The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Firefox 2.0: several vulnerabilities
Several vulnerabilities were announced in Firefox 2.0, the worst one leading to code execution...
Solaris: denial of service of inetd
A local attacker can stop the inetd service...
Solaris: denial of service of in.iked
A local or remote attacker can stop in.iked daemon...
file: integer overflow
An attacker can create a malicious file corrupting memory of file utility...
Firefox: installing malicious extensions
An attacker can alter a DNS server in order to force Firefox to replace an extension by a malicious update...
Apache httpd: denials of service
An attacker, who can execute code in a process of prefork MPM module, can generate three denials of service...
OTRS: Cross Site Scripting of Subaction
An attacker can exploit a Cross Site Scripting attack using the Subaction parameter of OTRS...
Sun Java System Web Proxy Server: buffer overflows of socks
A non authenticated attacker can execute code on Sun Java System Web Proxy Server using overflows of SOCKS...
Symantec ESM: denial of service via a scan
An attacker can scan some Symantec ESM ports in order to overload the processor...
Solaris: denial of service of NFS via acl
A network attacker can stop system using a malicious NFS query...
Net-SNMP: denial of service via sub-agentx
A malicious sub-agentx can prematurely disconnect its TCP session in order to generate an error in the master-agentx...
Linux kernel: information leak on GEODE-AES
On a AMD GEODE LX processor, a local attacker can obtain sensitive information...
GForge: command execution via CVS plugin
An attacker can use a special url in order to inject shell commands in CVS plugin of GForge...
Sun Java System Messaging: Cross Site Scripting of errorHTML
An attacker may execute Javascript code in the browser of an user, by using a malicious email...
Avast antivirus: memory corruption via a CAB or SIS file
An attacker can create a malicious CAB or SIS file leading to code execution on antivirus...
teTeX: buffer overflow of makeindex
An attacker can invite victim to open a malicious file with teTex in order to generate an overflow on the computer...
IIS: reading files via Hit-highlighting
An attacker can use the Hit-highlighting feature in order to access to files protected by an authentication or by an IP address restriction...
Cisco IOS: denials of service of SSL
A malicious SSL client can generate a denial of service by sending incorrect messages...
Cisco, RSA BSAFE: denial of service via ASN.1
An attacker can use a malicious ASN.1 encoding in order to generate a denial of service in applications linked to RSA BSAFE Crypto-C and Cert-C...
FreeType: integer overflow via TTF
An attacker can create a TTF font file leading to an integer overflow in FreeType...
MySQL: information disclosure via PARTITION
A local attacker, without SELECT privilege on a table, can obtain values of its columns...
Mutt: buffer overflow via GECOS field
In some cases, a local attacker can execute code when an user runs Mutt...
Norton Internet Security: buffer overflow of ISAlertDataCOM
An attacker can generate an overflow in the ISLALERT.DLL ActiveX...
MySQL: renaming a table without DROP privilege
An attacker can rename a table even if he does not have the DROP privilege...
MySQL: privilege elevation via INVOKER
An attacker can execute a procedure with INVOKER attribute in order to elevate his privileges in another database...
Linux kernel: overflow of dn_fib_props and fib_props
A local attacker can create an overflow in dn_fib_props and fib_props arrays in order to create a denial of service, and eventually to elevate his privileges...
libpng: denial of service via tRNS
An attacker can create a PNG image containing an invalid tRNS chunk in order to stop applications linked to libpng...
Vixie cron: denial of service via a link
A local attacker can create a hard link in order to stop Vixie-cron...
Tomcat JK Connector: access to a protected application
An attacker can use a double url encoding in order to access to a protected application...

   

Direct access to page 1 21 41 61 81 101 121 141 161 175 176 177 178 179 180 181 182 183 185 187 188 189 190 191 192 193 194 195 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1078