The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Domino: denial of service of LDAP
A network attacker can send an invalid LDAP request in order to stop Lotus Domino Server 7.0...
Heimdal: file corruption with rshd
An attacker can connect to rshd in order to overwrite a file, to obtain ownership of this file...
unzip: code execution via file name
A buffer overflow vulnerability permits an attacker to run code on the machine using very long .zip file names...
OpenOffice: loading of hyperlinks despite their deactivation
The loading of hyperlinks is still active in spite of OpenOffice being configured to deactivate them...
Firefox, Thunderbird: data exchange using AnyName object of E4X
The existence of the AnyName object of E4X permits two scripts to exchange data...
Firefox: denial of service by reading overflow of the buffer
When a XML file is parsed, Firefox reads data stored beyond the end of the buffer which causes a denial of service of the application...
Firefox, Thunderbird: integer overflow in E4X, SVG and Canvas
Several integer overflow which permit an attacker to run code have been detected in E4X, SVG and Canvas...
Mozilla, Firefox, Thunderbird: JavaScript code injection at the application startup
An attacker can inject JavaScript code which will be executed during application startup...
Firefox, Thunderbird: memory corruption via Location and Navigator objects
An attacker can corrupt the system memory by calling the "QueryInterface" method of Location and Navigator objects...
Firefox, Thunderbird: code execution via Gecko
An attacker can run code on the machine by making Gecko write code in freed memory...
Mozilla, Firefox, Thunderbird: memory corruption via JavaScript objects
Two errors in the temporary variables management used in JavaScript permit an attacker to corrupt the system memory...
Tru64 Unix, HP-UX: cache corruption via DNS BIND
An attacker can corrupt cache of DNS BIND 4 and 8...
FreeBSD: denial of service of SACK by sent of TCP packets
An attacker can cause a denial of service by sending malicious packets after the opening of a TCP connection...
MyDNS: denial of service by DNS queries
An attacker can cause the crash of the MyDNS service by sending malformed DNS queries...
Internet Explorer: denial of service via a flash animation
It is possible to crash Internet Explorer by using a JScript code contained in a Flash animation...
xpdf, kpdf: code execution via the "splash" rasterizer
A buffer overflow in the "splash" rasterizer permits an attacker to run code on the machine by using a malicious file...
libpng: code execution via a png file
The libpng library contains a buffer overflow which permits an attacker to run code on the machine via applications using libpng...
Perl: file corruption via Mail-Audit
The Mail::Audit module uses a temporary file with a predictable name, which permits a local attacker to corrupt the file...
unalz: code execution via filename
An attacker can use an ALZ archive with a specific filename to run code with unalz...
Eterm: LibAST buffer overflow
A buffer overflow in libAST permits an attacker to run code on a machine using eterm...
Cisco VPN 3000: denial of service by crafted HTTP packets attack
An attacker can force the VPN concentrator to reset and disconnect user by sending malicious HTTP packets...
Imagemagick: commands shell injection in an image filename
An attacker can run shell commands with the user's right by injecting these commands in an image's filename...
drupal: several vulnerabilities
Several vulnerabilities have been discovered in drupal, which permit a remote attacker to bypass access controls, realize cross-site scripting attacks or run HTML code...
Cisco IOS: command execution with tclsh
A local attacker can use tclsh to bypass AAA restrictions or to execute privileged commands...
Perl: usage of an insecure entropy source in Net-SSLeay
A local attacker can provide an entropy source to programs using Net::SSLeay when the EGD_PATH environment variable is undefined...

   

Direct access to page 1 21 41 61 81 101 121 133 134 135 136 137 138 139 140 141 143 145 146 147 148 149 150 151 152 153 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1047