The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Linux kernel: reading memory via setsockopt on L2CAP or HCI
A local attacker can read a memory fragment via setsockopt() on a L2CAP or HCI socket...
WebCalendar: Cross Site Scripting of export_handler.php
An attacker can use the format parameter of WebCalendar in order to generate a Cross Site Scripting attack...
ZoneAlarm: memory corruption of srescan.sys
A local attacker can use two IOCTL in order to corrupt memory via the srescan.sys driver...
OpenSSH: account enumeration via S/Key
When S/Key is activated on OpenSSH, an attacker can detect valid login names...
PostgreSQL: privilege elevation via search_path
An attacker can store a malicious function in search_path, then call a SECURITY DEFINER function, in order to execute his function with privileges of another user...
HP-UX: denial of service of sendmail
An attacker can generate an infinite loop in sendmail...
Nortel VPN Router: 3 vulnerabilities
Three vulnerabilities affect Nortel VPN Router, the worst one permits a remote access...
Windows: buffer overflow via an HLP file
An attacker can create a malicious HLP file and invite victim to open it to execute code on his computer...
BMC Patrol, Performance Manager: two vulnerabilities
Two vulnerabilities affect BMC Patrol and Performance Manager...
Sun Java Web Console: format string attack
A network attacker can exploit a format string attack in Sun Java Web Console in order to execute code...
ProFTPD: incorrect authentication with several Auth API
When several authentication API are configured, an attacker can combine their parameters to authenticate...
McAfee VirusScan: overflow with a long filename
On a multi-byte system, a buffer overflow occurs in McAfee On-Access scanner during the analysis of a file with a long filename...
Oracle AS: several vulnerabilities of April 2007
Several vulnerabilities are corrected by CPU of April 2007...
Oracle Database: several vulnerabilities of April 2007
Several vulnerabilities are corrected by CPU of April 2007...
Windows: DNS cache corruption via a forwarder and a birthday attack
An attacker can combine two vulnerabilities to more easily poison Windows DNS service cache...
Windows: DNS cache corruption via a forwarder
Windows DNS server does not check if answers from forwarders are authoritatives...
Linux kernel: replaying IPSec packets
In some cases, an attacker can replay IPSec packets...
ZoneAlarm: memory corruption via NtCreateKey and NtDeleteFile
A local attacker can use NtCreateKey() and NtDeleteFile() functions in order to generate a denial of service, and eventually to execute code...
ClamAV: vulnerabilities of CHM, CAB and PDF
An attacker can create CHM, CAB and PDF files leading to denials of service or to code execution on ClamAV...
Solaris: denial of service via IP fragments
An attacker can send numerous IP fragments in order to overload system...
Cisco WLC, LWAPP: several vulnerabilities
An attacker can generate denials of service or code execution in Cisco Wireless LAN Controller and Cisco Lightweight Access Points...
Windows: buffer overflow of DNS service
An attacker can use RPC to create an overflow in DNS service...
Ipsec-tools: denial of service
An attacker can send a DELETE or NOTIFY message in order to create a denial of service...
FreeRADIUS: denial of service via Diameter
An attacker can create a memory leak via a malformed RADIUS query...
Quagga: denial of service of bgpd
A peer can send an UPDATE message in order to stop bgpd daemon...
mod_perl: denial of service of PATH_INFO
An attacker can use a special uri in order to overload web server...
OpenLDAP: connexion as root via ldapi
Under HP-UX, AIX and Solaris, a local attacker can connect as root via ldapi...
Apache httpd: several vulnerabilities of suEXEC
In some particular cases, vulnerabilities of suEXEC permit a local attacker to elevate his privileges or to create files...
Windows: privilege elevation via VDM Zero Page
A local attacker can alter the zero page in order to elevate his privileges on systems with a x86 processor...

   

Direct access to page 1 21 41 61 81 101 121 141 161 172 173 174 175 176 177 178 179 180 182 184 185 186 187 188 189 190 191 192 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1080