The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Firefox, Opera: detection of visited sites
An attacker can measure the loading duration of a page, in order to detect if the victim visited a web site...
MIT krb5: denial of service via process_tgs_req
An authenticated attacker can send a malformed Kerberos message to the KDC of MIT krb5, in order to stop it...
Adobe Acrobat, Reader: code execution via U3D
An attacker can create a malicious PDF document, and invite the victim to open it, in order to execute code on his computer...
Opera: five vulnerabilities
An attacker can invite the victim to display a malicious site with Opera, in order to exploit several vulnerabilities...
PHP: denial of service via exif_process_IFD_TAG
An attacker can provide a malicious JPEG image to a PHP application, in order to stop it...
Squid: denial of service via FTP
A malicious FTP server can interrupt a session, in order to stop Squid...
SAP: several vulnerabilities
Several vulnerabilities were announced in SAP products...
vsftpd: buffer overflow via TimeZone
An attacker can use a glibc vulnerability, in order to create a buffer overflow inside a chroot jail of vsftpd...
glibc: buffer overflow via __tzfile_read
A local attacker can create a malicious TimeZone file, in order to generate a buffer overflow in the glibc, leading to a denial of service or to code execution...
Perl PAR: code execution
A local attacker can alter files of a Perl archive, in order to execute code...
phpMyAdmin: three Cross Site Scripting
An attacker can use three Cross Site Scripting of phpMyAdmin, in order to execute JavaScript code in the context of the web site...
JBoss AS: two vulnerabilities of the Console
An attacker can create a Cross Site Scripting and a Cross Site Request Forgery in the administration Console of JBoss AS...
Avast: vulnerabilities
Several vulnerabilities or security problems impact the Avast antivirus...
OpenSSL: obtain the ECC secret key via BN_nist_mod_384
An attacker can use an error in the BN_nist_mod_384() function, in order to progressively guess the secret key of a TLS server using elliptic curves...
FreeBSD: code execution via ftpd or ProFTPD
When the directory of the ftp user allows FTP clients to create files, an attacker can upload a library, in order to execute code...
Perl Proc-ProcessTable: file corruption
A local attacker can create a symbolic link when a Perl program using the Proc::ProcessTable module is used, in order to alter a file...
FFmpeg: memory corruption via VMD
An attacker can create a malicious VMD document, and invite the victim to display it with an application linked to FFmpeg, in order to stop it or to execute code on his computer...
GNU gdb: code execution via .debug_gdb_scripts
When the victim debugs a program coming from an untrusted source with GNU gdb, this program can contain a ".debug_gdb_scripts" section indicating scripts to execute...
Technicolor SpeedTouch: internal port scanning via UPnP
An internet attacker can use the UPnP feature of the Technicolor SpeedTouch modem, in order to alter its configuration...
Horde: access to private tasks via Kronolith
An attacker can use the Horde Kronolith interface, in order to access to private tasks of users...
Apache httpd: access to another server via mod_proxy
An attacker can use a malicious HTTP query, when mod_proxy uses RewriteRule or ProxyPassMatch, in order to access to web resources of another server...
Linux kernel: denial of service via kvm_vm_ioctl_assign_device
A local attacker can use the KVM_ASSIGN_PCI_DEVICE ioctl, in order to stop the host system...
NetWare: buffer overflow of XNFS.NLM via RENAME, STAT or NLM_TEST
A remote attacker can send a NFS packet with a large string, in order to create an overflow in NetWare XNFS.NLM, which leads to a denial of service or to code execution...
Linux kernel: denial of service via mknod on NFSv4
A local attacker can use the mknod() system call on a NFSv4 share, in order to stop the kernel...
Windows: denial of service via Keyboard Layout
A local attacker can load a malformed Keyboard Layout, in order to stop Windows...
Linux kernel: denial of service via VLAN Priority
A network attacker can send a VLAN packet with a priority, in order to generate an error in netif_receive_skb(), which stops the kernel...
HP Operations Agent, Performance Agent: access to a directory
A local attacker can use a vulnerability of HP Operations Agent and Performance Agent on Unix, in order to access to a directory...
FFmpeg: several vulnerabilities
An attacker can create a malicious video, and invite the victim to display it with an application linked to FFmpeg, in order to stop it or to execute code on his computer...
Linux kernel: denial of service via user_update
A local attacker can update a cryptographic key, in order to stop the system...
Linux kernel: denial of service via UDP Fragmentation Offload
When the UDP Fragmentation Offload feature is enabled on a bridge, an attacker can send IPv6/UDP packets in order to stop the system...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 320 321 322 323 324 325 326 327 328 330 332 333 334 335 336 337 338 339 340 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1011