The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Windows Server 2008 R2: Cross Site Scripting of Remote Desktop Web Access
An attacker can create a Cross Site Scripting in the login page of Remote Desktop Web Access, in order to execute JavaScript code in the context of the victim's web browser...
Office Visio: code execution
An attacker can invite the victim to open a malicious document with Microsoft Office Visio, in order to execute code on his computer...
Microsoft DAC, Excel: code execution via DLL Preload
An attacker can use a malicious DLL in order to execute code in Data Access Components, when an Excel file is opened...
Windows 2008: code execution via DNS
A remote attacker can use a recursive query, in order to execute code in the DNS service of Windows...
Internet Explorer: multiple vulnerabilities
An attacker can invite the victim to display a malicious site with Internet Explorer, in order to execute code on his computer...
HP OpenView Performance Insight: code execution
An attacker can use three vulnerabilities of the HP OpenView Performance Insight product, in order to execute code...
SAP J2EE Engine: privilege elevation
A remote attacker can send queries to the J2EE Engine of SAP NetWeaver, in order to add a user who is member of the administrator group...
Windows XP: denial of service via SrvGetConsoleTitle
A local attacker can call the SrvGetConsoleTitle() function, in order to stop the CSRSS service, and possibly to read a portion of its memory...
coreutils su: command injection via TIOCSTI
When the administrator calls "su -c" to execute a malicious program, this later can inject commands in the root session...
QuickTime: several vulnerabilities
Several QuickTime vulnerabilities can lead to code execution...
Linux kernel: replay packets WPA TKIP
An attacker can replay some packets using a Quality of Service on a WiFi network encrypted by WPA TKIP...
Linux kernel: memory reading via AF_PACKET
A local attacker can use an AF_PACKET socket, in order to read two bytes from the kernel memory...
ESRI ArcGIS Server: file reading via Image Extension
A remote attacker can use the Image Extension feature of ESRI ArcGIS Server with Mosaic Datasets, in order to read a file located on the server...
gdk-pixbuf: buffer overflow via gif_prepare_lzw
An attacker can create a malicious GIF image in order to create an overflow in applications linked to gdk-pixbuf...
foomatic-rip: file corruption via Debug
A local attacker can create a symbolic link during foomatic-rip Debug usage, in order to corrupt a file with privileges of the lp user...
HPLIP: file corruption via hpcupsfax
A local attacker can create a symbolic link during HPLIP usage, in order to corrupt a file with privileges of the lp user...
foomatic-rip: code execution via PPD
When the system is configured to use a foomatic-rip or foomatic-rip-hplip print filter, a local attacker (or remote attacker via CUPS) can print a document, in order to execute code with privileges of the lp user...
WebSphere AS: denial of service via SIP UTF-8
An attacker can send a malformed UTF-8 character during a SIP session, in order to block the SIP service of WebSphere Application Server...
Sybase ASE: two vulnerabilities of Open Server
A remote attacker can use two vulnerabilities of Open Server, in order to execute code in Sybase Adaptive Server Enterprise...
Linux kernel: denial of service via GRO frag0
When GRO is enabled, an attacker can send numerous packets, in order to stop the system...
Wireshark: infinite loop via IKE
An attacker can send a special IKE packet, in order to create an infinite loop in Wireshark...
HP SiteScope: two vulnerabilities
An attacker can use two vulnerabilities of HP SiteScope, in order to create a Cross Site Scripting, or to access to a session...
HP Data Protector: denial of service via MMD
A remote attacker can create a denial of service in the Media Management Daemon of HP Data Protector...
TYPO3: several vulnerabilities
Several vulnerabilities of TYPO3 can be used by an attacker to obtain information, to elevate his privileges, or to create a denial of service...
Citrix XenApp, XenDesktop: code execution via XML Service
An attacker can send a malicious query to Citrix XML Service, in order to execute code...
KDE Ark: file deletion via ZIP
An attacker can invite the victim to open a malicious ZIP archive with KDE Ark, in order to display or to remove a file of the local system...
Samba: two vulnerabilities of SWAT
An attacker can use two vulnerabilities of Samba Web Administration Tool, in order to create a Cross Site Request Forgery and a Cross Site Scripting...
ClamAV: denial of service via cli_hm_scan
An attacker can send an email containing a malicious attachment, in order to generate an error in the cli_hm_scan() function, which stops ClamAV...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 310 311 312 313 314 315 316 317 318 320 322 323 324 325 326 327 328 329 330 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1020