The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
GnuPG: injection of unsigned data
An attacker can for example insert data before the signed data, but GnuPG does not detect the change...
ZoneAlarm: privilege elevation with TrueVector
A local attacker can elevate his privileges by forcing TrueVector to load a malicious DLL...
Zoph: SQL code injection
An attacker can use Zoph's search form to inject SQL queries...
Dropbear: denial of service using connections
An attacker can conduct a denial of service by opening thirty connections to Dropbear...
Red Hat Enterprise Linux: privilege elevation using /sbin/service
A local attacker allowed to run /sbin/service can obtain root privileges...
QmailAdmin: buffer overflow of PATH_INFO
A network attacker can use a long uri in order to generate an overflow in QmailAdmin...
Tomcat: vulnerabilities of snoop.jsp
An attacker can call the snoop.jsp example in order to obtain information or conduct a Cross Site Scripting attack...
AVG: incorrect file permissions on updated file
After an antivirus update, files can be accessed by all users...
Linux kernel: denial of service via die_if_kernel
A local attacker can generate a call to die_if_kernel() function in order to stop system...
LISTSERV: several vulnerabilities
Several vulnerabilities are present in LISTSERV, of which the worse one leads to code execution on the computer...
Gallery: several vulnerabilities
Three vulnerabilities of Gallery permit an attacker to hide his address, to conduct a Cross Site Scripting attack or to delete files...
Solaris: denial of service via pagedata of /proc
A local attacker can access to /proc/pid/pagedata in order to use all available memory...
Linux kernel: denial of service of ELF on x86_64
On a x86_64 processor, a local attacker can generate an infinite loop in the kernel...
Linux kernel: information disclosure on XFS via ftruncate
A local attacker can obtain sensitive information located on XFS...
Linux kernel: denial of service of NFS client
A local attacker can stop system if it is a NFS client...
PHP: open_basedir bypass with mail or mb_send_mail
An attacker can create a PHP program using mail() or mb_send_mail() to bypass open_basedir restriction...
PHP: open_basedir bypass with imap_body or imap_list
An attacker can create a PHP program using imap_body() or imap_list() to bypass open_basedir restriction...
flex: several buffer overflow
Several overflows were announced in flex...
Evolution: denial of service using a big email
Using an email containing numerous links, an attacker can stop Evolution and prevent its normal restart...
FreeBSD: denial of service of nfsd
An attacker can send a malicious NFS packet in order to stop the system...
OpenSSH: denial of service with OpenPAM
When OpenSSH uses OpenPAM, an attacker can render the service unreachable...
WebSphere Application Server: JSP source code disclosure
An attacker can read the JSP source code...
Thunderbird: information disclosure via an IFRAME in an attachment
An attacker can send an email containing an IFRAME in an attachment, leading to loading of an external web document...
DNS: denial of service using recursive servers
An attacker can poison the cache of a recursive DNS server, then use it to overload a network...
SpeedTouch: Cross Site Scripting
The "name" parameter of LocalNetwork page can be used to conduct a Cross Site Scripting attack...
IE: buffer overflow of isComponentInstalled
An attacker can create a HTML document leading to code execution when it is opened with Internet Explorer...
libapreq2: denial of service
An attacker can use special HTTP queries in order to force apreq_parse_headers() and apreq_parse_urlencoded() functions to consume a lot of resources...
BMV: integer overflow with a PostScript file
An attacker can create a malicious PostScript file leading to code execution on BMV...
phplib: code execution
An attacker can run code on web sites using phplib...
PHP: code execution via an eval in phpRPC
An attacker can use programs using phpRPC to run code on computer...

   

Direct access to page 1 21 41 61 81 101 121 136 137 138 139 140 141 142 143 144 146 148 149 150 151 152 153 154 155 156 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1020