The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
pam_ssh: execution of ssh-agent with the root group
The pam_ssh module calls the ssh-agent program with privileges of the root group...
OpenOffice: code execution via npsoplugin.dll
An attacker can invite the victim to browse a malicious web site, with the OpenOffice plugin, in order to execute code on his computer...
Gimp: buffer overflow via PSP
An attacker can invite the victim to open a malicious PSP image with Gimp, in order to generate an overflow, leading to code execution...
Gimp: integer overflow via PCX
An attacker can invite the victim to open a malicious PCX image with Gimp, in order to generate an integer overflow, leading to code execution...
Linux kernel: denial of service via ksm_do_scan
A local attacker can use the KSM feature, in order to stop the kernel...
Linux kernel: denial of service via key_replace_session_keyring
A local attacker can use the keyctl() system call, in order to create a denial of service...
Linux kernel: buffer overflow via ldm_frag_add
An attacker can mount a device with a malicious Windows Logical Disk Manager partition, in order to corrupt the kernel memory, which leads to a denial of service or to code execution...
libgnomesu: privilege elevation
A local attacker can use /usr/lib/libgnomesu/gnomesu-pam-backend, in order to elevate his privileges...
VLC: integer overflow via XSPF
An attacker can invite the victim to open a malicious XSPF file with VLC, in order to execute code on his computer...
Adobe Flash: Cross Site Scripting
An attacker can invite the victim to visit a site which uses Adobe Flash Player, in order to execute JavaScript code on another site...
WebSphere MQ: allowance of revoked certificates
The WebSphere MQ product does not reject revoked SSL certificates, so an attacker can continue to access to the service...
VMware Infrastructure: memory corruption of VI Client
An attacker can instantiate the VI Client ActiveX provided by VMware Infrastructure 3, in order to execute code in Internet Explorer...
VMware: three vulnerabilities of mount.vmhgfs
Three vulnerabilities of VMware products can be used by an attacker in order to obtain information or to elevate his privileges...
Wireshark: six vulnerabilities
Several vulnerabilities of Wireshark can be used by a remote attacker to create a denial of service or to execute code...
Symantec Mail Security: buffer overflow of Autonomy Verity Keyview PRZ
An attacker can send a malicious PRZ file, in order to generate an overflow in the Autonomy Verity Keyview PRZ Reader Filter component of Symantec Mail Security, and then to execute code...
Asterisk: denial of service via SIP URI
An attacker can use an invalid uri during a SIP conversation, in order to stop Asterisk...
GNOME Display Manager: execution of a web browser
An unauthenticated attacker can start a web browser with privileges of the "gdm" user...
Nagios: Cross Site Scripting of config.cgi
An attacker can use the config.cgi program of Nagios, in order to generate a Cross Site Scripting...
Cisco Unified IP Phones 7900: three vulnerabilities
An attacker can use three vulnerabilities of Cisco Unified IP Phones 7900 Series, in order to execute code...
Subversion: three vulnerabilities of mod_dav_svn
An attacker can use three vulnerabilities of Subversion, in order to create a denial of service or to obtain the content of hidden files...
Firefox: permanent storage of certificates
Firefox stores untrusted certificates permanently even if the user does not want it...
Tivoli Management Framework: buffer overflow via http
An attacker can send a HTTP request with malicious parameters, leading to a denial of service or to code execution...
libxml2: memory corruption via XPath
An attacker can use the XPath language to corrupt the libxml2 memory, in order to create a denial of service or to execute code...
Xen: denial of service via get_free_port
An attacker can use a malicious "event channels" connection, in order to create a denial of service or to execute code...
Forticlient: file corrupted via lock
A local attacker can create a symbolic link on a file, in order to force FortiClient to overwrite a file with root privileges...
Linux kernel: denial of service via socket backlog
A local attacker can send numerous packets to a socket listening on the loopback, in order to stop the system...
fetchmail: denial of service via STARTTLS
An attacker can invite the victim to connect with fetchmail to a TLS site, in order to create a denial of service...
Asterisk: user detection via REGISTER
An attacker can use the REGISTER method, in order to detect if a username is valid...
ISC BIND: denial of service via RRSIG
An attacker on the intranet, can send a DNS query to a recursive server ISC BIND for a nonexistent domain located on the internet, that will return a too big RRSIG response, in order to stop ISC BIND...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 304 305 306 307 308 309 310 311 312 314 316 317 318 319 320 321 322 323 324 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1023