The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Apache httpd: diversion despite TLS Wildcard
When an Apache httpd server has a SSL/TLS Wildcard certificate, an attacker can redirect the victim to this server, in order for example to inject scripts in the context of another site...
PHP: memory corruption via substr_replace
An attacker can use the substr_replace() function in a malicious PHP code, in order to stop the interpreter, and possibly to execute code...
Nagios: Cross Site Scripting via statusmap
An attacker can create a Cross Site Scripting in the statusmap.cgi program of Nagios, in order to execute JavaScript code in the context of the connected administrator...
Linux kernel: denial of service via InfiniBand cm_work_handler
A local attacker can create two threads writing to an InfiniBand device, in order to stop the system...
nss-pam-ldapd: user access
The version 0.8.0 of nss-pam-ldapd allows an attacker to authenticate under the account of a user which is not in the LDAP directory...
libvirt: denial of service via the API
A read-only attacker can use some functions of the libvirt library, in order to create denials of service...
Linux SCSI tgt: buffer overflow via iSCSI
A network attacker can send a long iSCSI query to the tgtd daemon of Linux SCSI tgt, in order to stop it or to execute code...
Microsoft .NET: privileges elevation via Runtime Optimization Service
A local attacker can replace the Microsoft .NET Runtime Optimization service, in order to obtain system privileges...
libxslt, browsers: memory address disclosure
An attacker can use the XSLT XPath generate-id() function, in order to obtain a memory address...
Linux kernel: memory corruption via RPC
A remote attacker can send a malicious RPC query, in order to stop the kernel, and possibly to execute code...
glibc locale: unfiltered output
The result of the glibc locale command is not filtered, so an attacker can inject data in a program using this result...
Microsoft Remote Desktop Client: code execution via DLL Preload
An attacker can invite the victim to open a RDP file from a network share containing a malicious DLL, in order to execute code in Microsoft Remote Desktop Connection Client...
Microsoft Groove: code execution via DLL Preload
An attacker can invite the victim to open a Groove file from a network share containing a malicious DLL, in order to execute code in Microsoft Groove...
Windows: code execution via Windows Media
An attacker can invite the victim to open a malicious multimedia document, in order to execute code on his computer...
Joomla: several vulnerabilities
Several vulnerabilities of Joomla can be used by a attacker in order to create a denial of service, to modify data or to obtain information...
SAP: several vulnerabilities
Several vulnerabilities were announced in SAP products...
RealVNC: reading logs
A local attacker can read log files created by RealVNC...
KDE: incorrect verification of SSL certificates
An attacker can poison a DNS server and use a certificate for an IP address, in order to deceive the victim...
PHP: memory reading via shmop_read
An attacker can create a PHP script using the shmop_read() function, in order to read the memory or to stop the application...
Linux kernel: denial of service via DCCP
A local attacker can send data to a socket after its closure, in order to stop the kernel...
NetBSD: denial of service via kern.proc
A local attacker can query the process table, in order to stop the NetBSD system...
Exim, Postfix, Qmail-TLS: command injection with STARTTLS
Even when the SMTP client checks the TLS certificate of the messaging server, an attacker can inject commands in the session...
VMware ESX, ESXi: denial of service of SLP
An attacker can send a malicious SLP query to the VMware ESX/ESXi SLPD daemon, in order to overload the processor...
Linux kernel: denial of service via NFSv4 Set ACL
A local attacker can use a NFSv4 Set ACL operation with more than one memory page of data, in order to stop the system...
logrotate: file access
When logrotate is run in a directory which is writable by a local attacker, he can read or alter files...
Linux kernel: denial of service via keyctl dns_resolver
A local attacker can use an error key of type dns_resolver, in order to stop the kernel...
Linux kernel: denial of service via RDS_FLAG_CONG_BITMAP
A local attacker can use a RDS message with RDS_FLAG_CONG_BITMAP, in order to stop the kernel...
Subversion: denial of service of mod_dav_svn
An unauthenticated attacker can send a LOCK query to the HTTP Subversion service, in order to stop it...
Tomcat: ignored ServletSecurity annotation
An attacker can access to HTTP methods which should be blocked by ServletSecurity annotations...
Openfire: denial of service via a character
An attacker can send a special character to Openfire, in order to stop the victim's session...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 295 296 297 298 299 300 301 302 303 305 307 308 309 310 311 312 313 314 315 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1022