The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Joomla Zen Library: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Joomla Zen Library, in order to execute JavaScript code in the context of the web site...
Joomla Art Pretty Photo: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Joomla Art Pretty Photo, in order to execute JavaScript code in the context of the web site...
Joomla BK MultiThumb: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Joomla BK MultiThumb, in order to execute JavaScript code in the context of the web site...
Joomla Escope PrettyPhoto: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Joomla Escope PrettyPhoto, in order to execute JavaScript code in the context of the web site...
git: code execution via cas insensitive filesystems
An attacker who controls a git server, can inject commands in the client side, if this one use a filesystem where 2 filenames can not coexist in a directory if they differ only in their case...
XWayland: lack of authentication in some local access
An attacker who can access to the local X socket when the server is in Wayland mode, can retrieve X events, for instance in order to record keystrokes...
Cisco NX-OS: denial of service via LLDP
An attacker can send a specially crafted ill formed LLDP packet to Cisco NX-OS, in order to trigger a denial of service...
Cisco Web Security Appliance: Cross Site Scripting of HTTP
An attacker can trigger a Cross Site Scripting in the HTTP response headers from Cisco Web Security Appliance, in order to execute JavaScript code in the context of the web site...
binutils: buffer overflow
An attacker can generate several buffer overflow, both stack based and heap based, in the tools from the binutils package, in order to trigger a denial of service, and possibly to execute code...
FreeRADIUS: incomplete validation of X.509 certificate for TLS
An attacker can use X.509 certificates from revoked CA in order to be accepted by FreeRADIUS...
WordPress Google Analyticator: Cross Site Request Forgery
An attacker can trigger a Cross Site Request Forgery of WordPress Google Analyticator, in order to force the victim to perform operations...
qpid-cpp: anonymous access not blocked
An attacker can anonymously access to the Qpis server of qpid-cpp, even if anonymous access are disallowed...
qpid-cpp: denial of service via AMQP
An attacker can force an assertion error in AMQP of qpid-cpp, in order to trigger a denial of service...
pyjwt: signature spoofing
An attacker can tweak the header and signature fields of a JWT token handled by pyjwt, in order to make it check ans accept a HMAC signature based on public data...
Magento: three vulnerabilities
An attacker can use several vulnerabilities of Magento...
ungit: code execution via child_process.exec
An attacker can use a vulnerability in child_process.exec of ungit, in order to execute code...
Joomla BeestoHelpDesk: information disclosure
An attacker can bypass access restrictions to data of Joomla BeestoHelpDesk, in order to obtain sensitive information...
Wind River VxWorks: guessable TCP sequence numbers
An attacker can guess the TCP sequence number of the Wind River VxWorks IP stack, in order to kill connections or hijack them...
WordPress Theme Salem: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress Salem theme, in order to execute JavaScript code in the context of the web site...
WordPress Ultimate Member: Cross Site Scripting of the parameter "url"
An attacker can trigger a Cross Site Scripting in "admin-ajax.php" of WordPress Ultimate Member, in order to execute JavaScript code in the context of the web site...
WordPress Erident Custom Login and Dashboard: Cross Site Scripting of er-custom-login.php
An attacker can trigger a Cross Site Scripting in "er-custom-login.php" of WordPress Erident Custom Login and Dashboard, in order to execute JavaScript code in the context of the web site...
WordPress Revslider: three vulnerabilities
An attacker can use several vulnerabilities of WordPress Revslider...
OpenStack Cinder: file reading
An attacker can read any file exported by a OpenStack Cinder server, whatever are the configured permissions...
Cisco IOS XR: denial of service via SSH
An attacker can cause an incomplete disconnection of the SSH server of Cisco IOS XR, in order to block all SSH access to the device...
rsyslog: log file reading
An attacker can read the log files created by rsyslog, in order to obtain sensitive information...
Django: Cross Site Scripting via redirects
An attacker can trigger a Cross Site Scripting via the redirect URL provided by the user of Django, in order to execute JavaScript code in the context of the web site...
python-urllib3: lack of X.509 certificate validation for SSL
The module urllib3 does not validate X.509 certificate according to the context of their use. So, an attacker can use the same method against the network traffic than in the case that SSL was not used...
Symantec Endpoint Protection: three vulnerabilities
An attacker can use several vulnerabilities of Symantec Endpoint Protection...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 520 521 522 523 524 525 526 527 528 530 532 533 534 535 536 537 538 539 540 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1036