The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Nfs-server: code execution as root user
A buffer overflow permits a NFS user to run code on the machine as root...
lshd: denial of service and session keys cracking
A local attacker can easily realize a denial of service of lshd and potentially crack session key of other users...
FreeBSD, NetBSD: denial of service of pf
If pf is configured to use 'scrub fragment crop' or 'scrub fragment drop-ovl' rules, an attacker can send a carefully crafted sequence of IP packet fragments to cause a denial of service of pf...
FreeBSD: copy of data potentially sensitive in the "userland"
Two bugs have been discovered which permit an user to read data which were not addressed to him...
Flyspray: cross-site scripting attack into the index page
The index page is vulnerable to cross-site scripting attacks...
OpenSSH: code execution via scp
By copying a file with a crafted name, it is possible to run code on the machine with he scp user's rights...
PHP: SQL injection in ADOdb
Some insure parameters are used in SQL requests, which permits an attacker to run SQL queries on the server...
Weblogic server: several vulnerabilities
Several vulnerabilities have been announced for Weblogic server 9.0, 8.1 SP5, 7.0 SP6 et 6.1 SP7...
Fetchmail: denial of service when bouncing messages
When bouncing a message to the originator or the local postmaster, fetchmail uses the free() function on an invalid pointer which cause a denial of service of fetchmail...
Trac: cross-site scripting attack
Some user-supplied data are not properly sanitized, which permits an attacker to realize cross-site scripting attacks...
Trac: SQL injection in search module
An attacker can run SQL commands on the server by injecting a SQL request in the search module in Edgewall Trac...
Gallery: Cross Site Scripting of user name
An attacker can choose an username leading to a Cross Site Scripting attack...
Linux kernel: memory leak in icmp_push_reply
A remote attacker can progressively use all system memory by sending numerous malicious UDP packets...
Linux kernel: denial of service of search_binary_handler
A local attacker can stop system by generating an error in search_binary_handler() function of exec.c...
KDE: buffer overflow of kjs
An attacker can create a long UTF-8 uri in order to run code in softwares using kjs, such as Konqueror...
IOS: denial of service of SGBP
An attacker can send a malicious SGBP packet in order to stop the system...
F-Secure: code execution and virus un-detection with ZIP and RAR
An attacker can create ZIP or RAR archives leading to code execution or to virus un-detection...
VPN-1: program execution by SecureClient
An attacker can store a program on system, in order to make it run by SecureClient...
Windows: automatic connection on Wi-Fi networks
The system automatically connects to a Wi-Fi network having the same SSID of the last one used...
Oracle Application Server: vulnerability of January 2006
A vulnerability is corrected by CPU of January 2006...
Oracle Database: several vulnerabilities of January 2006
Several vulnerabilities are corrected by CPU of January 2006...
Linux kernel: denial of service by SKB overloading
An attacker can generate a denial of service by preventing a SKB from being freed...
Linux kernel: denial of service by time_out_leases function
An attacker can generate a denial of service by overloading logs files via time_out_leases() function...
Linux kernel: denial of service via mq_open system call
A flaw in mq_open system call allows a local user to cause a denial of service...
Linux Kernel: denial of service using hfsplus
The HFS and HFS+ (hfsplus) modules in Linux 2.6 allow attackers to cause a denial of service (oops) by using hfsplus to mount a filesystem that is not hfsplus...
FreeBSD: IEEE 802.11 buffer overflow
An attacker can broadcast a corrupted IEEE 802.11 beacon to execute code on a machine scanning for wireless networks...
Linux Kernel: denial of service by deadlock
A race condition in Linux 2.6, when threads are sharing memory mapping via CLONE_VM (such as linuxthreads and vfork), might allow local users to cause a denial of service (deadlock) by triggering a core dump while waiting for a thread that has just performed an exec...

   

Direct access to page 1 21 41 61 81 101 121 132 133 134 135 136 137 138 139 140 142 144 145 146 147 148 149 150 151 152 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1022