The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Sophos AV: privilege elevation via SAVOnAccessFilter
A local attacker can use a vulnerability of the SAVOnAccessFilter driver, in order to obtain system privileges...
Cisco Unified Contact Center Express: two vulnerabilities
An attacker can generate a denial of service or read a file via Cisco Unified Contact Center Express...
OpenView NNM: code execution
Three vulnerabilities of HP OpenView Network Node Manager can be used by a remote attacker to execute code...
IIS: code execution via Extended Protection
In a special configuration of IIS, an attacker can send a malicious query, in order to execute code in the WPI context...
Microsoft SharePoint, InfoPath: three vulnerabilities
Three vulnerabilities of Microsoft SharePoint and InfoPath can be used by an attacker to generate a Cross Site Scripting, to obtain information, or to create a denial of service...
Excel: code execution
An attacker can invite the victim to open a malicious Excel document, in order to execute code on his computer...
Windows: privilege elevation via CFF
A local attacker can use an OpenType Compact Font Format font, in order to obtain system privileges...
Excel, PowerPoint, Publisher, Visio, Word: code execution via COM
An attacker can invite the victim to open a malicious Office document, in order to execute code on his computer...
Internet Explorer: multiple vulnerabilities
Several vulnerabilities of Internet Explorer lead to code execution...
IE: vulnerabilities of several ActiveX
Several ActiveX can be used by a remote attacker to generate a denial of service or to execute code...
Windows: code execution via Media
Four Windows media components are impacted by two vulnerabilities, leading to code execution...
Windows: privilege elevation via win32k.sys
A local attacker can use three vulnerabilities of the win32k.sys driver, in order to elevate his privileges...
Linux kernel: file modification via ext4 MOVE_EXT
On an ext4 filesystem, a local attacker can use the MOVE_EXT ioctl, in order to alter a file with the AppendOnly or Immutable attribute...
Adobe Flash, Reader: code execution via AVM2
An attacker can invite the victim to display a malicious Flash document, or a PDF document containing malicious Flash data, in order to execute code on his computer...
OpenOffice.org: two vulnerabilities
An attacker can invite the victim to open a malicious document with OpenOffice.org, in order to execute code on his computer...
Linux NFS: file corruption by rpcbind
A local attacker can create a symbolic link, in order to force Linux NFS rpcbind to corrupt a file...
CA ARCserve Backup: information disclosure
A local attacker can use a vulnerability of CA ARCserve Backup, in order to obtain information...
sudo: bypassing secure path
When sudo calls some programs, a local attacker can bypass the "secure path" feature, in order to elevate his privileges...
OpenSSL: information disclosure via EVP_PKEY_verifyrecover
When an application uses EVP_PKEY_verifyrecover(), an attacker can obtain information...
OpenSSL: memory corruption via CMS
When an application uses CMS, an attacker can corrupt the memory, in order to create a denial of service or to execute code...
ISC DHCP: denial of service via Client Identifier
A network attacker can send a malicious DHCP packet, in order to stop the ISC DHCP server...
Linux kernel: bypassing quota on ext4
On an ext4 filesystem, a local attacker can use the posix_fallocate() function, in order to create a file larger than the defined limit...
IBM DB2 9.7: four vulnerabilities
An attacker can use four vulnerabilities of IBM DB2, in order to obtain data, to create a denial of service, or to execute code...
exim: file corruption
A local attacker can corrupt a victim's file, by sending him an email managed by exim...
Joomla: several Cross Site Scripting
An attacker can use several Cross Site Scripting of the administration interface of Joomla, in order to execute privileged JavaScript code...
Ghostscript: execution of gs_init.ps
When Ghostscript is run from a writable directory, it can run malicious PostScript code...
Heimdal: denial of service via KDC and GSS-API
An authenticated attacker can send a malicious ticket or a GSS-API token, in order to stop Heimdal KDC or GSS-API applications...
FreeBSD: privilege elevation via the NFS client
A local attacker can mount a malicious NFS filesystem, in order to generate a buffer overflow, and to obtain root privileges...
FreeBSD: directory access via jail
In some FreeBSD jail usage cases, an attacker inside the jail can access to an external directory...
libopie: overflow of one byte
An attacker can use a special login name, in order to generate an overflow of one byte in applications linked to libopie, leading to a denial of service, and possibly to code execution...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 270 271 272 273 274 275 276 277 278 280 282 283 284 285 286 287 288 289 290 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1105