The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Windows: rejecting RSA keys of less than 1024 bits
Microsoft offers a patch for Windows, in order to reject RSA keys of less than 1024 bits, which are seen as too weak...
Adobe Flash Player: memory corruption via Font
An attacker can invite the victim to display a web page with Adobe Flash Player, in order to corrupt the memory, which stops the web browser, or leads to code execution...
Adobe Shockwave Player: several vulnerabilities
Several Adobe Shockwave Player vulnerabilities can be used by an attacker to execute code or to create a denial of service...
Adobe Reader, Acrobat: several vulnerabilities
Several Adobe Reader/Acrobat vulnerabilities can be used by an attacker to execute code or to create a denial of service...
Microsoft Visio: code execution via DXF
An attacker can invite the victim to open a malicious DXF document with Microsoft Visio 2010, in order to execute code on his computer...
Microsoft Office: code execution via CGM
An attacker can invite the victim to open a document containing a malicious CGM image with Microsoft Office, in order to create a denial of service or execute code on his computer...
Windows x64: integer overflow of JScript and VBScript
An attacker can invite the victim to open a page containing malicious JavaScript/VBScript code, generating an integer overflow on x64 processors, and leading to code execution...
Windows: privilege elevation via win32k.sys
A local attacker can use a vulnerability of the win32k.sys kernel driver, in order to execute code with system privileges...
Office, SQL Server, HIS, Visual Basic: code execution via MSCOMCTL.OCX
An attacker can invite the victim to browse a web page loading the MSCOMCTL.OCX ActiveX, in order to execute code on his computer...
Windows: vulnerabilities of network
An attacker can use several vulnerabilities of networking services of Windows, in order to create a denial of service or to execute code...
Windows XP: code execution via RDP
When RDP is enabled on the system, an unauthenticated remote attacker can send malicious RDP packets, in order to corrupt the memory, which leads to code execution...
Internet Explorer: multiple vulnerabilities
An attacker can invite the victim to display a malicious site with Internet Explorer, in order to execute code on his computer...
SAP: vulnerability 1663732
An unknown vulnerability was announced in SAP products...
IBM WebSphere MQ: three vulnerabilities
An attacker can use three vulnerabilities of IBM WebSphere MQ, in order to create a denial of service...
IBM DB2: reading XML via GET_WRAP_CFG_C
An authenticated attacker can use the GET_WRAP_CFG_C and GET_WRAP_CFG_C2 functions of DB2, in order to access to XML files...
fetchmail: denial of service via NTLM
An attacker can invite the victim to use fetchmail to connect to a server using an invalid NTLM authentication, in order to stop fetchmail...
KOffice: code execution via DOC
An attacker can invite the victim to open a malicious Word file with KOffice, in order to execute code with his privileges...
phpMyAdmin: five Cross Site Scripting
An attacker can use five Cross Site Scripting of phpMyAdmin, in order to execute JavaScript code in the context of the web site...
glibc: integer overflow of strtod
An attacker can send a large number to an application using functions of the strtod() family of the glibc, in order to generate an integer overflow, leading to a denial of service, and possibly to code execution...
Emacs: code execution via enable-local-variables
When the user configured "enable-local-variables" in mode ":safe", Emacs still executes the code of "eval" directives, without warning the user...
IBM WebSphere MQ File Transfer Edition: two vulnerabilities
Two vulnerabilities of IBM WebSphere MQ File Transfer Edition Web Gateway can be used by an attacker to access to data, or to do operations...
Xen: denial of service via HVM p2m
An attacker, who is located in a Xen HVM guest system, can arrange his memory space, in order to create a denial of service on the host system...
OTRS: Cross Site Scripting via an email
An attacker can send an email to OTRS, in order to generate a Cross Site Scripting in the Internet Explorer web browser of the victim who reads the message...
Symantec Web Gateway: SQL injection via deptUploads_data.php
An attacker can inject SQL code via spywall/includes/deptUploads_data.php, in order to read or to alter the contents of the Symantec Web Gateway database...
GNOME Keyring: non expiration of gpg cache
Authentication data stored in the GNOME Keyring gpg cache do not expire after the idle time defined by the administrator...
Oracle Database: privilege elevation via DBMS_STATS and CTXSYS
A local attacker can use DBMS_STATS and CTXSYS, in order to gain the SYSDBA privilege on Oracle Database...
TYPO3: vulnerabilities of powermail
An attacker can use several vulnerabilities of the TYPO powermail extension, in order to create a Cross Site Scripting, to execute code, or to inject SQL code...
Cisco IOS: denial of service via SSL VPN
An authenticated attacker can refresh a page of the SSL VPN service, in order to reload the Cisco IOS...
Cisco ASA: memory leak via Clientless WebVPN
An authenticated attacker can use the Clientless WebVPN, to generate a memory leak in Cisco ASA, in order to progressively create a denial of service...
Cisco ASA: denial of service via SIP Inspect
When the SIP inspection is enabled, an attacker can force Cisco ASA to allocate numerous resources, in order to create a denial of service...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 342 343 344 345 346 347 348 349 350 352 354 355 356 357 358 359 360 361 362 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1023