attacker can create a symbolic link named /tmp/qemu-smb.pid-N, in order to alter the pointed file, with privileges of QEMU...
Linux kernel: memory corruption via vhost_scsi_make_tpg
A local attacker can generate a memory corruption in the vhost_scsi_make_tpg() function of the Linux kernel, in order to trigger a denial of service, and possibly to execute code...
WordPress Indieweb Post Kinds: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress Indieweb Post Kinds, in order to execute JavaScript code in the context of the web site...
WordPress Syndication Links: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress Syndication Links, in order to execute JavaScript code in the context of the web site...
kexec-tools: file corruption via module-setup.sh
A local attacker can create a symbolic link during the execution of module-setup.sh, in order to alter the pointed file, with privileges of kexec-tools...
RHEL pcs: privilege escalation
An attacker can bypass restrictions of RHEL pcs, in order to escalate his privileges...
QEMU, Xen: privilege escalation via the emulated floppy disk drive, VENOM
A local attacker can trigger a buffer overflow attack in the emulated floppy disk controller of QEMU, in order to escalate his privileges...
Wireshark 1.10: three vulnerabilities
An attacker can use several vulnerabilities of Wireshark 1.10...
Wireshark 1.12: seven vulnerabilities
An attacker can use several vulnerabilities of Wireshark 1.12...
dpkg: privilege escalation
An attacker can bypass the integrity check of dpkg, in order to escalate his privileges...
TeX Live: file corruption via /tmp/mktexlsrtrees.tmp
A local attacker can create a symbolic link named /tmp/mktexlsrtrees.tmp, in order to alter the pointed file, with privileges of TeX Live...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 511 512 513 514 515 516 517 518 519 521 523 524 525 526 527 528 529 530 531 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1089