The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Zope: several vulnerabilities
Several vulnerabilities of Zope were announced...
ArcGIS Web Server: SQL injection
An attacker can use the REST interface of the ArcGIS web server, to inject SQL commands, in order to read or alter data...
Linux kernel: denial of service via memory_hotplug
A local attacker can deplete the memory, in order to force the kernel to dereference a NULL pointer, which stops it...
CUPS: file access via PageLog
A local attacker, who is member of the lpadmin group, can change the CUPS log filename, in order to read or write in a file, with privileges of the daemon...
Joomla: clickjacking
An attacker can use a "clickjacking" attack against a Joomla service, in order to force visitors to perform actions on the site...
IPv6: incorrect implementation of Fragment Overlap
Some IPv6 implementations do not abide by the RFC 5722, so an attacker can fingerprint the system, or bypass an IDS...
VMware Player, Workstation: three vulnerabilities
A local attacker can use three vulnerabilities of VMware Player and VMware Workstation, in order to execute code, or to elevate his privileges...
TYPO3: four vulnerabilities
An attacker can use four vulnerabilities of TYPO3, in order to obtain/alter information, or to create a Cross Site Scripting...
IcedTea-Web: overflow of one byte
An attacker can generate an overflow of one byte in the IcedTea-Web plugin, in order to stop the web browser, and possibly to execute code...
QuickTime: several vulnerabilities
Several QuickTime vulnerabilities can lead to code execution...
Cisco Secure Access Control System: bypassing TACACS+ authentication
When Cisco Secure Access Control System is configured with a TACACS+ authentication based on data stored in a LDAP directory, an attacker can bypass the authentication, in order to log in as a valid user...
Linux kernel: denial of service via XSAVE
An attacker, who is located in a qemu+KVM guest system, and on a host system using a processor without xsave/xrstor, can stop the host system...
Adobe Flash Player: multiple vulnerabilities
Several Adobe Flash Player vulnerabilities can be used by an attacker to execute code or to create a denial of service...
Opera: seven vulnerabilities
An attacker can invite the victim to display a malicious site with Opera, in order to obtain information, or to execute code...
BIG-IP: Cross Site Scripting via Traffic Overview
An attacker can generate a Cross Site Scripting in the Traffic Overview page of BIG-IP...
Symantec Endpoint Protection: memory corruption via CAB
When Symantec Endpoint Protection analyzes a malformed CAB file, a memory corruption occurs, and can lead to code execution on victim's computer...
Apache Tomcat: bypassing the DIGEST authentication
When Apache Tomcat uses an HTTP DIGEST authentication, an attacker can replay a previously captured session, and thus access to protected resources...
Apache Tomcat: denial of service via headers
An attacker can send an HTTP query with large headers, in order to stop the HTTP NIO service of Apache Tomcat...
Sophos Antivirus: several vulnerabilities
An attacker can create a malicious VB6/CAB/RAR/PDF file which corrupts the Sophos Antivirus memory, in order to execute code on victim's computer...
Webmin: Cross Site Scripting via Real Name
An attacker can generate a Cross Site Scripting in the user information form of Webmin, in order to execute JavaScript code in the context of the web site...
FortiGate: man-in-the-middle attack
When the administrator did not change the default certification authority for SSL/TLS inspection of FortiGate, an attacker can create a fake server/proxy and intercept user's data...
LibTIFF ppm2tiff: buffer overflow via TIFFScanlineSize
An attacker can invite the victim to open a malicious PPM/PGM/PBM image with LibTIFF ppm2tiff, in order to create a denial of service or to execute code...
LibreOffice: denials of service
An attacker can create a malicious ODT/ODG/WMF/XLS document, and invite the victim to open it with LibreOffice, in order to stop it...
HP Performance Insight: vulnerabilities of Sybase
When HP Performance Insight uses a Sybase database, an attacker can create a denial of service, delete data, and possibly read/alter data...
Cisco Prime Data Center Network Manager: code execution
An attacker can connect to the RMI service of Cisco Prime Data Center Network Manager, in order to execute code with System/root privileges...
Cisco Unified MeetingPlace Web Conferencing: buffer overflow
An attacker can generate a buffer overflow in Cisco Unified MeetingPlace Web Conferencing, in order to execute code...
Linux kernel: denial of service via TCP Illinois
When the TCP Illinois congestion control algorithm is enabled, an attacker can monitor TCP statistics, in order to generate a division by zero, which stops the system...
Konqueror: four vulnerabilities
An attacker can create a malicious web page, in order to generate several errors in Konqueror, leading to a denial of service, to memory reading, or possibly to code execution...
TYPO3: vulnerabilities of Formhandler
An attacker can use two vulnerabilities of the Formhandler extension of TYPO3, in order to inject SQL code, or to generate a Cross Site Scripting...
Citrix XenServer: privilege elevation via VNC and VT100
An authenticated attacker can connect to a VT100 terminal via VNC, in order to corrupt the Citrix XenServer memory, to execute code in the dom0 domain...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 351 352 353 354 355 356 357 358 359 361 363 364 365 366 367 368 369 370 371 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1069