The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Apache Tomcat: denial of service via Accept-Language
An attacker can use a malicious HTTP Accept-Language header, in order to create an infinite loop in Apache Tomcat...
Apache Tomcat: file creation via tempdir
An attacker, who is allowed to upload a malicious application on Apache Tomcat, can create files outside the temporary directory...
Wireshark: memory corruption via pcap-ng
An attacker can invite the victim to open a malicious pcap-ng file with Wireshark, in order to free uninitialized memory, which leads to a denial of service and possibly to code execution...
OpenSSH: information disclosure via Legacy Certificates
When the administrator generated Legacy Certificates with OpenSSH 5.6/5.7, the Nonce field contains 32 bytes from the memory of the ssh-keygen process...
BMC Performance: code execution via BGS_MULTIPLE_READS
An attacker can send a malicious command to BMC Performance (BMC PATROL Agent), in order to execute code with system privileges...
glibc: privilege elevation via PATH and ORIGIN
A local attacker can use the PATH/RPATH variable and $ORIGIN, in order to obtain privileges of suid/sgid programs...
OpenJDK, IcedTea6: bypassing JNLP signature
An attacker can create a Java JNLP application which is not fully signed, and which is not blocked by the OpenJDK compiled with IcedTea6...
Aruba Mobility Controller: two vulnerabilities
An attacker can use two vulnerabilities of Aruba Mobility Controller, in order to create a denial of service or to bypass the authentication...
Java JRE: denial of service via a real
An attacker can use a special double floating point number, in order to create an infinite loop in Java programs...
PostgreSQL: buffer overflow of intarray
When the intarray module is installed on PostgreSQL, an authenticated attacker can create an overflow, in order to execute code...
HP OpenView Performance Insight Server: code execution
A remote attacker can use a hidden account of HP OpenView Performance Insight Server, in order to execute code...
VLC: memory corruption via MKV
An attacker can invite the victim to open a malicious MKV file with VLC, in order to execute code on his computer...
IBM DB2 9.1: four vulnerabilities
An attacker can use four vulnerabilities of IBM DB2, in order to execute code or privileged features...
IE: script injection via MHTML
An attacker can invite the victim to see a malicious HTML page containing a mhtml uri injecting JavaScript in the reply of a web site, in order for example to obtain information...
Dotclear: SQL injection of Clearbricks
An attacker can inject data in a SQL query, via the Clearbricks dbLayer class of Dotclear...
RealPlayer: buffer overflow of vidplin.dll
An attacker can invite the victim to display a malicious AVI video with RealPlayer, in order to execute code on his computer...
AIX, EMC NetWorker: access to RPC
A network attacker can spoof UDP packets, in order to alter RPC services of AIX or EMC NetWorker, or to obtain information...
Opera: four vulnerabilities
An attacker can invite the victim to display a malicious site with Opera, in order to execute code on his computer or to read information...
ISC DHCP: denial of service via DHCPv6 Decline
An attacker can send a DHCPv6 Decline packet, followed by a normal packet, in order to stop ISC DHCP...
libuser: default password
When a LDAP user is created through libuser without indicating a password, a known default password is set...
Symantec AntiVirus: vulnerabilities of Intel Alert
Several vulnerabilities of Intel Alert Management System can be used by a remote attacker, in order to create a denial of service or to execute code...
OpenOffice.org: several vulnerabilities
An attacker can invite the victim to open a malicious document with OpenOffice.org, in order to execute code on his computer...
Cisco Content Services Gateway: two vulnerabilities
An attacker can use two vulnerabilities of Cisco Content Services Gateway, in order to bypass the security policy, or to create a denial of service...
Panda Internet Security: two vulnerabilities
A local attacker can use two IOCTL on Panda Internet Security drivers, in order to create a denial of service or to execute code...
TYPO3: Cross Site Scripting of Media/dam
An authenticated TYPO3 editor can generate a Cross Site Scripting in the Media/dam extension...
FFmpeg: three vulnerabilities
An attacker can generate several overflows in FFmpeg in order to create a denial of service or to execute code on victim's computer...
VLC: buffer overflow via a subtitle
An attacker can invite the victim to open a malicious MKV file with VLC, in order to execute code on his computer...
Opera: integer overflow of SELECT OPTION
An attacker can create an HTML document containing a large combo, in order to generate an integer overflow, leading to a denial of service or to code execution...
OpenJDK, IcedTea6: property reading
An attacker can create a malicious Java JNLP application reading some properties, without being blocked by the OpenJDK compiled with IcedTea6...
Linux kernel: buffer overflow of USB IO-Warrior
When an USB Code Mercenaries IO-Warrior is installed, a local attacker can generate a buffer overflow, in order to create a denial of service or possibly to execute code...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 291 292 293 294 295 296 297 298 299 301 303 304 305 306 307 308 309 310 311 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1023