The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
GnuPG: false positive of signature verification
When a detached signature is checked, the return value from "gpg --verify" incorrectly indicates a success...
OTRS: several vulnerabilities
Several vulnerabilities of OTRS permit an attacker to inject SQL code or to conduct Cross Site Scripting attacks...
PHP: several vulnerabilities
Three vulnerabilities of PHP permit an attacker to inject HTTP headers, to conduct a Cross Site Scripting attack or to bypass cURL checks...
PowerPoint: obtaining temporary information
An attacker can create a malicious PowerPoint file reading files located in the temporary directory...
Windows, Office: privilege escalation via the Korean Input Method Editor
A local attacker can use the Korean Input Method Editor in order to run commands with system's privileges...
Windows: buffer overflow of Web Client service
A local attacker can increase his privileges by generating an overflow in the Web Client service...
Windows: denial of service of IGMP
A network attacker can send a malicious IGMP packet forcing system to become unresponsive...
Windows, Netscape, Firefox: buffer overflow of Windows Media Player plug-in
An attacker can create a malicious HTML page leading to code execution in the Windows Media Player plug-in...
Windows Media Player: heap overflow via a BMP image
An attacker can create a malicious BMP image leading to code execution when it is displayed by Windows Media Player...
AIX: kernel denial of service
A local attacker can cause a denial of service by crashing the kernel...
AIX: data overwriting by lscfg
An attacker can cause a denial of service of the machine if the root user uses the lscfg command and writes to the source file of a symbolic link created by the attacker...
Internet Explorer: code execution via the drag and drop function
An attacker can exploit the drag and drop function of Internet Explorer in order to run code on the user machine via a malicious website...
Suse Linux: code execution via ld
An error in ld permits an attacker to run code contained in a library if this latter is stored in the current directory from which a vulnerable application is run...
Noweb: use of insecure files
A noweb script use predictable temporary file names, which permits an attacker to corrupt these data...
Lotus Notes: several vulnerabilities
Several vulnerabilities in Lotus Notes permit an attacker to run code on the machine or to delete user data...
Linux kernel: memory leak of dm-crypt
The dm-crypt driver does not correctly empty its memory, which permits an attacker to access sensitive information related to cryptographic keys...
Domino: several vulnerabilities by cross-site scripting
Four cross-site scripting vulnerabilities have been discovered in the Web Access client of Lotus Domino...
GnuTLS: denial of service of libtasn1
By sending particular malicious data, it is possible to cause the crash of the DER decoder of litasn1, which causes a denial of service of gnuTLS...
elog: several vulnerabilities
Several vulnerabilities of elog permit an attacker to run code on the machine, to gain access to sensitive information or to cause a denial of service...
Sun Java System Directory Server: denial of service of LDAP
An attacker can cause a denial of service of Sun Java System Directory Server by sending a malicious packet to the LDAP port...
Adzapper: denial of service by CPU overloading
It is possible for an attacker to cause a denial of service of the machine using adzapper as plugin for squid by consuming all CPU resources...
Windows: editing configuration of services with DACLs too permissive
A local user can gain privileges by modifying services, because their DACLs are not sufficiently restricted...
JRE, JDK, SDK: several vulnérabilities
Several vulnerabilities of Java environment permit an applet to elevate its privileges...
Internet Explorer: code execution via a WMF image
An error in the WMF images size management permits to cause a denial of service of Internet Explorer or to run code on the machine...
Linux kernel: denial of service via ICMP
A remote attacker can cause a denial of service of the machine by sending particular ICMP packets...
Oracle AS: SQL code execution via mod_plsql
An attacker can use a special uri to access to critical packages and procedures...
Solaris: denial of service on x64
On a x64 processor, a local attacker can stop the system...
Gallery: code execution by inviting administrator to click on a link
An authenticated attacker can upload a special file on Gallery, then invite administrator to click on a link pointing to this file, in order to run code on the server...

   

Direct access to page 1 21 41 61 81 101 121 134 135 136 137 138 139 140 141 142 144 146 147 148 149 150 151 152 153 154 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1020