History of vulnerabilities analyzed by Vigil@nce: Windows Media Player: code execution An attacker can invite the victim to reload a multimedia document from Internet Explorer or Firefox, in order to execute code on his computer... Windows: code execution via comctl32.dll and SVG An attacker can invite the victim to open a malicious SVG image, in order to execute code in comctl32.dll... Excel: multiple vulnerabilities An attacker can invite the victim to open a malicious document with Excel, in order to execute code on his computer... Word: multiple vulnerabilities An attacker can invite the victim to open a malicious document with Word, in order to execute code on his computer... Windows: privilege elevation via OpenType An attacker can use an OpenType Font, in order to obtain system privileges... Microsoft .NET: code execution via JIT An attacker can create a malicious .NET application executing code in the JIT compiler... Windows: code execution via Embedded OpenType Font An attacker can create a Web or Office document containing a malicious Embedded OpenType Font, and then invite the victim to display it, in order to execute code on his computer... Windows Media Player: code execution via Network Sharing Service When Windows Media Player Network Sharing Service is enabled, an attacker can send malicious RTSP data, in order to corrupt the memory, which leads to code execution... Windows: several vulnerabilities of kernel Several vulnerabilities of the Windows kernel can be used by a local attacker to create a denial of service or to elevate his privileges... SharePoint: Cross Site Scripting An attacker can inject script code in a SharePoint site using the SafeHTML method to filter data... Internet Explorer: multiple vulnerabilities An attacker can invite the victim to display a malicious site with Internet Explorer, in order to execute code on his computer... Opera: five vulnerabilities An attacker can invite the victim to display a malicious site with Opera, in order to execute JavaScript code on his computer or to read information... Microsoft Visio 2007: code execution via DLL Preload An attacker can use a malicious mfc80esn.dll DLL in order to execute code in Microsoft Visio... ZODB: denial of service on Mac OS X When Zope Object Database is installed on Mac OS X, an attacker can interrupt the network session, in order to stop the service... Joomla: Cross Site Scripting An attacker can use HTML entities, in order to generate a Cross Site Scripting in Joomla... Samba: denial of service via NetBIOS An attacker can send a malicious NetBIOS packet, in order to stop Samba... Windows: buffer overflow de LPC SendRequest A local attacker can create a buffer overflow in the LPC SendRequest() function, in order to create a denial of service, and possibly to elevate his privileges... Xpdf: three vulnerabilities An attacker can create a malicious PDF document leading to a denial of service and possibly to code execution, on computers of users opening it with Xpdf, or its derivatives... libc, glibc: denial of service via glob An attacker can use a special file path, in order to force the system to consume a lot of memory resources... RSA Authentication Client: disclosure of secret keys When the RSA Authentication Client stores a secret key in an RSA SecurID 800 Authenticator, an attacker can read it... Linux kernel: memory reading via ipc A local attacker can use an IPC, in order to read bytes stored in the kernel memory... MIT krb5: memory corruption via merge_authdata An attacker can send a TGS ticket request to the MIT krb5 KDC, in order to stop it, and possibly to alter its data or to execute code... TYPO3: several vulnerabilities Several vulnerabilities of TYPO3 can be used by an attacker to obtain information, to elevate his privileges, or to create a denial of service... PostgreSQL: privilege elevation via PL A local attacker can redefine a function of a procedural language, and use a role changing mechanism, in order to elevate his privileges on PostgreSQL... Adobe Reader, Acrobat: code executions An attacker can create a malicious PDF document, in order to execute code on the computer of victims opening this document... FreeType: integer overflow in FT_Stream_Seek An attacker can invite the victim to display a malicious character font, with an application linked to FreeType, in order to create a denial of service and possibly to execute code... Dovecot: incorrect processing of ACLs In some cases, ACLs defined by the administrator are not honored by Dovecot... Trend Micro Internet Security: code execution via extSetOwner An attacker can invite the victim to browse a web page containing the UfPBCtrl.dll ActiveX of Trend Micro Internet Security, in order to execute code on his computer... MySQL: several denials of service A local attacker can use several malicious queries, in order to stop MySQL... Previous page Next pageDirect access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1102