The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
3 Oracle Database: several vulnerabilities of July 2010
Several vulnerabilities of Oracle Database are corrected by the CPU of July 2010...
3 Outlook: code execution via SMB
An attacker can send an email with an attachment pointing to a SMB server, in order to execute a program via Microsoft Office Outlook...
4 Access, IE: code execution via two ActiveX
An attacker can use two ActiveX installed by Microsoft Office Access, in order to execute code...
3 Ghostscript: buffer overflow of BaseFont
An attacker can invite the victim to open a malicious PDF file with Ghostscript, in order to execute code on his computer...
1 GNU gv: file corruption
A local attacker can create a symbolic link, when GNU gv calls gs to display a PDF file, in order to corrupt the file pointed by the link...
2 FreeBSD, NetBSD: integer overflows of netsmb
When the netsmb module is enabled on FreeBSD/NetBSD, a local attacker can generate overflows, in order to create a denial of service or to elevate his privileges...
2 FreeBSD: file corruption via mbuf
A local attacker can use the sendfile() function, which uses mbufs, in order to corrupt readable files...
3 iscsitarget, iscsi-scst, tgt: buffer overflow
An attacker can generate a buffer overflow in SCSI Enterprise Target products, in order to create a denial of service or to execute code...
2 Cacti: several Cross Site Scripting
Several Cross Site Scripting of Cacti can be used by an attacker in order to execute JavaScript code in the context of the web site...
2 Apache Tomcat: session tempering via Transfer-Encoding
An attacker can use the HTTP Transfer-Encoding header, in order to temper Apache Tomcat sessions...
2 Linux kernel: changing GFS2 ACL
A local attacker can change ACLs of GFS2 files, in order to access to them...
2 Exchange 2007: Cross Site Request Forgery of OWA
An attacker can invite the victim to see a malicious HTML page, while he is authenticated to the Exchange OWA webmail, in order to access to his mail account...
3 Cisco IE 3000: default SNMP communities
The Cisco Industrial Ethernet 3000 product has two SNMP community names allowing a read/write access...
2 Panda AV, IS: buffer overflow of RKPavProc.sys
A local attacker can generate a buffer overflow in the Panda RKPavProc.sys driver, in order to obtain system privileges...
2 Linux kernel: denial of service via NFS read_buf
When the NFSd service is enabled in the Linux kernel, an authenticated remote attacker can stop the kernel...
2 FastJar: file extraction outside current directory
An attacker can create a malicious jar archive, and invite the victim to open it with FastJar, in order to create files outside the current directory...
2 RPM: no reset of file privileges
When the rpm command updates a package, suid/sgid bits and POSIX capabilities are not reset on files cloned by a hard link...
2 Avahi: denial of service via DNS
An attacker can send a malformed DNS packet, in order to stop the Avahi daemon...
1 Sun Java Web Server: denial of service of the administration interface
When an attacker is allowed to connect to the port of the web administration interface of Sun Java Web Server, he can send a malicious HTTP query in order to stop the service...
2 Windows: buffer overflow of UpdateFrameTitleForDocument
An attacker can invite the victim to open a document with an application which changes the title of the window with UpdateFrameTitleForDocument(), in order to execute code on his computer...
3 IIS: authentication bypass via Index_Allocation
An attacker can use an Alternate Data Stream, in order to access to files located in a directory protected by an IIS authentication...
2 Cisco CSS, ACE: bypassing certificate authentication
An attacker can add HTTP headers, in order to bypass the certificate authentication of Cisco Series Content Services and Cisco Application Control Engine...
2 Windows: privilege elevation via NtUserCheckAccessForIntegrityLevel
A local attacker can use the NtUserCheckAccessForIntegrityLevel() system call, in order to create a denial of service or to execute code with system privileges...
2 Cisco ASA: several vulnerabilities
An attacker can use several Cisco ASA vulnerabilities, in order to generate a denial of service or to bypass access restrictions...
4 Adobe Reader, Acrobat: code execution
An attacker can create a malicious PDF document, in order to execute code on the computer of victims opening this document...
2 Citrix XenServer: denial of service via pvops
An attacker located in a Citrix XenServer guest system can use some system calls to stop the host...
1 MySQL: denial of service via ALTER DATABASE
A local attacker with the ALTER DATABASE privilege on a database can create a denial of service on all databases...
2 Linux kernel: buffer overflow of ETHTOOL_GRXCLSRLALL
An attacker can generate a buffer overflow in ETHTOOL_GRXCLSRLALL, in order to create a denial of service or to execute code...
3 libpng: two vulnerabilities
An attacker can invite the victim to display a malicious PNG image, in order to generate a denial of service or to execute code in applications linked to libpng...
2 Cisco ASA: HTTP Response Splitting
An attacker can invite the victim to click on a malicious url, in order to inject HTTP headers in the reply of the Cisco ASA web site...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 272 273 274 275 276 277 278 279 280 282 284 285 286 287 288 289 290 291 292 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 994