The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
IBM Tivoli Storage Manager Client: vulnerabilities
Two vulnerabilities affect IBM Tivoli Storage Manager clients...
HP-UX: incorrect display of logins
The logins command incorrectly displays status of user's password, which may hide issues to the administrator...
Norton Internet Security, Outpost, ZoneAlarm: corruption via SSDT hooking
A local attacker can create a denial of service or corrupt memory of some software incorrectly implementing SSDT hooking...
Avahi: denial of service via D-Bus
A local attacker can stop the Avahi daemon by using a special D-Bus message...
Cacti: denials of service
An attacker can use graph_* parameters of graph_image.php in order to generate a denial of service...
OpenOffice: code execution via TIFF
An attacker can create a malicious TIFF image in order to generate an overflow in OpenOffice leading to code execution...
QuickTime: command execution via chrome
An attacker can create a malicious multimedia document, leading to code execution when it is opened in QuickTime...
NetBSD: denial of service via vga_allocattr
A local attacker can use an ioctl with negative parameters in order to force the vga_allocattr() function to read at invalid memory addresses...
MPlayer, mympc, KMPlayer: vulnerabilities of AVI
An attacker can use several vulnerabilities of AVI players in order to generate a denial of service or to execute code...
Qt: buffer overflow of QUtf8Decoder
An attacker can create an overflow when UTF-8 data are decoded by an application linked to Qt...
Lighttpd: data corruption of mod_fastcgi
An attacker can use a long HTTP header in order to force mod_fastcgi module of Lighttpd to corrupt its data...
Apache httpd: Cross Site Scripting of mod_autoindex
When mod_autoindex is activated, an attacker can generate a Cross Site Scripting attack...
PHP: bypassing open_basedir via mysql
An attacker can bypass restrictions imposed by open_basedir using the mysql extension...
Windows: code execution via MSN Messenger
An attacker can execute code on computer of victim accepting a video invitation via MSN Messenger or Windows Live Messenger...
Windows: privilege elevation via SFU
A local attacker can run a program with the suid bit in order to elevate his privileges...
Visual Studio: buffer overflow de Crystal Reports
An attacker can create a malicious RPT file in order to generate an overflow when it is opened by Microsoft Visual Studio or Business Objects Crystal Reports...
Microsoft Agent: buffer overflow via an url
An attacker can use a malicious url leading to code execution in Microsoft Agent...
Samba: privilege elevation via winbind nss info
When "winbind nss info" is configured, a primary group of zero is assigned to user...
QGit: file corruption
A local attacker can create a symbolic link in order to create or alter a file with rigths of QGit users...
Quagga: denial of service of bgpd
A peer can send a malicious OPEN or COMMUNITY message in order to stop bgpd daemon...
WebSphere AS 6.1.0: several vulnerabilities
Several vulnerabilities of WebSphere AS permit an attacker to obtain information, to create denial of service or to attack the service...
X.Org X Server: buffer overflow of Composite extension
A local attacker can elevate his privileges by generating an overflow in the Composite extension of X.Org X Server...
GForge: SQL injection
An attacker can inject SQL commands in a PHP script of GForge...
Sophos AV: evasion via CAB, LZH and RAR
An attacker can create a CAB, LZH or RAR archive containing a virus which is not detected by the antivirus...
Sophos AV: Cross Site Scripting via ZIP
An attacker can create a Cross Site Scripting on Sophos client in order to execute code on victim's computer...
Firefox, Thunderbird: command execution via mailto, nntp, news and snews
An attacker can use mailto, nntp, news and snews uris to execute commands under Windows...
Cisco PIX/ASA: password logging
When administrator tests AAA, the login and password are logged in clear text...
Symantec AV, Norton AV, IS, PF: memory corruption via SymTDI.sys
A local attacker can use the SymTDI.sys driver in order to create a denial of service, and eventually elevate his privileges...
Visual Basic 6: buffer overflow via VBP
An attacker can create a malicious VBP project generating an overflow when it is opened...
AIX: several vulnerabilities
Several vulnerabilities permit a local attacker to elevate his privileges...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 186 187 188 189 190 191 192 193 194 196 198 199 200 201 202 203 204 205 206 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1020