The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
PEAR-Archive_Tar: directory traversal
An attacker can create a malicious TAR archive in order to force PEAR::Archive_Tar to create files outside root directory...
Solaris: denial of service and privilege elevation via hsfs
A local attacker can insert a malicious cdrom in order to panic the system or to run code...
MySQL: data not logged using a nul
Using a nul character, an attacker can run requests which are not logged...
MPlayer: integer overflow via an ASF file
While playing an ASF file, an integer overflow can occur in MPlayer and lead to code execution...
mod_python: code execution with FileSession
An attacker can use a malicious cookie in order to run code in FileSession class...
Shockwave Player: buffer overflow of installer
An attacker can run code on user's computer when he installs Shockwave Player ActiveX...
Thunderbird: JavaScript code execution when answering an email
When user answers a malicious HTML email, JavaScript code can be run on his computer...
zoo: buffer overflow via long pathnames
An attacker can create a ZOO archive containing long directory and file names in order to execute code on user's computer...
PEAR-LiveUser: file deletion
An attacker can use a malicious cookie in order to remove a file on the server...
PEAR-Auth: data injection
An attacker can inject SQL data in PEAR::Auth package...
SquirrelMail: several vulnerabilities
Three vulnerabilities of SquirrelMail permit an attacker to conduct a Cross Site Scripting attack or to inject IMAP commands...
SuSE: buffer overflow of pam_micasa
The pam_micasa module contains an overflow permitting a network attacker to run code on computer...
GNU tar: buffer overflow via a pax header
An attacker can create a malicious tar archive in order to run code on user's computer...
Metamail: buffer overflow using long boundaries
An attacker can create an email containing long boundaries in order to run code in Metamail...
tin: buffer overflow of mail.c
An attacker, owning a malicious NNTP server, can run code on computer of tin users...
SUSE: code execution via gpg and YaST Online Update
An attacker, with a YaST Online Update mirror, can run code on computer of users by using gpg...
PHP: several Cross Site Scripting of ADOdb
The ADODB_Pager class does not correctly check its data, which leads to Cross Site Scripting attacks...
Snort: bypassing frag3 using IP options
An attacker can use IP fragmented packets in order to bypass frag3 preprocessor...
Snort: false negative using IP fragmentation
An attacker can use the difference in IP packets reassembling timeout, in order to bypass the IDS...
Xpdf, kpdf: integer overflow in gmem.c et SplashXPathScanner.cc
An attacker can create a malicious PDF file leading to memory corruption, and eventually to code execution...
bluez-hcidump: denial of service of L2CAP
An attacker can use a malicious L2CAP packet in order to stop bluez-hcidump...
Heimdal: denial of service of telnetd
A network attacker can stop telnetd daemon by forcing usage of a NULL pointer...
Java Web Start: privilege elevation
A Java applet can bypass security restrictions setup by the Java Web Start environment...
PAM-MySQL: double memory free of pam_get_item
A double memory free of a pointer returned by pam_get_item() permits an attacker to stop PAM-MySQL, and optionally to run code...
Solaris: privileged command execution with in.rexecd
A local attacker can run commands with high privileges using in.rexecd...
PostgreSQL: denial of service with SET SESSION AUTHORIZATION
A local attacker can conduct a denial of service using SET SESSION AUTHORIZATION...
PostgreSQL: privilege elevation with SET ROLE
A local attacker can use SET ROLE to elevate his privileges on the database...

   

Direct access to page 1 21 41 61 81 101 121 135 136 137 138 139 140 141 142 143 145 147 148 149 150 151 152 153 154 155 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1020