The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Office: buffer overflow of MSO.DLL
An attacker can invite the victim to open a malicious Microsoft Office file, in order to execute code on his computer...
Windows: code execution via DirectShow and AVI
An attacker can create a malicious AVI file, in order to execute code on computers of victims seeing the video...
Windows, IE: command execution via an url
An attacker can invite the victim to click on a url, in order to execute a program located on his computer...
Windows: code execution via the SMB client
An attacker can invite the victim to connect to a malicious SMB/CIFS share, in order to execute code on his computer...
Windows Vista, 2008: vulnerabilities of TCP/IP
An attacker can use 4 vulnerabilities of TCP/IP, in order to generate a denial of service or to execute code on Windows Vista and 2008...
Linux kernel: privilege elevation via KVM
An attacker located inside a KVM guest system can execute privileged assembler instructions, on a multiprocessor system...
Linux kernel: memory access in KVM
An attacker located inside a KVM guest system can read or access memory with elevated privileges...
QEMU KVM: buffer overflow of usb_host_handle_control
An attacker inside a KVM guest system can access to an USB device, in order to generate an overflow in usb_host_handle_control() leading to a denial of service and possibly to code execution...
libcurl: buffer overflow via uncompression
An attacker, who owns a web server, can return data compressed with Deflate (zlib), in order to generate an overflow in applications linked to libcurl...
Linux kernel: denial of service via PI State
A local attacker can create a multithreaded program using the Priority Inheritance, in order to stop the kernel...
GNOME: unlocking gnome-screensaver
A local attacker can unplug a screen, in order to stop gnome-screensaver...
Linux kernel: memory reading via sys_move_pages
A local attacker can use the move_pages() system call, in order to read kernel memory pages...
HP Operations Agent: user access on Solaris
When HP Operations Agent is installed on Solaris 10, an attacker can login to the operator account...
Samba: corruption of mtab via mount.cifs
A local attacker can use the mount.cifs command, in order to inject invalid characters in the /etc/mtab file...
Oracle Database: privilege elevation via DBMS_JVM/DBMS_JAVA
An attacker, authenticated on an Oracle database, can call procedures of DBMS_JVM_EXP_PERMS and DBMS_JAVA, in order to execute commands with system privileges...
Samba: exiting the root directory
In the default writable share configuration, Samba allows the creation of symbolic links pointing outside the shared root...
WebSphere AS: SSL not used for SSO
When the Single Sign-On authentication of WebSphere is configured to enforce SSL, the session does not use SSL...
ModSecurity: denials of service
An attacker can generate several denials of service in the ModSecurity module for Apache httpd...
OpenSolaris: user access via kclient or smbadm
An attacker can guess the password used by kclient or smbadm...
GNOME: buffer overflow of gmime
An attacker can use long data, in order to generate an overflow when they are encoded with UUencode by gmime...
fetchmail: buffer overflow in verbose mode
When fetchmail is used in verbose mode, an attacker can create an X.509 certificate with special characters, in order to generate a buffer overflow...
XenServer: execution of functions of XAPI
An unauthenticated attacker can call some functions of XAPI...
IE: file reading
Two vulnerabilities of Internet Explorer can be used by a remote attacker in order to read the content of files located on victim's computer...
Linux kernel: denial of service via connector
A local attacker can force the connector driver to use all system memory, which halts the system...
NetBSD: denial of service via azalia/hdaudio
A local attacker can query the azalia and hdaudio drivers, in order to stop the system...
Thunderbird, Webmail: read detection via DNS Prefetch
An attacker can send an HTML email containing a link to a customized domain name, in order to detect if the victim read the message...
Asterisk: memory corruption via T.38
An attacker can send to Asterisk an INVITE SIP query, with a T.38 SDP, in order to stop it, or possibly to execute code...
Linux kernel: denial of service of KVM via /dev/port
In a KVM guest system, an attacker can access to /dev/port, in order to stop the system...
OpenBSD: infinite loop of ptrace
A local attacker can use ptrace() on an ancestor process, in order to generate an infinite loop...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 262 263 264 265 266 267 268 269 271 273 274 275 276 277 278 279 280 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1104