The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
util-linux: privilege elevation via mount or umount
The mount and umount programs do not correctly loose their privilege when an external helper is called...
Java JRE, Flash: bypassing DNS pinning
An attacker can create a HTML page calling a plugin and bypassing the DNS pinning protection included in web browsers...
IE, Firefox, Opera: bypassing DNS pinning
An attacker can create a HTML page bypassing the DNS pinning protection included in web browsers...
Cisco IOS: buffer overflow of LPD
An attacker allowed to change router's name can generate an overflow in LPD in order to execute code...
CiscoWorks: default password during conversion from WLSE to WCS
The utility to convert from CiscoWorks Wireless LAN Solution Engine to Cisco Wireless Control System does not force administrator to change the Linux root password...
IE: vulnerabilities of several ActiveX of October 2007
Several ActiveX permit a remote attacker to generate a denial of service or to execute code...
HP-UX: Cross Site Scripting of SMH
An attacker can generate a Cross Site Scripting in System Management Homepage...
Solaris: denial of service of labeld
Two vulnerabilities of labeld daemon permit a local attacker to stop the Trusted Extensions service...
Solaris 10: denial of service via VFS
A local attacker can overload system memory, which creates a denial of service on the computer...
Nagios Plugins: buffer overflow via check_http
A remote attacker disposing of a compromised web server can run code on a Nagios Server using Nagios Plugins...
libpng: multiples denials of service
Several errors in the libpng library can permit an attacker to create a denial of service in applications using the libpng library...
libpng: denial of service via png_set_iCCP
A local attacker can create a denial of service of an application using libpng...
OpenBSD dhcpd, ISC DHCPv2: buffer overflow
An attacker of the local network can configure his DHCP client maliciously in order to create a buffer overflow in dhcpd...
Word: code execution
An attacker can create a malicious Word document leading to code execution when it is opened...
SharePoint: Cross Site Scripting
An attacker can create a Cross Site Scripting in order to execute script with privileges of user connected to the SharePoint service...
Windows: denial of service of RPC via NTLM SSP
An attacker can use an invalid NTLM authentication in order to stop the RPCSS service and force the system to reboot...
Internet Explorer: several vulnerabilities
Several vulnerabilities of Internet Explorer lead to code execution and to address bar spoofing...
Outlook Express, Windows Mail: buffer overflow via NNTP
An attacker can setup a malicious NNTP server in order to execute code on computer of victims who connect to this server...
Windows: memory corruption via a Kodak image
An attacker can create a malicious Kodak/TIFF image in order to execute code when it is displayed in the web browser or in an email...
Solaris: denial of service of the system console
A local attacker without privileges can render the console unusable for all users...
Opal: denial of service via a SIP packet
A remote attacker can create a denial of service of an application using the Opal library by sending a malicious SIP packet...
PWLib: memory corruption via vsprintf
An memory management error in the vsprintf() function can lead to a memory corruption of application using the PWLib library...
Gforge: Cross Site Scripting in verify.php
An attacker can generate a Cross Site Scripting attack in the verify.php script of Gforge...
Java JDK/SDK/JRE: multiple vulnerabilities
Several vulnerabilities of Java JDK/SDK/JRE environment permit an attacker to access to files or to create network connections...
nfsidmap: incorrect user association
The NFSv4 ID mapper can indicate that a file is owned by root instead of nobody...
Solaris: reading memory via named pipes
A local attacker can create a named pipe and read its data in order to obtain fragments of system memory...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 188 189 190 191 192 193 194 195 196 198 200 201 202 203 204 205 206 207 208 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1020