The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
CUPS: privilege escalation via the dynamic linker
An attacker can bypass access restrictions to administrative functions of CUPS, in order to escalate his privileges...
WordPress Users Ultra: SQL injection of wp_ajax_nopriv_rating_vote
An attacker can use a SQL injection in wp_ajax_nopriv_rating_vote of WordPress Users Ultra, in order to read or alter data...
zarafa: read-write access
An attacker can bypass access restrictions of zarafa, in order to overwrite files on the server host...
less: buffer overflow of UTF-8
An attacker can generate a buffer overflow in UTF-8 of less (read access only), in order to trigger a denial of service...
redis: code execution via Lua
An attacker can use a vulnerability of redis, in order to run Lua extension code in an uncontrolled way...
WordPress Really Simple Guest Post: directory traversal
An attacker can traverse directories of WordPress Really Simple Guest Post, in order to read a file outside the service root path...
WordPress zM Ajax Login & Register: code execution via arbitrary file inclusion
An attacker can traverse directories of WordPress zM Ajax Login & Register, in order to execute any file outside the service root path...
CA Workload Automation AE: three vulnerabilities
An attacker can use three vulnerabilities of CA Workload Automation AE, in order to raise its privileges...
McAfee ePolicy Orchestrator: five vulnerabilities
An attacker can use several vulnerabilities of McAfee ePolicy Orchestrator...
Apache Batik: external XML entity injection
An attacker can transmit malicious XML data to Apache Batik, in order to read a file, scan sites, or trigger a denial of service...
Linux kernel: read-write access via MNT_DETACH
A local attacker can bypass access restrictions via MNT_DETACH on the Linux kernel, in order to read or alter files, bypassing a User Namespace...
Python: directory traversal of CGIHTTPServer
An attacker can traverse directories in CGIHTTPServer of Python, in order to read a file or make the server run outside the service root path...
Python: information disclosure via json
A local attacker can read a memory fragment of json of python, in order to obtain sensitive information...
Python: denial of service via excessive memory consumption of xmlrpclib
An attacker can make the library xmlrpclib for python by sending a compressed response, in order to trigger a denial of service...
Python: denial of service via excessive memory consumption
An attacker can make profit from the fact that severla network protocol libraries do no restrict the size of the server response to make the Python client use an excessive amount of memory, in order to trigger a denial of service...
thermostat1: credential disclosure via the Web application
The Web application stores the credentials of its users in a world readable file...
OpenSSL: use after free via NewSessionTicket
An attacker, who own a malicious TLS server, can send the NewSessionTicket message, to force the usage of a freed memory area in a client linked to OpenSSL, in order to trigger a denial of service, and possibly to execute code...
Drupal Ubercart: SQL injection of Novalnet Payment Module
An attacker can use a SQL injection in Novalnet Payment Module of Drupal Ubercart, in order to read or alter data...
Drupal Commerce: SQL injection of Novalnet Payment Module
An attacker can use a SQL injection in Novalnet Payment Module of Drupal Commerce, in order to read or alter data...
Cisco Unified MeetingPlace: information disclosure
An attacker can download any arbitrary chosen file via Cisco Unified MeetingPlace, in order to obtain sensitive information...
Apache Tomcat JK Connector: information disclosure via JkUnmount
An attacker can bypass access restrictions defined by JkUnMount of mod-jk, in order to obtain sensitive information or to access to private spaces...
t1utils: memory corruption via Font
An attacker can generate a memory corruption with a malicious font for t1utils, in order to trigger a denial of service, and possibly to execute code...
Linux kernel: information disclosure via UDF
A local attacker can mount a malicious UDF filesystem on Linux, in order to obtain sensitive information from the kernel memory...
Xen: read-write access via PCI Register
An attacker can bypass access restrictions of PCI Register in Pass Through mode of Xen, in order to trigger a denial of service, and possibly to execute code...
WordPress N-Media Website Contact Form with File Upload: directory traversal
An attacker can traverse directories of WordPress N-Media Website Contact Form with File Upload, in order to read a file outside the service root path...
Xen: denial of service via disk exhaustion by logging
An attacker that have administrator privileges in a guest system can trigger logging of an excessive amount af bus access via Xen, in order to trigger a denial of service...
Xen: denial of service via interruptions PCI
An attacker can change the PCI interrupt mask in Xen, in order to trigger a denial of service...
Xen: denial of service via writes to the PCI bus
An attacker that have administrator privileges in a guest system can trigger changes in some PCI configuration registers of Xen, in order to trigger a denial of service against the host server...
Joomla com_football: SQL injection
An attacker can use a SQL injection of Joomla com_football, in order to read or alter data...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 516 517 518 519 520 521 522 523 524 526 528 529 530 531 532 533 534 535 536 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1050