The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
TYPO3: vulnerabilities of extensions
An attacker can use several vulnerabilities of TYPO3 extensions in order to execute code, to generate a Cross Site Scripting or to inject SQL code...
Squid: buffer overflow of gopherToHTML
An attacker can return a malicious Gopher reply, in order to create a buffer overflow in the gopherToHTML() function...
HP SiteScope: two vulnerabilities
An attacker can use two vulnerabilities of HP SiteScope, in order to read a file or to create a user...
Squid: truncation of DES password
Passwords longer than eight characters hashed by the DES algorithm are truncated, without warning the user...
Evolution: send file via mailto and attach
An attacker can invite the victim to click on a special mailto link, and then to send the mail with Evolution, in order to automatically include a file as an attachment of the mail...
HP-UX: code execution via VEA
A remote attacker can create a denial of service or execute code in Veritas Enterprise Administrator...
TYPO3: vulnerabilities of extensions
An attacker can use two vulnerabilities of TYPO3 extensions in order to inject SQL code...
phpMyAdmin: Cross Site Scripting of tbl_tracking.php
An attacker can create a Cross Site Scripting in the table tracking feature of phpMyAdmin, in order to execute JavaScript code in the victim's web browser...
WebSphere AS: file reading via the administration console
An attacker can use the help servlet of the administration console of WebSphere Application Server, in order to read a file...
Cisco Unified Communications Manager: five denial of service
A remote attacker can use five vulnerabilities of Cisco Unified Communications Manager, in order to create a denial of service...
Cisco Unified Communications Manager: reading the database
A remote attacker can connect to the web service of Cisco Unified Communications Manager, in order to read the content of its database...
F-Secure Anti-Virus: code execution via fsresh.dll
An attacker can invite the victim to display a malicious HTML document calling the F-Secure Gadget Resource Handler ActiveX, in order to execute code on his computer...
Linux kernel: memory corruption of CIFSFindNext
An attacker owning a malicious CIFS/SMB server can send a special reply to the CIFS client of the Linux kernel, in order to corrupt its memory...
Cisco IOS: denial of service via DLSw
An attacker can send a sequence of malformed DLSw packets, in order to stop Cisco IOS...
Cisco IOS 12.2(58)SE, Cisco IE 3000 Switch: denial of service via banner and SSH2
When the version 12.2(58)SE of Cisco IOS is installed on a Cisco IE 3000 Switch, an attacker can use two SSH2 session, in order to reload it...
Apache httpd: denial of service via Range or Request-Range
An attacker can use several parallel queries using Range or Request-Range, in order to progressively use the available memory...
ecryptfs-utils: file corruption via mount.ecryptfs_private
When mount.ecryptfs_private is used, a local attacker can alter the /etc/mtab file...
PHP: generation of weak hash with crypt
The crypt() function of PHP version 5.3.7 generates a MD5 hash containing only the salt, so an attacker can access to a service using this hash without knowing the password...
Linux kernel: prediction of IPv4 fragments and TCP sequences
An attacker could predict identifiers used in IPv4 fragments, and TCP sequence numbers, in order to create a denial of service or to inject data...
CUPS: infinite loop via GIF
An attacker can print a malicious GIF image with CUPS, in order to create an infinite loop...
stunnel: memory corruption
A remote attacker can create a memory corruption in stunnel, in order to create a denial of service and possibly to execute code...
libqt4: two overflows
An attacker can generate two overflows in libqt4, in order to create a denial of service, or to execute code...
Perl: overflow of one byte of Encode
An attacker can use data larger than 8Mb, in order to generate an overflow of one byte in the Perl Encode module, which possibly leads to a denial of service or to code execution...
Linux kernel: denial of service via Be File System
A local attacker who is allowed to mounts a BeFS file system can stop the kernel...
crypt_blowfish: hash collision
When the user has a password containing 8 bit characters, the Blowfish hashing algorithm of crypt() generates an invalid hash, which is potentially faster to find with a brute force...
PHP: several vulnerabilities
An attacker can generate several vulnerabilities in PHP, in order to create a denial of service, and possibly to execute code...
Linux kernel: privilege elevation via perf
A local attacker can invite the administrator to execute the perf command provided with the Linux kernel, in a directory where he stored a malicious configuration file, in order to elevate his privileges...
OTRS: file reading via AdminPackageManager
An OTRS administrator, with no shell access to the system, can use the AdminPackageManager module, in order to read a file...
Windows 7: denial of service of RPC via DHCPv6
An attacker can send a malformed DHCPv6 reply, in order to stop the RPC service of Windows 7...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 312 313 314 315 316 317 318 319 320 322 324 325 326 327 328 329 330 331 332 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1020