The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
SeaMonkey: several vulnerabilities
Several vulnerabilities of SeaMonkey can be used by an attacker to execute code on victim's computer...
Thunderbird 3: several vulnerabilities
Several vulnerabilities of Thunderbird can be used by an attacker to execute code on victim's computer...
Thunderbird 5: several vulnerabilities
Several vulnerabilities of Thunderbird can be used by an attacker to execute code on victim's computer...
Firefox 3: several vulnerabilities
Several vulnerabilities of Firefox can be used by an attacker to execute code on victim's computer...
Firefox 4, 5: several vulnerabilities
Several vulnerabilities of Firefox can be used by an attacker to execute code on victim's computer...
Linux kernel: denial of service via PERF_COUNT_SW_CPU_CLOCK
A local attacker can use the performance measurement interface, in order to stop the system...
Apache Commons Daemon: privilege elevation via jsvc
When Apache Commons Daemon is installed on Linux and compiled with libcap, capabilities are not lost, so an application can access to files with root privileges...
Apache Tomcat: reading XML file
A malicious web application can change the XML parser, and thus access to the web.xml/context.xml file of another application...
Firefox, IE, Opera: altering HTTPS Cookies
An attacker can set up a Man in the Middle, in order to alter a cookie, even if it was set in an HTTPS session with the "secure" attribute...
QtNX: reading SSH key
A local attacker can read SSH session keys used by QtNX...
CUPS, GIMP: memory corruption via GIF LZW
An attacker can create a malicious GIF image, in order to execute code when it is uncompressed...
libXfont: memory corruption via LZW
An attacker can create a malicious character font compressed with LZW, in order to execute code in applications linked to libXfont which open this compressed file...
Symantec Endpoint Protection Manager: two vulnerabilities of the web console
An attacker can create a Cross Site Scripting and a Cross Site Request Forgery in the web console of Symantec Endpoint Protection Manager...
SAP: several vulnerabilities
Several vulnerabilities were announced in SAP products...
ISC DHCP: denials of service
An attacker can send two malicious packets to an ISC DHCP server, in order to stop it...
ecryptfs-utils: seven vulnerabilities
A local attacker can use eCryptfs, in order to read files, to alter them, or to create a denial of service...
FFmpeg: code execution via Matroska and CAVS
An attacker can create a malicious video, and invite the victim to display it with an application linked to FFmpeg libavcodec/libavformat, in order to execute code on his computer...
HP webOS: JavaScript injection via Calendar
An attacker can invite the victim to use the Calendar application of HP webOS, in order to execute JavaScript code...
Windows 2003, 2008: denial of service of DNS
An attacker can send a special query to the DNS service of Windows, related to a domain that does not exist, in order to stop it...
Adobe Flash Player: several vulnerabilities
Several Adobe Flash Player vulnerabilities can be used by an attacker to execute code or to create a denial of service...
Adobe Shockwave Player: several vulnerabilities
Several Adobe Shockwave Player vulnerabilities can be used by an attacker to execute code or to create a denial of service...
IE: vulnerabilities of several ActiveX
Several ActiveX can be used by a remote attacker to generate a denial of service or to execute code...
Microsoft .NET: access to a network socket
An attacker can invite the victim to visit a malicious XBAP site, or to accept a malicious ASP.NET application, in order to access to a network socket of the computer...
Windows: denial of service via Metadata
An attacker can invite the victim to browse a network share containing a malicious file, in order to stop his system...
Microsoft Visual Studio 2005: Cross Site Scripting of Report Viewer
When a web site uses the Report Viewer control, an attacker can create a Cross Site Scripting, in order to execute JavaScript code in the web browser of site visitors...
Microsoft .NET, ASP.NET: file reading via Chart
When a web site uses a Chart control, an attacker can use a special url, in order to read files from the site...
Windows XP, 2003: denial of service via RDP
An attacker can send a sequence of malicious packets to a Remote Desktop Protocol service, in order to reload the system...
Windows: denial of service via ICMP or Url QoS
A remote attacker can create two denials of service in the Windows TCP/IP stack...
Windows: privilege elevation via CSRSS
A local attacker can send a message to the CSRSS subsystem, in order to execute code with kernel privileges...
Windows XP, 2003: privilege elevation via NDISTAPI.sys
A local attacker can send malicious data to the NDISTAPI.sys driver, in order to execute code with system privileges...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 311 312 313 314 315 316 317 318 319 321 323 324 325 326 327 328 329 330 331 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1047