The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Opera: five vulnerabilities
An attacker can invite the victim to display a malicious site with Opera, in order to deceive the victim, to obtain information, or to execute actions...
ESRI ArcGIS: macro execution via MXD
An attacker can invite the victim to open a malicious MXD file with ArcGIS, in order to execute a Visual Basic macro on his computer...
VMware: denial of service via Remote Device
An attacker can alter data sent by a Remote Device, in order to create a denial of service in VMware products...
VMware: memory corruption via Checkpoint
An attacker, who is allowed to load a Checkpoint file, can corrupt the memory of VMware products, in order to execute code on the host system...
SPIP: two Cross Site Scripting
An attacker can generate two Cross Site Scripting in SPIP, in order to execute JavaScript code in the context of the web browser of visitors...
Windows, IE, Office: code execution via Microsoft XML Core Services
An attacker can invite the victim to open a malformed XML document, with an application using Microsoft XML Core Services, in order to corrupt the memory, and to execute code...
Java JRE/JDK: several vulnerabilities
Several vulnerabilities of Java JRE/JDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code...
Windows: privilege elevation via BIOS
A local attacker can use two vulnerabilities of the kernel, in order to execute code with system privileges...
Windows: privilege elevation via win32k.sys
A local attacker can use five vulnerabilities of the kernel driver, in order to execute code with system privileges...
Microsoft Lync, Communicator: code execution
An attacker can use four vulnerabilities of Microsoft Lync, in order to execute code...
Microsoft .NET: code execution via a function pointer
An attacker can invite the victim to display a malicious web site or to install a malicious ASP.NET application, in order to execute code on his computer...
Internet Explorer: multiple vulnerabilities
An attacker can invite the victim to display a malicious site with Internet Explorer, in order to execute code on his computer...
Windows: code execution via RDP
When RDP is enabled on the system, a remote attacker can send malicious RDP packets, in order to corrupt the memory, which leads to code execution...
Citrix XenServer: connection to the console
In some cases, connections to virtual machine consoles, done through XAPI or XenCenter, are established to another virtual machine...
Xen, Citrix XenServer: denial of service via AMD
An attacker in a guest ParaVirtualized 64 bit system can use a vulnerability of some AMD processors, in order to stop the host system...
Xen, Citrix XenServer: denial of service via GPF
An attacker in a ParaVirtualized guest system can use the SYSENTER/SYSCALL instruction, in order to force the host to send a General Protection Fault to the guest...
Xen, Citrix XenServer, BSD, Windows: privilege elevation in PV 64 bit Intel
An administrator in a guest ParaVirtualized 64 bit system can use the SYSRET instruction with an invalid RIP, in order to execute code on the host system with a 64 bit Intel processor...
SAP Portal: file reading
An attacker can use "com.sap.portal.support.browse.default", in order to read a file of SAP Portal...
libguestfs: permission change via virt-edit
When the administrator uses virt-edit, permissions of the edited file are changed to 0644...
libvirt: attachment of invalid USB device
In some cases, the libvirt library attaches an USB device to another guest system, so an attacker can read or change its data...
Microsoft IIS: access bypass via INDEX_ALLOCATION
An attacker can use the NTFS $INDEX_ALLOCATION attribute, in order to bypass access rules of directories protected by Microsoft IIS...
Check Point Endpoint Connect: command execution via DLL Preload
An attacker can create a malicious DLL and invite the victim to open Check Point Endpoint Connect in the same directory, in order to execute code...
IBM Eclipse Help System: Cross Site Scripting via iehs.war
An attacker can use iehs.war to generate a Cross Site Scripting in several IBM products, in order to execute JavaScript code in the context of the victim's web browser...
Squid: obtaining users' passwords
An attacker can create a malicious web site, and invite a Squid user to connect to this site, in order to obtain his basic authentication data...
Adobe Flash Player: multiple vulnerabilities
Several Adobe Flash Player vulnerabilities can be used by an attacker to execute code or to create a denial of service...
TYPO3: vulnerabilities of extensions
An attacker can use several vulnerabilities of TYPO3 extensions in order to generate a Cross Site Scripting or to inject SQL code...
NSS: denial of service via DER
An attacker can send ASN.1 items encoded as DER with a zero length, in order to stop applications linked to the NSS library...
F5 BIG-IP: root access via SSH
A remote attacker can connect to the SSH service of F5 BIG-IP, and open a session as root...
nginx: reading file or directory
When nginx is installed on Windows, an attacker can use a special query, in order to read the content of a file or a directory...
OpenLDAP: TLSCipherSuite ignored with NSS
When OpenLDAP uses NSS to manage SSL sessions, the TLSCipherSuite configuration directive is ignored, so an attacker can attack a weak encryption algorithm...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 337 338 339 340 341 342 343 344 345 347 349 350 351 352 353 354 355 356 357 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1022