The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Cisco IOS: several vulnerabilities of VTP
Several vulnerabilities have been identified in the implementation of VTP protocol which permits an attacker to generate a denial of service, deactivate VTP updates or run code on the system...
Symantec AV: format string attack
An attacker can use the customizing of alert notification message to run code on the machine or generate a denial of service...
Adobe Flash Player: several vulnerabilities
A remote attacker can invite a user to view a flash animation in order to run code on the system...
Xfree86: integer overflows in the management of CID font files
A local attacker can run code on the system by using integer overflows in functions managing CID font files...
Windows: cross-site scripting via indexing service
An attacker can incite a user to visit a web page in order to run script in the indexing service context...
Windows: code execution via PGM
An attacker can send a malicious PGM (Pragmatic General Multicast) message in order to run code on the system...
Unix: incorrect permissions on sources
Sources of some softwares can be edited when root uncompresses the archive. This vulnerability notably affects linux-2.6.1x.y.tar.bz2 or linux-2.6.1x.y.tar.gz archive...
Solaris: buffer overflow of libX11 via _XKB_CHARSET
A local attacker can use a privileged software linked to libX11 and set the _XKB_CHARSET environment variable in order to run code with privileges of the software...
Avast: buffer overflow via a LHA archive
An attacker can create a LHA archive in order to generate a buffer overflow and thus run code on the system...
RSA SecurID SID800: access to the code generated by the token via USB
By conception, a local attacker can access to the code generated by the RSA SecurID SID800 token which is plugged on the USB port...
Panda Platinum: privilege elevation and anti-spam filter altering
A local attacker can obtain LocalSystem privileges, and a remote user can alter the anti-spam filter of Panda Platinum...
OpenLDAP: bypassing selfwrite ACLs
An attacker can bypass ACLs of selfwrite type, if he is associated to these ACLs...
Linux kernel: denial of service via ELF under ia64/Sparc
A local attacker can run a malicious ELF program in order to stop a system on a ia64 or Sparc processor...
Cisco IOS: ACL bypassing via GRE
An attacker can use several GRE packets in order to force malicious packets routing...
BIND: denials of service of RRSet SIG and of recursivity
An attacker can generate a denial of service of BIND by requesting RRSet SIG or by sending recursive queries...
dsocks: buffer overflow of name resolving
A buffer overflow in the name resolving function of dsocks permits an attacker to generate a denial of service or to execute code on the computer...
OpenSSL / GnuTLS / NSS: bypassing a PKCS#1 signature check
An attacker can create a malicious PKCS #1 signature which will be accepted as valid by OpenSSL, GnuTLS or NSS...
Word: code execution
An attacker can create a malicious Word document leading to code execution when it is opened...
Mailman: several vulnerabilities
Several vulnerabilities permit an attacker to conduct cross-site scripting, phishing and denial of service attacks...
gdb: memory corruption via a DWARF file
An attacker can create a malicious DWARF file and invite user to open it with gdb in order to execute code on his computer...
Webmin, Usermin: source code disclosure and Cross Site Scripting
An attacker can obtain Webmin/Usermin source code or create a Cross Site Scripting attack...
MySQL: buffer overflow of DEFINER
A local attacker can create a view or a trigger indicating a DEFINER in order to generate an overflow...
AIX: privilege elevation via dtterm
A local attacker can use a vulnerability of dtterm in order to obtain root privileges...
LessTif: file creation with libXm and DEBUG_FILE
A local attacker can use a suid/sgid program compiled with libXm of LessTif and set DEBUG_FILE to create a privileged and editable file...
GNU libbfd, strings: memory corruption via TekHex
An attacker can create a malicious TekHex file in order to corrupt memory of programs linked to libbfd...
GNU as: buffer overflow via inline assembly
An attacker can create a malicious C file and invite user to assemble it in order to execute code on his computer...
MySQL: denial of service of replication via an update
A local attacker can use a special UPDATE request in order to stop replication...

   

Direct access to page 1 21 41 61 81 101 121 141 152 153 154 155 156 157 158 159 160 162 164 165 166 167 168 169 170 171 172 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1047