The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Microsoft Virtual PC/Server: privilege elevation
An attacker in a guest system can execute privileged code in his guest system of Microsoft Virtual PC/Server...
ISA 2006: bypassing the Radius OTP authentication
In some configurations, an attacker knowing a username can access to resources protected by ISA Server 2006...
Office Publisher: code execution
An attacker can invite the victim to open a malicious Office Publisher file in order to execute code on his computer...
Windows, IE: code execution via Embedded OpenType Font
An attacker can create a web page containing a malicious Embedded OpenType Font leading to code execution...
Windows: code execution via DirectShow
Three vulnerabilities of DirectShow can be used by an attacker to execute code on victim's computer...
Microsoft Office Web Components: memory corruption
An attacker can invite the victim to see an HTML page in order to corrupt the memory of a Microsoft Office Web Components ActiveX, leading to code execution...
Retina Network Security Scanner: buffer overflow of RWS
An attacker can invite the victim to open a malicious RWS file with Retina Wireless Scanner in order to execute code...
Apache httpd: denial of service of mod_deflate
An attacker can force the mod_deflate module of Apache httpd to consume CPU resources...
AIX: buffer overflow of syscall
A local attacker can generate two buffer overflows in system calls under AIX, in order to elevate his privileges...
OpenSolaris: file reading via xscreensaver
A local attacker can create a symbolic link in order to read a local file via a vulnerability of xscreensaver...
MySQL: format string attack via CREATE_DB/DROP_DB
A local attacker, with the privilege to create or drop a database, can generate a format string attack in MySQL in order to execute code with rights of the daemon...
Citrix XenCenterWeb: several vulnerabilities
An attacker can execute JavaScript, SQL or shell code via several Citrix XenCenterWeb vulnerabilities...
Socks Server: malicious request sending
An attacker can send a malicious query to Socks Server, so that it will send another malicious query...
Perl IO-Socket-SSL: incorrect check of the certificate
An attacker can setup a client or a server with a malicious SSL certificate, which is not detected by the IO::Socket::SSL module for Perl...
TCP: denial of service Nkiller2
An attacker can use TCP Windows with a zero size in order to overload a TCP server...
OpenSolaris: denial of service via proc
A local attacker on a x86 processor can use /proc in order to stop the system...
IE: buffer overflow of Microsoft Video Control MPEG2TuneRequest
An attacker can invite the victim to see an HTML page in order to generate an overflow in the Microsoft Video Control MPEG2TuneRequest ActiveX, leading to code execution...
Sun Web Server: reading JSP code
When Sun Java System Web Server is installed under Windows, an attacker can use a special query in order to read the source code of JSP pages...
TYPO3: redirect with jumpUrl
An attacker can use jumpUrl to redirect TYPO3 users to a file forbidden by fileDenyPattern...
Solaris: file altering via Lightweight Availability Collection Tool
A local attacker can use a symbolic link in order to force Lightweight Availability Collection Tool to corrupt a file...
Apache httpd: denial of service of mod_proxy
An attacker can use a malicious query in order to generate a denial of service of mod_proxy in reverse proxy mode...
Solaris: bypassing nfs_portmon
A NFSv4 client can bypass the nfs_portmon directive in order to connect to the server...
Solaris: denial of service via UDP and TE
When Solaris Trusted Extensions are enabled and when some patches are installed, an attacker can use UDP packets to stop the system...
phpMyAdmin: Cross Site Scripting of bookmark
An attacker can use the bookmark feature to generate a Cross Site Scripting in phpMyAdmin...
HP-UX: denial of service via ONCplus NFS
A local attacker can create a denial of service on the NFS component of ONCplus...
phpMyAdmin: Cross Site Scripting of db
An attacker can use the db parameter to generate a Cross Site Scripting in phpMyAdmin...
Joomla: several vulnerabilities
An attacker can execute JavaScript code in the context of the web site, or obtain internal information on Joomla...
Linux kernel: denial of service via KVM and CR3
An attacker inside a KVM guest system can use the CR3 register in order to generate a denial of service...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 242 243 244 245 246 247 248 249 250 252 254 255 256 257 258 259 260 261 262 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1103