The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Microsoft Virtual PC/Server: memory access
A program which runs inside Microsoft Virtual PC/Server can read or alter data located at reserved memory addresses...
Linux kernel: infinite loop via SCTP
An attacker can send an invalid SCTP packet, in order to create an infinite loop in the kernel...
Linux kernel: denial of service via VDSO and 64 bit
On a x86_64 processor, a local attacker can protect the VDSO page and generate a segmentation error, in order to stop the system...
TYPO3: vulnerabilities of extensions
An attacker can use several vulnerabilities of TYPO3 extensions in order to generate a Cross Site Scripting or to inject SQL code...
phpMyAdmin: Cross Site Scripting of db_create.php
An attacker can use the database creation feature to generate a Cross Site Scripting in phpMyAdmin...
PHP: denial of service of xmlrpc
The xmlrpc_decode_request() function of PHP does not validate XML data, which forces a NULL pointer dereference...
Linux kernel: denial of service via GFS
A local attacker can lock a file on a GFS system, in order to stop the kernel...
Windows: code execution via Notepad
An attacker can invite the victim to open a text file with Notepad, and then to press the F1 key, in order to execute code on his computer...
GNU tar, cpio: buffer overflow via rmt
An attacker, owning a malicious rmt server, or inviting the victim to open a malicious file with GNU tar or cpio, can generate an overflow, leading to code execution...
PostgreSQL: denial of service via JOIN
An authenticated attacker can create a query containing numerous JOINs, in order to stop PostgreSQL...
IE 6, 7: code execution via iepeers.dll
An attacker can create an HTML page forcing the usage of a freed memory area in iepeers.dll, which leads to code execution...
Excel: several vulnerabilities
An attacker can invite the victim to open a malicious Excel document, in order to execute code on his computer...
Windows: code execution via Movie Maker and Producer
An attacker can invite the victim to open a malicious document with Windows Movie Maker or Microsoft Producer 2003, in order to generate a buffer overflow leading to code execution...
HP Performance Insight: code execution
A remote attacker can execute code in HP OpenView Performance Insight...
Samba: file access via CAP_DAC_OVERRIDE
The smbd daemon of Samba inherits the CAP_DAC_OVERRIDE capability, which can be used by an user to bypass file access restrictions...
SpamAssassin Milter: command execution
When SpamAssassin Milter expands email addresses, a remote attacker can execute commands on the system...
OpenSSL: buffer overflow via bn_wexpand
The OpenSSL library does not check the error code of the bn_wexpand() function, which can generate a denial of service, or lead to code execution...
ncpfs: two vulnerabilities
A local attacker can use two vulnerabilities of ncpfs, in order to obtain information or to create a denial of service...
FreeBSD, NetBSD, OpenBSD: denial of service of ftpd
An attacker can use the LIST command, in order to force ftpd to dereference a NULL pointer, which stops it...
Lotus Notes: integer overflow via KeyView
An attacker can send a malicious OLE document to a Lotus Notes user, and invite it to open it, in order to execute code on his computer...
CA SiteMinder: Cross Site Scripting via WebWorks Help
An attacker can use the WebWorks Help in order to generate a Cross Site Scripting in CA SiteMinder...
Linux kernel: denial of service via hvc_console
A local attacker can use virtio_console, in order to generate a denial of service in hvc_console...
Adobe Flash: file reading
An attacker can create a malicious Flash application, which indicates file fragments to a CIFS/SMB share...
CUPS: privilege elevation via lppasswd
A local attacker can modify the LOCALEDIR environment variable, in order to generate a format string attack in lppasswd, leading to the execution of privileged code...
OpenSSL: denial of service via Kerberos
When OpenSSL supports the Kerberos key exchange, and when the server application is in a chroot jail, an attacker can send a special ClientHello message, in order to stop the application...
Opera: memory corruption via Content-Length
An attacker can generate an HTTP answer containing a long Content-Length header, in order to corrupt the Opera memory, which leads to a denial of service or to code execution...
Cisco Unified Communications Manager: denials of service
An attacker can use SCCP, SIP or CIT messages, in order to generate denials of service on Cisco Unified Communications Manager...
Apache httpd: information disclosure via SubRequest
When Apache httpd uses a SubRequest and a multi-threaded MPM, session data can be returned to another user...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 264 265 266 267 268 269 270 271 272 274 276 277 278 279 280 281 282 283 284 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1103