The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Asterisk: denial of service via INVITE
An attacker can stop Asterisk by sending a malicious INVITE message...
OpenAFS: changing file attributes
An un-authenticated network attacker can alter attributes of files shared via AFS...
OpenOffice, StarOffice: shell command execution
An attacker can create a malicious document in order to execute code on computer of victims opening it with OpenOffice or StarOffice...
OpenOffice, StarOffice: buffer overflow of StarCalc
An attacker can create a malicious document in order to execute code on computer of victims opening it with OpenOffice or StarOffice...
Firefox, Konqueror: scan via FTP
An attacker can create a malicious FTP site permitting him to scan the internal network of victim using Firefox or Konqueror...
Zope: Cross Site Request Forgery
An attacker can invite administrator to click on a link in order to carry out administrative tasks on Zope...
TrueCrypt: umounting volume
Under Linux, a local attacker can umount the volume mounted by another user...
PHP: code execution via an error handler
An attacker can generate an error during usage of a resource in order to execute code...
file: memory corruption
An attacker can create a malicious file corrupting memory of file utility...
F-Secure AV: format string attack via Management Server
An attacker can use a malicious Management Server field in order to generate a format string attack...
PHP: activating register_globals via mb_parse_str
An attacker can generate an error in order to activate register_globals...
SQL-Ledger, LedgerSMB: code execution via login
An attacker can use the authentication form in order to execute code in SQL-Ledger or LedgerSMB...
Sun Java System Web Server: information disclosure
An attacker can use a malicious url in order to obtain information stored on server...
libwpd, OpenOffice: integer overflows via a Word Perfect file
An attacker can create a malicious Word Perfect file in order to execute code on computer of victims opening it with a software linked with libwpd...
WebSphere AS: JSP code disclosure
IBM published a synthesis document on 4 old vulnerabilities permitting an attacker to obtain JSP source code...
PHP: double free in array_user_key_compare
An attacker can create a script indirectly using array_user_key_compare() in order to execute code with PHP rights...
WebCalendar: altering variables via noSet
An attacker can modify the noSet variable to alter some global variables...
PHP: buffer overflow of ibase_connect
An attacker can create a script using ibase_connect() or ibase_pconnect() in order to execute code...
PHP: double free of session_id
An attacker can create a script using session_id() in order to execute code with PHP rights...
PHP: double free of session_regenerate_id
An attacker can create a script using session_regenerate_id() in order to execute code with PHP rights...
Cisco: Cross Site Scripting of online help
An attacker can generate a Cross Site Scripting attack on Cisco products with online help activated...
IMP: several Cross Site Scripting
An attacker can send malicious HTML emails in order to conduct Cross Site Scripting attacks...
Horde: several vulnerabilities
The Horde environment has two vulnerabilities...
Sun Java System Web Server: access with a revoked certificate
In some cases, an attacker can access to an instance even if his certificate was revoked...
Trend Micro: denial of service of UPX
An attacker can create a malicious UPX program in order to stop Trend Micro antiviruses...
Tomcat: directory traversal via a backslash
When Tomcat is configured with Apache httpd, an attacker can use a backslash to access some directories...
IE: phishing via navcancl.htm
An attacker can use res://ieframe.dll/navcancl.htm in order to generate a phishing attack...
RHEL, Fedora: file access via Xen, QEMU and VNC
On a virtualized system, with QEMU and a VNC server, an attacker can access to files as root...
CUPS: denial of service via SSL
When SSL is activated, an attacker can forbid access to service for users...
Linux kernel, netfilter: IPv6 fragments accepted as ESTABLISHED
IPv6 fragments are incorrectly classified as ESTABLISHED...

   

Direct access to page 1 21 41 61 81 101 121 141 161 169 170 171 172 173 174 175 176 177 179 181 182 183 184 185 186 187 188 189 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1053