The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
phpMyAdmin: backdoor in server_sync.php
One server from SourceForge.net was distributing a phpMyAdmin archive with a backdoor...
libtiff: buffer overflow via PixarLog
An attacker can invite the victim to open a malicious TIFF image with an application linked to libtiff, in order to create a denial of service or to execute code...
Thomson SpeedTouch ST780: script injection in the administration page
An attacker can setup a DNS redirect, and then invite the victim to display the help page of Thomson SpeedTouch ST780, in order to execute JavaScript code in the context of the administration web service...
IBM Informix Dynamic Server: privilege elevation via COLLATION
A local attacker can use the SET COLLATION command of IBM Informix Dynamic Server, in order to generate a buffer overflow, and to execute code with privileges of the service...
RSA Authentication Agent, Client: user access
When RSA Authentication Agent 7.1 or RSA Authentication Client 3.5 is installed on Windows XP/2003, an attacker can access to the system with only his Windows login/password...
WebSphere AS 6.1: five vulnerabilities
An attacker can use several vulnerabilities of WebSphere Application Server...
WebSphere AS 7.0: seven vulnerabilities
An attacker can use several vulnerabilities of WebSphere Application Server...
Webmin: Cross Site Scripting
An attacker can use several Cross Site Scripting of Webmin, in order to execute JavaScript code in the context of the web site...
Cisco Unity Connection: denial of service via Administration Page
An attacker can repeatedly use the administration interface of Cisco Unity Connection, in order to use all connections to the database, and thus create a denial of service...
Cisco Unity Connection: denial of service via UDP
An attacker can send malformed UDP packets to Cisco Unity Connection, in order to overload the processor...
Cisco Catalyst 6500, IOS: IPSec data in clear text
The Cisco VPN Services Port Adaptor of Catalyst 6500 can send a portion of an encrypted packet in the following packet, as a clear text...
Cisco Catalyst 6500, IOS: denial of service
An attacker can use three vulnerabilities of Cisco IOS, in order to stop the system...
Internet Explorer: multiple vulnerabilities
An attacker can invite the victim to display a malicious site with Internet Explorer, in order to execute code on his computer...
Oracle Database: brute force on authentication
A network attacker can use a brute force attack on the authentication protocol version 11 of Oracle Database, in order to login in five hours...
WebSphere MQ: denial of service on Solaris
When WebSphere MQ is installed on Solaris, an attacker can send a malicious message, which generates an exception in the Server Message Channel Agent, and stops the service...
Technicolor Thomson TWG850-4: bypassing authentication
An unauthenticated attacker can perform administration tasks on the Technicolor Thomson TWG850-4 modem...
Cisco Secure Desktop: code execution via ActiveX/Applet
When the Cisco Secure Desktop ActiveX (or the Java applet) is installed on victim's computer, an attacker can invite him to display a malicious HTML page loading this ActiveX, and executing code on his computer...
Cisco IOS: denial of service of FlexVPN
An attacker can send a malicious Spoke to Spoke traffic (or clear the IKE SA of a Spoke), in order to stop the Cisco IOS FlexVPN feature...
Cisco IOS: denial of service via MVPNv6 Update
An attacker can send a malicious MVPNv6 Update packet to Cisco IOS, in order to stop it...
Cisco IPS 4200: denial of service via Sequential Allocator
An attacker can send a malicious traffic, in order to generate an error in "Sequential Allocator", which stops Cisco IPS...
Cisco IPS 4200: denial of service via updateTime
An attacker can send a malicious traffic, in order to generate an error in "updateTime", which stops Cisco IPS...
Cisco IOS: denial of service via DMVPN
A remote attacker can use a malicious traffic, in order to stop a DMVPN tunnel...
Cisco Application Control Engine: denial of service of Load Balancer
The Cisco ACE (Application Control Engine) module for Catalyst and Routers does not correctly process Load Balancer queues, which stops it...
Cisco IOS: denial of service via SSLVPN
When a SSLVPN session is established on a PPP or ATM interface, with an outbound ACL, an attacker can stop the Cisco IOS system...
Windows Phone 7: not checking the Common Name
The Windows Phone 7 messaging client does not check the Common Name field of the X.509 certificate sent by the server, so an attacker can use a man-in-the-middle without being detected...
Windows, IE: code execution via IMG and execCommand
An attacker can invite the victim to display an HTML document containing an image and using the execCommand() method, in order to use a freed memory area, which leads to code execution...
SSL, TLS: obtaining HTTP Cookies via Deflate, CRIME
An attacker, who can control HTTPS connections of victim's web browser, can use several SSL sessions compressed with Deflate in order to compute HTTP headers, such as cookies...
Trend Micro InterScan Messaging Security Suite: two vulnerabilities
An attacker can generate a Cross Site Scripting and a Cross Site Request Forgery in Trend Micro InterScan Messaging Security Suite, in order to execute actions with privileges of the authenticated user...
Joomla: two Cross Site Scripting
An attacker can generate two Cross Site Scripting in Joomla, in order to execute JavaScript code in the context of the web site...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 346 347 348 349 350 351 352 353 354 356 358 359 360 361 362 363 364 365 366 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1011