The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Linux kernel: buffer overflow via hfs_mac2asc
A local attacker, who is allowed to mount an HFS filesystem, can generate an overflow, in order to create a denial of service or to execute privileged code...
Linux kernel: denial of service via pktgen
A privileged local attacker can use pktgen on a bridge over a VLAN, in order to stop the kernel...
VMware vCenter Update Manager: file reading via Jetty
An attacker can traverse the public directory of Jetty Web Server, in order to access to files from VMware vCenter Update Manager...
SPIP: three vulnerabilities
An attacker can use three vulnerabilities of SPIP, in order to elevate his privileges, to obtain information, or to create a Cross Site Scripting...
CA Directory: denial of service via SNMP
An attacker can send a malicious SNMP packer to CA Directory, in order to stop it, or to create a denial of service on products depending on it...
WebSphere MQ: executing control commands
When WebSphere MQ is installed on OpenVMS, an attacker can be allowed to execute two control commands...
HP-UX: privilege elevation via SAM
A local attacker can use a vulnerability of HP-UX System Administration Manager, in order to elevate his privileges...
BIND 9: denial of service via recursion
An attacker can use a malicious query on a recursive BIND DNS server, with an invalid value in its cache, in order to stop it...
Apache httpd: access to another server via mod_proxy
An attacker can use a malicious HTTP query, when mod_proxy uses RewriteRule or ProxyPassMatch, in order to access to web resources of another server...
FreeType: integer overflow via CID-keyed
An attacker can invite the victim to open a malicious PostScript font with an application linked to FreeType, in order to create an integer overflow, leading to code execution...
Windows: bypassing AppLocker
A local attacker can use two Windows methods, in order to bypass AppLocker rules...
FreeBSD, NetBSD, OpenBSD: weakness of DES crypt
Passwords hashed by the crypt() function, with the DES algorithm, and using a non alphanumeric salt, use a salt partially predictable, so an attacker can optimize a brute force attack...
Joomla: two vulnerabilities
An attacker can use two Joomla vulnerabilities, in order to change a password or to create a Cross Site Scripting...
Dotclear: access to spam comment feed
An attacker can access to the RSS feed of comments of type spam of Dotclear...
Linux kernel: denial of service via NFSv4 ACL
A malicious NFS server can stop Linux clients which mount a NFSv4 partition with ACL...
Linux kernel: denial of service via JDB/JDB2
A local attacker, who is allowed to mount a malicious ext3/ext4 partition, can create an assertion error in JDB/JDB2, in order to stop the kernel...
Adobe Flash Player: several vulnerabilities
Several Adobe Flash Player vulnerabilities can be used by an attacker to execute code or to create a denial of service...
AIX: denial of service via WPAR
A local attacker can use WPAR system calls, in order to stop AIX...
HP NNMi: two Cross Site Scripting
An attacker can create two Cross Site Scripting in HP Network Node Manager i...
ProFTPD: file deletion via RNFR
When a FTP site uses the Limit WRITE directive of ProFTPD to forbid file alteration, an attacker can still remove them...
ProFTPD: memory corruption via pr_cmd_dispatch_phase
An anonymous attacker can create an error in the pr_cmd_dispatch_phase() function, in order to corrupt the memory, which leads to code execution...
SSL: revocation of DigiCert Malaysia
The DigiCert Malaysia intermediary certificate authority was revoked...
Citrix Presentation Server Client: several vulnerabilities
Several vulnerabilities were announced in Citrix Presentation Server...
eEye Retina: code execution via Audit ID 2499
An attacker can create a malicious file in /usr/local, in order to execute code when eEye Retina uses the script Audit ID 2499...
OpenPAM: privilege elevation via KCheckPass
A local attacker can use KCheckPass to transmit special information to OpenPAM, in order to gain root privileges...
GnuTLS: denial of service of the client via gnutls_session_get_data
When a TLS client is linked to GnuTLS, and uses the gnutls_session_get_data() function with a short buffer, a malicious server can stop the client, and can possibly execute code...
Apache Tomcat: privilege elevation via Manager
A malicious web application hosted on Apache Tomcat can access to the Manager application, in order to obtain information on installed applications, or to deploy new web applications...
Thunderbird 5, 6, 7: several vulnerabilities
Several vulnerabilities of Thunderbird can be used by an attacker to execute code on victim's computer...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 319 320 321 322 323 324 325 326 327 329 331 332 333 334 335 336 337 338 339 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1022