http://vigilance.fr/?langue=2 This RSS feed tracks public vulnerabilities of Vigil@nce. These information are published with a time delay. Our subscribers can read our bulletins without this time delay. en-US Vigil@nce Orange Business Services Vigil@nce Copyright 1999-2012 Orange Business Services Vigil@nce 2012-05-18T06:22:00Z hourly 1 2000-01-01T00:00:00Z http://vigilance.fr/offer/Vulnerability-watch-database-alert-and-management Each administrator can customize the list of products for which he wants to receive vulnerability alerts. 0 Vigil@nce 2012-05-17T12:00:00Z http://vigilance.fr/vulnerability/XnView-multiple-vulnerabilities-11376 An attacker can invite the victim to open a malicious image with XnView, in order to stop it or to execute code. 3 VIGILANCE-VUL-11376 Vigil@nce 2012-05-17T09:25:31Z http://vigilance.fr/vulnerability/PHP-two-vulnerabilities-11572 An attacker can use two vulnerabilities of PHP, in order to read or create files. 2 VIGILANCE-VUL-11572 Vigil@nce 2012-05-17T08:30:55Z http://vigilance.fr/vulnerability/libvorbis-memory-corruption-11375 An attacker can invite the victim to open a malicious Ogg Vorbis document with an application linked to libvorbis, in order to corrupt the memory, which stops the application, or leads to code execution. 3 VIGILANCE-VUL-11375 Vigil@nce 2012-05-17T08:00:39Z http://vigilance.fr/vulnerability/Samba-changing-the-owner-of-files-via-RPC-LSA-11571 An authenticated user can take ownership of files of other users, which are provided via Samba. 2 VIGILANCE-VUL-11571 Vigil@nce 2012-05-17T07:19:16Z http://vigilance.fr/vulnerability/Citrix-XenServer-Web-Self-Service-multiple-vulnerabilities-11373 An attacker can use several vulnerabilities of the Web Self Service component of Citrix XenServer. 3 VIGILANCE-VUL-11373 Vigil@nce 2012-05-16T09:35:05Z http://vigilance.fr/vulnerability/libpng-buffer-overflow-via-png-decompress-chunk-11371 An attacker can invite the victim to open a malicious PNG image with an application linked to libpng, in order to create an overflow, which stops the application, or leads to code execution. 3 VIGILANCE-VUL-11371 Vigil@nce 2012-05-16T08:46:05Z http://vigilance.fr/vulnerability/Adobe-Shockwave-Player-several-vulnerabilities-11369 Several Adobe Shockwave Player vulnerabilities can be used by an attacker to execute code or to create a denial of service. 3 VIGILANCE-VUL-11369 Vigil@nce 2012-05-15T07:15:02Z http://vigilance.fr/vulnerability/Microsoft-NET-Silverlight-code-execution-11367 An attacker can invite the victim to display a malicious site or to install a malicious ASP.NET application, in order to execute code on his computer. 3 VIGILANCE-VUL-11367 Vigil@nce 2012-05-15T05:27:47Z http://vigilance.fr/vulnerability/Microsoft-Visio-Viewer-2010-code-execution-11366 An attacker can invite the victim to open a malicious document with Microsoft Visio Viewer 2010, in order to execute code on his computer. 3 VIGILANCE-VUL-11366 Vigil@nce 2012-05-15T05:20:56Z http://vigilance.fr/vulnerability/Cisco-Unified-MeetingPlace-detecting-if-a-directory-exists-11615 An attacker can use a vulnerability of Cisco Unified MeetingPlace, in order to detect if a directory exists. 1 VIGILANCE-VUL-11615 Vigil@nce 2012-05-13T13:05:17Z http://vigilance.fr/vulnerability/Net-SNMP-denial-of-service-via-extend-11570 When Net-SNMP is configured with extends, an attacker can use an invalid OID, in order to stop the service. 2 VIGILANCE-VUL-11570 Vigil@nce 2012-05-11T11:45:20Z http://vigilance.fr/vulnerability/Oracle-Database-data-capture-via-TNS-Listener-Registration-11569 An attacker can register a malicious database instance from the TNS Listener, in order to capture exchanges between clients and the legitimate database. 2 VIGILANCE-VUL-11569 Vigil@nce 2012-05-11T09:04:52Z http://vigilance.fr/vulnerability/Python-incorrect-decoding-of-UTF-16-11568 When a Python application decodes UTF-16 data containing errors, a desynchronization occurs, which leads to a memory read or corruption. 2 VIGILANCE-VUL-11568 Vigil@nce 2012-05-10T13:20:41Z http://vigilance.fr/vulnerability/Cisco-Unified-IP-Phones-changing-the-configuration-11590 When a Cisco Unified IP Phone downloads its configuration, a local attacker can force it to download a malicious configuration. 1 VIGILANCE-VUL-11590 Vigil@nce 2012-05-10T12:21:37Z http://vigilance.fr/vulnerability/Asterisk-three-vulnerabilities-11565 An attacker can use three vulnerabilities of Asterisk, in order to create a denial of service or to execute code. 2 VIGILANCE-VUL-11565 Vigil@nce 2012-05-09T12:08:22Z http://vigilance.fr/vulnerability/Clearswift-Email-Web-Gateway-denial-of-service-via-iWork-11347 An attacker can use an iWork document containing an empty Zip64 header, in order to create an infinite loop in Clearswift products. 3 VIGILANCE-VUL-11347 Vigil@nce 2012-05-08T12:56:05Z http://vigilance.fr/vulnerability/XnView-buffer-overflow-via-JPEG2000-11346 An attacker can invite the victim to open a malicious JPEG2000 image with XnView, in order to stop it or to execute code. 3 VIGILANCE-VUL-11346 Vigil@nce 2012-05-08T08:44:55Z http://vigilance.fr/vulnerability/SPIP-six-vulnerabilities-11563 An attacker can use six vulnerabilities of SPIP, in order to elevate his privileges, to obtain information, or to create a Cross Site Scripting. 2 VIGILANCE-VUL-11563 Vigil@nce 2012-05-08T08:44:14Z http://vigilance.fr/vulnerability/JasPer-buffer-overflow-via-Quantization-11345 An attacker can create a JPEG 2000 image, and invite the victim to open it with an application linked to JasPer, in order to create a buffer overflow, which leads to a denial of service or to code execution. 3 VIGILANCE-VUL-11345 Vigil@nce 2012-05-08T08:25:19Z http://vigilance.fr/vulnerability/Cisco-ASA-denial-of-service-via-ESMTP-11575 An attacker can use a special sequence of ESMTP commands, during the session closure, which overloads Cisco ASA. 1 VIGILANCE-VUL-11575 Vigil@nce 2012-05-06T09:31:16Z