The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Adobe Shockwave Player: code execution
An attacker can invite the victim to display a page containing a malicious Shockwave application, in order to execute code on his computer...
Cisco IronPort Desktop Flag: unencrypted email sent
When the user wants to encrypt several emails via the Cisco IronPort Desktop Flag plug-in for Microsoft Outlook, only the first one is encrypted...
OpenView NNM: code execution
Six vulnerabilities of HP OpenView Network Node Manager can be used by a remote attacker to execute code...
Microsoft Office: code execution via Visual Basic for Applications
An attacker can invite the victim to open an Office document containing VB code and an ActiveX, in order to execute code on his computer...
Outlook Express, Windows Mail: code execution
An attacker can setup a malicious POP/IMAP server, and invite the victim to connect with Outlook Express or Windows Mail, in order to execute code on his computer...
HP Performance Center Agent: code execution
A non authenticated attacker can connect to HP Performance Center Agent running on Windows, in order to execute code...
Antivirus: bypassing SSDT Hooking
When an antivirus redirects the SSDT to detect viruses, a local attacker can use an atomicity error, in order to bypass this protection...
teTeX: several vulnerabilities of dvips and dvipng
An attacker can create a malicious DVI file and invite the victim to open it with teTeX tools, in order to create a denial of service and possibly to execute code...
PCRE: buffer overflow
When the attacker can change a PCRE regular expression, he can generate an overflow in an application using the PCRE library, leading to a denial of service and possibly to code execution...
Wireshark: denial of service via DOCSIS
An attacker can send a DOCSIS packet to a network captured by Wireshark, or invite the victim to open a capture containing a DOCSIS packet, in order to stop Wireshark...
RealVNC: denial of service via ClientCutText
An authenticated attacker can send the ClientCutText message to RealVNC, in order to stop it...
Exchange, Windows: DNS poisoning
An attacker can poison the DNS cache of Microsoft Exchange Server and Windows SMTP Service...
PHP: several vulnerabilities
Several PHP vulnerabilities can be used by an attacker to obtain information, to create a denial of service or possibly to execute code...
PHP: integer overflow of dechunk
An attacker can generate an integer overflow in the PHP filter reassembling HTTP chunk encoded data...
WebSphere AS 7: eleven vulnerabilities
An attacker can obtain information or generate a denial of service via Websphere Application Server...
WebSphere AS 7: three vulnerabilities
An attacker can generate a Cross Site Scripting, create a denial of service or obtain information via Websphere Application Server...
Opera: memory corruption via asynchronous modifications
An HTML page can contain JavaScript code changing the document asynchronously, in order to corrupt the memory of Opera, which leads to a denial of service, and possibly to code execution...
Linux kernel: memory access via PowerPC KGDB
When the kernel is compiled with the KGDB support, and when it runs on a PowerPC processor, a local attacker can write in all memory pages...
Microsoft SharePoint Server: Cross Site Scripting via help.aspx
An attacker can use the help page of Microsoft SharePoint Server, in order to generate a Cross Site Scripting...
WebSphere MQ: denial of service via Channel Control
An authenticated attacker can send malicious Channel Control data, in order to stop the channel process of WebSphere MQ...
Linux kernel: denial of service via SCTP
An attacker can send a malformed SCTP packet, in order to stop the kernel...
Xorg: memory corruption via the Render extension
A local attacker can generate an error in the Render extension of Xorg, in order to stop the service and possibly to execute code with root privileges...
Linux kernel: denial of service via find_keyring_by_name
A local attacker can use keyctl, in order to force the kernel to use an invalid memory area, which stops it...
Linux kernel: memory corruption via GFS2
A local attacker can manipulate files on a GFS2 filesystem, in order to create a denial of service and possibly to execute code...
OpenBSD: denial of service via pfsync with IPSEC
When the OpenBSD kernel is compiled with IPSEC, the replication of tunnels by pfsync stops the system...
JBoss Enterprise Application Platform: three vulnerabilities
An attacker can use three vulnerabilities of JBoss Enterprise Application Platform, in order to access to the console or to obtain sensitive information...
NetBSD: disabled amd64 NX
On an amd64 processor, the NetBSD kernel does not manage the NX bit, so an attack can be easier...
Joomla: four vulnerabilities
Four vulnerabilities of Joomla! can be used by a attacker in order to modify data or obtain information, or to access to an account...
IBM DB2 9.1: two vulnerabilities
An attacker can use two vulnerabilities of IBM DB2, in order to obtain data, to create a denial of service, or to execute code...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 268 269 270 271 272 273 274 275 276 278 280 281 282 283 284 285 286 287 288 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1102