The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Asterisk: denial of service of SIP
An attacker can stop Asterisk by sending a malicious REGISTER SIP query...
NetWorker Management Console: weak authentication
A vulnerability of the authentication protocol used between NetWorker Management Console and backup servers permits to obtain root access...
PHP: Cross Site Scripting of phpinfo
An attacker can use GET, POST or COOKIE variables in order to generate a Cross Site Scripting in phpinfo() function...
Zend Platform: privilege elevation via ini_modifier
A local attacker can use ini_modifier in order to edit php.ini...
Zend Platform: incorrect installation permissions
A local attacker can execute code with elevated privileges by editing some files installed by Zend Platform...
Apache Tomcat, mod_jk: buffer overflow of map_uri_to_worker
An attacker can generate an overflow in mod_jk, in order to generate a denial of service or to execute code...
Kaspersky AV: infinite loop via UPX
An attacker can create a malicious UPX file creating an infinite loop during its analyze...
Firefox, SeaMonkey: privilege elevation via IMG
An attacker can create a HTML document with an IMG tag containing Javascript code to be executed on victim's computer...
tcpdump: off-by-one via 802.11
An attacker can generate an off-by-one overflow in tcpdump by sending a malicious 802.11 frame...
PHP: denial of service via an array
An attacker can use a deeply nested array in order to stop PHP...
PHP: memory corruption via references
An attacker can execute code by creating several references on a variable...
Webmin, Usermin: Cross Site Scripting of chooser.cgi
An attacker can use a special filename in order to generate a Cross Site Scripting in Webmin or Usermin...
MPlayer: integer overflow via DMO
While playing a DMO file, an integer overflow can occur in MPlayer and lead to code execution...
FreeBSD: invalid IP address via jail_interface
An attacker can generate an error on jail startup in order to force system to configure an invalid address...
Cisco Catalyst: code execution via NAM
An attacker can send spoofed SNMP packets in order to obtain complete control of the system...
Cisco Catalyst: denial of service via MPLS
A local network attacker can send a malicious MPLS packet in order to stop hardware...
Windows: memory corruption via WMF
An attacker can create a malicious WMF image corrupting memory of explorer...
StoneGate FW: denial of service via SNMP
A network attacker can send malicious SNMP queries in order to stop the firewall...
Debian: privilege elevation via apache 1.3.34
An attacker allowed to create an apache cgi can obtain root privileges when daemon was restarted...
RHEL 4: denial of service during audit
A local attacker can stop system when a file is audited...
Firefox, IE: Cross Site Scripting via an iframe and charset
When a web site does not specify its character set, an attacker can create a Cross Site Scripting attack...
NSS: overflows via SSLv2
An attacker can generate an integer overflow and a stack overflow in Mozilla Network Security Services...
Thunderbird: several vulnerabilities
Two vulnerabilities were announced in Thunderbird, the worst one leading to code execution...
Firefox, SeaMonkey: several vulnerabilities
Several vulnerabilities were announced in Firefox and Seamonkey, the worst one leading to code execution...
Firefox: obtaining previously visited urls
An attacker can use an uri of type about:cache-entry to detect if user previously visited a web site...
IE: website spoofing via onUnload
An attacker can create a HTML page using the onUnload event in order to execute a script to redirect victim to a spoofed site...
Symantec Norton AV: vulnerabilities of SupportSoft ActiveX
Four SupportSoft ActiveX contain vulnerabilities permitting a remote attacker to execute code...
Firefox: memory corruption via onUnload
An attacker can use the onUnload event in order to create an atomicity error when memory is freed...
IE: website spoofing via onUnload
An attacker can create a HTML page using the onUnload event in order to entrap victim in a website, and then to create a spoofed content...
Firefox: script execution via a bookmark
An attacker can invite user to bookmark an uri of type "data:" in order to execute Javascript code in the context of another website...

   

Direct access to page 1 21 41 61 81 101 121 141 161 167 168 169 170 171 172 173 174 175 177 179 180 181 182 183 184 185 186 187 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1070