Vigil@nce - public vulnerabilities

Vigil@nce - public vulnerabilities http://vigilance.fr/?langue=2 This RSS feed tracks public vulnerabilities of Vigil@nce. en-US Vigil@nce Orange Business Services Vigil@nce Copyright 1999-2010 Orange Business Services Vigil@nce 2010-03-10T19:42:57Z hourly 1 2000-01-01T00:00:00Z Cisco Unified Communications Manager: denials of service http://vigilance.fr/vulnerability/Cisco-Unified-Communications-Manager-denials-of-service-9491 An attacker can use SCCP, SIP or CIT messages, in order to generate denials of service on Cisco Unified Communications Manager. 2 VIGILANCE-VUL-9491 Vigil@nce 2010-03-10T16:04:33Z Apache httpd: information disclosure via SubRequest http://vigilance.fr/vulnerability/Apache-httpd-information-disclosure-via-SubRequest-9490 When Apache httpd uses a SubRequest and a multi-threaded MPM, session data can be returned to another user. 2 VIGILANCE-VUL-9490 Vigil@nce 2010-03-10T15:19:04Z Linux kernel: denial of service via NFS http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-NFS-9489 An attacker can truncate a NFS file, in order to stop the kernel, and possibly to execute code. 2 VIGILANCE-VUL-9489 Vigil@nce 2010-03-10T13:05:13Z libpng: denial of service during the decompression http://vigilance.fr/vulnerability/libpng-denial-of-service-during-the-decompression-9488 An attacker can create an extremely compressed image, and invite the victim to open it with libpng, in order to generate a denial of service on his computer. 2 VIGILANCE-VUL-9488 Vigil@nce 2010-03-10T08:59:53Z Apache httpd: denials of service of of modules http://vigilance.fr/vulnerability/Apache-httpd-denials-of-service-of-of-modules-9487 An attacker can generate a denial of service in mod_proxy_ajp and mod_isapi modules of Apache httpd. 2 VIGILANCE-VUL-9487 Vigil@nce 2010-03-10T08:16:15Z Lotus Domino: Cross Site Scripting of help http://vigilance.fr/vulnerability/Lotus-Domino-Cross-Site-Scripting-of-help-9486 An attacker can invite the victim to display a malicious url, in order to execute JavaScript code in the context of the Lotus Domino server. 2 VIGILANCE-VUL-9486 Vigil@nce 2010-03-09T14:54:25Z Opera: two vulnerabilities http://vigilance.fr/vulnerability/Opera-two-vulnerabilities-9484 Two vulnerabilities were announced in Opera. The first one can be used to inject data in a TLS session. 2 VIGILANCE-VUL-9484 Vigil@nce 2010-03-09T12:44:48Z TYPO3: SQL injection in Calendar Base http://vigilance.fr/vulnerability/TYPO3-SQL-injection-in-Calendar-Base-9483 An attacker can inject SQL queries in the Calendar Base extension of TYPO3. 2 VIGILANCE-VUL-9483 Vigil@nce 2010-03-09T12:08:21Z ncpfs: two vulnerabilities http://vigilance.fr/vulnerability/ncpfs-two-vulnerabilities-9502 A local attacker can use two vulnerabilities of ncpfs, in order to obtain information or to create a denial of service. 1 VIGILANCE-VUL-9502 Vigil@nce 2010-03-09T09:08:24Z Lotus iNotes: 2 vulnerabilities http://vigilance.fr/vulnerability/Lotus-iNotes-2-vulnerabilities-9482 Two vulnerabilities were announced in Lotus iNotes (DWA, Domino Web Access). 2 VIGILANCE-VUL-9482 Vigil@nce 2010-03-08T16:45:12Z PHP: several vulnerabilities http://vigilance.fr/vulnerability/PHP-several-vulnerabilities-9478 An attacker can use several vulnerabilities of PHP in order to bypass file access restrictions. 2 VIGILANCE-VUL-9478 Vigil@nce 2010-03-08T10:26:27Z PowerDNS Recursor: two vulnerabilities http://vigilance.fr/vulnerability/PowerDNS-Recursor-two-vulnerabilities-9326 An attacker can generate a buffer overflow or change records of PowerDNS Recursor. 3 VIGILANCE-VUL-9326 Vigil@nce 2010-03-07T10:51:36Z Linux kernel: denial of service via hvc_console http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-hvc-console-9498 A local attacker can use virtio_console, in order to generate a denial of service in hvc_console. 1 VIGILANCE-VUL-9498 Vigil@nce 2010-03-06T09:45:40Z Asterisk: bypassing ACLs http://vigilance.fr/vulnerability/Asterisk-bypassing-ACLs-9476 An attacker, who is normally blocked by ACLs, can send SIP INVITE messages to Asterisk. 2 VIGILANCE-VUL-9476 Vigil@nce 2010-03-05T10:01:46Z GNU M4: file modification via dist and distcheck http://vigilance.fr/vulnerability/GNU-M4-file-modification-via-dist-and-distcheck-9475 When the dist and distcheck targets of GNU M4 are used, a local attacker can alter a file. 2 VIGILANCE-VUL-9475 Vigil@nce 2010-03-04T14:46:07Z Adobe Flash, Reader: software installation http://vigilance.fr/vulnerability/Adobe-Flash-Reader-software-installation-9474 The Adobe Download Manager product can be used to install an unwanted software. 2 VIGILANCE-VUL-9474 Vigil@nce 2010-03-03T14:00:58Z Linux kernel: executable page on Sparc http://vigilance.fr/vulnerability/Linux-kernel-executable-page-on-Sparc-9472 On a Sparc processor, memory pages tagged as non executable are actually executable. 2 VIGILANCE-VUL-9472 Vigil@nce 2010-03-03T10:01:00Z Avast: privilege elevation via aavmker4.sys http://vigilance.fr/vulnerability/Avast-privilege-elevation-via-aavmker4-sys-9470 A local attacker can corrupt the memory of the aavmker4.sys driver, in order to generate a denial of service or to execute code. 2 VIGILANCE-VUL-9470 Vigil@nce 2010-03-02T17:39:04Z sudo: group elevation http://vigilance.fr/vulnerability/sudo-group-elevation-9469 When the /etc/sudoers file contains "runas_default", a local attacker can execute a command with privileges of root's groups. 2 VIGILANCE-VUL-9469 Vigil@nce 2010-03-02T17:14:49Z Linux kernel: denial of service via DVB http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-DVB-9481 An attacker can send a malformed DVB/MPEG2-TS frame, in order to block the system. 1 VIGILANCE-VUL-9481 Vigil@nce 2010-03-02T15:57:20Z