The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Ruby: several vulnerabilities
Thee vulnerabilities of Ruby permit to bypass the authentication, to use a Cross Site Scripting attack or to create a denial of service...
teTeX: vulnerabilities of dvips and dviljk
An attacker can use several vulnerabilities of teTeX tools in order to execute code or to obtain information...
Windows: weakness in random generator
A unprivileged local attacker can rebuild state of Windows pseudo random number generator...
MySQL: denial of service via CONTAINS
An authenticated attacker can use a SQL query with CONTAINS in order to stop the database...
PCRE: overflow of regular expressions
When attacker can change the regular expression used by a program, he can corrupt its memory in order for example to execute code...
Linux kernel: denial of service of tcp_sacktag_write_queue
An attacker can send a packet with SACK in order to create a denial of service...
Linux kernel: denial of service of wait_task_stopped
A local attacker can create a denial of service via an error of wait_task_stopped()...
Firefox, Netscape: spoofing via subjectAltName dNSName
An attacker can create a SSL certificate using the subjectAltName:dNSName extension, whose warning dialog will not be displayed...
Microsoft Jet: buffer overflow via Access
An attacker can use a buffer overflow of Microsoft Jet Database Engine to run code on computer...
FLAC: several vulnerabilities
Several memory corruptions of FLAC permit an attacker to execute code on computer of victim...
WebSphere AS 5.1.1: Cross Site Scripting of Expect
An attacker can create a Cross Site Scripting attack via the Expect header...
Samba: vulnerabilities of nmbd
Two vulnerabilities of nmbd permit a remote attacker to create a denial of service or to execute code...
nss_ldap: user data inversion
In some situations, nss_ldap can return data about another user...
PEAR MDB2: url insertion
By conception, the PEAR MDB2 module inserts the content of urls in the database...
IBM WebSphere MQ: several memory corruptions
A remote attacker can exploit 6 corruptions in IBM WebSphere MQ 6.0...
Linux kernel: buffer overflow of CIFS VFS
A malicious CIFS server can create an overflow in the CIFS client of the kernel...
Oracle DB: access during installation
An attacker can connect as SYS or SYSTEM during installation of the database...
Windows DNS: predictability of query ids
An attacker can predict query ids in order for example to poison the DNS server cache...
Novell Client: privilege elevation via NWFILTER.SYS
A local attacker can execute code in the kernel via a vulnerability of NWFILTER.SYS...
Oracle DB: privilege elevation via BECOME USER
An attacker with the DBA or IMP_FULL_DATABASE role can become SYSDBA...
Link Grammar: buffer overflow of separate_sentence
An attacker can create a malicious document in order to execute code on computer of Link Grammar users...
Ruby: incorrect validation of SSL certificate
Several Ruby libraries do not check the real name of remote server...
Thomson SpeedTouch: several vulnerabilities
Several vulnerabilities of Thomson SpeedTouch permit an attacker to create Cross Site Scripting attacks or to elevate his privileges...
phpMyAdmin: Cross Site Scripting of database name
An attacker can create two Cross Site Scripting attacks in phpMyAdmin...
WinPcap: privilege elevation
A local attacker can elevate his privileges or create a denial of service via WinPcap...
Plone: code execution via statusmessages and linkintegrity
An attacker can use special data in order to execute code in statusmessages and linkintegrity modules of Plone...
PCRE: integer overflows of regular expressions
When attacker can change the regular expression used by a program, he can corrupt its memory in order for example to execute code...
inotify-tools: buffer overflow of inotifytools_snprintf
An attacker can create an overflow in programs linked to the libinotifytools library...
Django: denial of service
An attacker can use the Accept-Language header in order to create a denial of service in Django...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 192 193 194 195 196 197 198 199 200 202 204 205 206 207 208 209 210 211 212 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1022