The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Windows: code execution via MSCOMCTL.OCX
An attacker can invite the victim to browse a web page loading the MSCOMCTL.OCX ActiveX, in order to execute code on his computer...
Microsoft Forefront Unified Access Gateway: two vulnerabilities
An attacker can use two vulnerabilities of Microsoft Forefront Unified Access Gateway, in order to obtain information...
Microsoft .NET: code execution
An attacker can invite the victim to display a malicious web site or to install a malicious ASP.NET application, in order to execute code on his computer...
Windows: bypassing WinVerifyTrust
An attacker can alter a program signed by a trust authority, in order to inject malicious code, without changing the signature...
Internet Explorer: multiple vulnerabilities
An attacker can invite the victim to display a malicious site with Internet Explorer, in order to execute code on his computer...
SAP: several vulnerabilities of April 2012
Several vulnerabilities were announced in SAP products...
Linux kernel: denials of service via ext4_fill_flex_info
An attacker can create a malicious ext4 filesystem and then mount it, in order to stop the kernel...
ImageMagick: four vulnerabilities
An attacker can invite the victim to open a malicious image with ImageMagick, in order to stop the application or possibly to execute code...
libtiff: integer overflow via tile/strip
An attacker can invite the victim to open a malicious TIFF image, in order to create a denial of service or to execute code in applications linked to libtiff...
HP Business Availability Center: Cross Site Scripting
An attacker can generate a Cross Site Scripting in HP Business Availability Center, in order to execute JavaScript code in the context of the web site...
Joomla 2.5: two vulnerabilities
An attacker can use two vulnerabilities of Joomla, in order to obtain information or to generate a Cross Site Scripting...
HP-UX: code execution via DCE
A network attacker can send a malicious query to a DCE service, in order to stop it or to execute code...
ArcGIS: code execution via TeeChart Professional
An attacker can create a web page calling the TeeChart Professional ActiveX, which is installed by ArcGIS products, in order to execute code on computers of victims loading this page with Internet Explorer...
LibreOffice, OpenOffice: integer overflow via JPEG
An attacker can invite the victim to open a document containing a malicious JPEG image with LibreOffice/OpenOffice, in order to execute code on his computer...
libpng: memory corruption via png_set_text_2
An attacker can invite the victim to open a malicious PNG image with an application linked to libpng, in order to corrupt the memory, leading to code execution...
Tivoli Directory Server: Cross Site Scripting via Web Admin Tool
An attacker can generate a Cross Site Scripting in the Web Admin Tool of Tivoli Directory Server...
Linux kernel: denial of service via kvm_apic_accept_pic_intr
A local attacker can invert the creation of KVM devices, in order to force the kernel to dereference a NULL pointer, which stops it...
VMware ESX, ESXi: privilege elevation via Virtual DOS Machine
On a Windows guest system, a local attacker can alter the memory of the Virtual DOS Machine, in order to elevate his privileges...
phpMyAdmin: path disclosure via show_config_errors.php
An attacker can call the show_config_errors.php script of phpMyAdmin, in order to generate an error displaying the installation access path...
Cisco IOS: memory free of Zone-Based Firewall
An attacker can use four memory leaks of the Zone-Based Firewall feature, in order to create a denial of service...
Cisco IOS: denial of service via Reverse SSH
An remote unauthenticated attacker can use the Reverse SSH feature, in order to restart Cisco IOS...
Cisco IOS: denial of service via Smart Install
A remote attacker can send a malformed Smart Install message, in order to restart Cisco IOS...
Cisco IOS: denial of service via RSVP
In a special configuration of Cisco IOS, an attacker can send RSVP packets, in order to fill the reception queue of the interface...
Cisco IOS: command execution via HTTP
An attacker, who is authenticated on the HTTP/HTTPS server of Cisco IOS, can execute commands with no authorization...
Cisco IOS: denial of service via SIP NAT
An attacker can send SIP packets which are translated by Cisco IOS, in order to generate a memory leak, leading to a denial of service...
Cisco IOS: denial of service via MSDP
An attacker can send a malicious MSDP packet to the Cisco IOS router, in order to reload it...
Cisco IOS: denial of service via WAAS or MACE
When WAAS Express or MACE is enabled on Cisco IOS, an attacker can reload the system...
Cisco IOS: denial of service via IKE
An attacker can send a malicious IKE packet to Cisco IOS, in order to reload the system...
Adobe Flash Player: four vulnerabilities
Four vulnerabilities of Adobe Flash Player can be used by an attacker to execute code...
Joomla 1.5: two vulnerabilities
An attacker can use two vulnerabilities of Joomla, in order to obtain information or to change a user's password...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 331 332 333 334 335 336 337 338 339 341 343 344 345 346 347 348 349 350 351 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1023