The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Xen: buffer overflow of xl
An attacker can make xl of Xen use an invalid pointer, in order to trigger a denial of service, and possibly to execute code in the host server...
Squid cache: access control bypass with CONNECT commands
An attacker can send a CONNECT command to a Squid cache, for instance in order to bypass IP filtering...
Node.js: buffer overflow of the JavaScript interpreter
An attacker can generate a read only buffer overflow in the UTF-8 decoder of the JavaScript interpreter of Node.js, in order to trigger a denial of service, and maybe run machine code...
WordPress e-Commerce Shop Styling: directory traversal of "/includes/download.php"
An attacker can traverse directories in "/includes/download.php" of WordPress e-Commerce Shop Styling, in order to read a file outside the service root path...
roundcubemail: three vulnerabilities
An attacker can use several vulnerabilities of roundcubemail...
WordPress Albo Pretorio Online: four vulnerabilities
An attacker can use several vulnerabilities of WprdPress Albo Pretorio Online...
WordPress StageShow: open redirect
An attacker can deceive the user of WordPress StageShow, in order to redirect him to a malicious site...
WordPress MDC YouTube Downloader: Local File Inclusion
An attacker can traverse directories of WordPress MDC YouTube Downloader, in order to read a file outside the service root path...
WordPress Ninja Forms: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress Ninja Forms, in order to execute JavaScript code in the context of the web site...
WordPress Swim Team: local File Inclusion
An attacker can specify a local file inclusion via WordPress Swim Team, in order to read any server file...
WordPress Custom Content Type Manager: code execution
An attacker can use a vulnerability of WordPress Custom Content Type Manager, in order to execute code...
Joomla Core: open redirect
An attacker can deceive the user of Joomla, in order to redirect him to a malicious site...
Joomla: file upload via CSRF
An attacker can upload a malicious file via a CSRF attack against Joomla, for example in order to upload a Trojan...
Ansible: uncomplete X.509 certificate validation
An attacker can spoof an HTTP over TLS server used by Ansible, since it does not check whether the X.509 certificate match the server name requested at HTTP level...
Magento Connect: Cross Site Request Forgery of magento-connect/claim/claim/new/
An attacker can trigger a Cross Site Request Forgery in the page "magento-connect/claim/claim/new/" of Magento Connect, in order to force the victim to perform operations...
HAProxy: information disclosure via the HTTP pipelining
A local attacker can get the content of a memory fragment of an haproxy process with a submission a several request without waiting for the response, in order to obtain sensitive information...
trafficserver: insecure storage of temporary files
An attacker can modify the files stored in the cache of Apache Traffic Server, which allows to change what will be seen par clients without needing to capture and change the network traffic, which may be protected with TLS...
Cisco Adaptive Security Appliance: denial of service via OSPFv2
An attacker can send a specially crafted OSPFv2 packet to a device running Cisco Adaptive Security Appliance Software, in order to trigger a denial of service...
WordPress easy2map: SQL injection of Function.php
An attacker can use a SQL injection in Function.php of WordPress easy2map, in order to read or alter data...
Mozilla Firefox, Thunderbird, SeaMonkey: multiple vulnerabilities
An attacker can use several vulnerabilities of Firefox, Thunderbird, SeaMonkey...
Cisco NX-OS: escape to the system shell
An attacker can use special characters in commands for Cisco NX-OS, in order to get a system shell...
Cisco Adaptive Security Appliance: denial of service via SNMP
An attacker can send malicious SNMP packets to Cisco Adaptive Security Appliance, in order to trigger a denial of service...
Cisco Unified Communications Domain Manager: well known password for privileged account
An attacker can use a well known password for Cisco Unified Communications Domain Manager, in order to get root privileges...
libidn, curl: information disclosure
An attacker can retrieve a memory fragment from a process using libcurl, in order to get sensitive information...
TYPO3 Core: six vulnerabilities
An attacker can use several vulnerabilities of TYPO3...
Drupal Views Bulk Operations: privilege escalation
An attacker can use the account list of Drupal Views Bulk Operations, in order to escalate his privileges...
Drupal Migrate: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Drupal Migrate, in order to execute JavaScript code in the context of the web site...
Joomla swMenuFree: wrong directory permission
An attacker can browse the directories created with unsuitable permissions by Joomla swMenuFree, in order to get sensitive information...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 524 525 526 527 528 529 530 531 532 534 536 537 538 539 540 541 542 543 544 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1036