The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
SAP Business Objects Financial Consolidation: buffer overflow
An attacker can generate a buffer overflow in SAP Business Objects Financial Consolidation CtAppReg.dll, in order to execute code...
SAP NetWeaver: information disclosure via streaming server servlet
An attacker can obtain information via SAP NetWeaver streaming server servlet...
SAP NetWeaver RFC WSDL: Cross Site Scripting
An attacker can generate a Cross Site Scripting in SAP NetWeaver RFC WSDL...
SAP NetWeaver Mobile Infrastructure Web Console: Cross Site Scripting
An attacker can generate a Cross Site Scripting in SAP NetWeaver Mobile Infrastructure Web Console...
SAP NetWeaver BW: file reading
An attacker can use an external XML entity, in order to read a file of SAP NetWeaver BW...
SAP NetWeaver: command execution via SAPHostControl
An unauthenticated attacker can inject commands in the SAPHostControl Service via the SOAP Management Console, in order to execute commands with administrator privileges...
Ruby 1.8: modify a variable via NameError despite SAFE 4
When a Ruby 1.8 application allows an external code to be executed in SAFE 4 mode, it can use NameError, in order to modify a variable of the application...
libxslt: double memory free via xmlFreeNodeList
An attacker can use malicious XSLT data, in order to stop applications linked to libxslt, and possibly to execute code...
VMware vCenter CapacityIQ: file download
An unauthenticated attacker can traverse VMware vCenter CapacityIQ directories, in order to download a file...
VMware vCenter Operations: Cross Site Scripting
An attacker can generate a Cross Site Scripting in VMware vCenter Operations, in order to execute JavaScript code in the context of the web site...
SAP: vulnerability 1678732
An unknown vulnerability was announced in SAP products...
XnView: buffer overflow via JLS
An attacker can invite the victim to open a malicious JLS image with XnView, in order to stop it or to execute code...
Oracle Identity Management: Cross Site Scripting via Username
An attacker can generate a Cross Site Scripting in the password reminder form of Oracle Identity Management, in order to execute JavaScript code in the context of victim's web browser...
Linux kernel: memory reading via SIOCGSTAMP
A local attacker can use the SIOCGSTAMP ioctl, in order to read a kernel memory fragment, or to stop it...
HP NNMi: information disclosure
An attacker can use a vulnerability of HP Network Node Manager i, in order to obtain information...
Ruby: modify a variable despite SAFE 4
When a Ruby application allows an external code to be executed in SAFE 4 mode, it can use Exception or NameError, in order to modify a variable of the application...
Wireshark 1.8: four vulnerabilities
Several vulnerabilities of Wireshark can be used by a remote attacker to create a denial of service or to execute code...
CA ARCserve Backup, Workload Automation: two vulnerabilities of CA License
A local attacker can use two vulnerabilities of CA License, in order to elevate his privileges or to create a file, via CA ARCserve Backup or CA Workload Automation...
AIX: denial of service via fuser
A local attacker can use the fuser command, in order to kill the process of another user...
Adobe: signature of malicious software
One of the Adobe development servers, which had access to the signing infrastructure, was the target of an intrusion. An attacker then generated a signature with a valid Adobe certificate for two malicious software. The attacker can invite the victim to install these malicious software with no warning...
MySQL: access bypass via symlink
A local attacker can use a symbolic link, in order to bypass access restrictions of a MySQL table...
Cisco IOS: denial of service via NAT
When address translation is enabled in Cisco IOS, an attacker can create two denials of service...
Cisco IOS: denial of service of IPS via DNS
When the IPS is enabled on Cisco IOS, an attacker can send a malicious DNS packet, in order to reload the system...
Cisco Catalyst 4500E: denial of service via Supervisor Engine 7L-E
When a Cisco Catalyst 4500E switch has a Supervisor Engine 7L-E, an attacker can create a denial of service...
Cisco IOS: denial of service via DHCPv6
An attacker can send a malicious DHCPv6 packet, in order to reload Cisco IOS...
Cisco IOS: denial of service via DHCP
An attacker can send a malicious DHCP packet, in order to reload Cisco IOS...
Cisco IOS, Unified CM: denial of service via SIP SDP
An attacker can send a malicious SIP packet containing an SDP message, in order to create a denial of service on Cisco IOS and Cisco Unified Communications Manager...
Cisco IOS: denial of service via IP Tunneling
An attacker can send an IP tunneled packet to a Cisco 10000 Series router, in order to create a denial of service via a Queue Wedge...
Cisco IOS: denial of service via BGP
During a BGP session, an attacker can send malicious packets, in order to stop Cisco IOS...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 347 348 349 350 351 352 353 354 355 357 359 360 361 362 363 364 365 366 367 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1005