The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Asterisk: two denial of service
An attacker can use two vulnerabilities of Asterisk, in order to consume resources, leading to a denial of service...
Cisco Unified IP Phone 7900: privilege elevation via System Call
An attacker, who is allowed to connect to a Cisco Unified IP Phone 7900 device, can run a malicious program, in order to elevate his privileges...
RuggedCom ROS: two vulnerabilities
An attacker can use two vulnerabilities of RuggedCom ROS, in order to gain administrator's privileges...
IBM SPSS Modeler: file reading via an XML entity
An attacker can transmit malicious XML data to the IBM SPSS Modeler, in order to force it to include a file, which can then be returned to the attacker...
GnuPG: database corruption via a public key
An attacker can create a malformed public key, and can invite a GnuPG user to import it, in order to stop the application, or to corrupt the keyring database...
QEMU: buffer overflow via e1000
An attacker can send Jumbo Ethernet frames to a guest QEMU system with an e1000 device, in order to generate a buffer overflow, leading to a denial of service and possibly to code execution...
TYPO3: Cross Site Scripting via commerce
A TYPO3 editor can use the "commerce" extension, in order to trigger a Cross Site Scripting to execute JavaScript code in the web browser of web site visitors...
IE 6, 7, 8: code execution via CDwnBindInfo
An attacker can invite the victim to display an HTML document containing JavaScript code changing a button, in order to execute code on his computer via Internet Explorer 6, 7 and 8...
Apache Tomcat: denial of service Slowloris
An attacker can exhaust the maximum number of allowed clients on an Apache Tomcat server, in its default configuration...
FreeType: several vulnerabilities
An attacker can invite the victim to display a document using a malicious font with an application linked to FreeType, in order to stop the application, or to execute code on his computer...
GNU grep: memory corruption via a long line
An attacker can create a document containing a long line, and then invite the victim to call GNU grep on this file, in order to corrupt the memory, which leads to code execution...
SPDY: obtaining HTTP Cookies via Deflate, CRIME
An attacker, who can control SPDY connections of victim's web browser, can use several sessions compressed with Deflate in order to compute HTTP headers, such as cookies...
Siemens SIMATIC S7-1200: denial of service via ISO-TSAP
An attacker can send a malicious packet to the ISO-TSAP port, in order to stop Siemens SIMATIC S7-1200...
Siemens SIMATIC S7-1200: denial of service via SNMP
An attacker can send a malicious packet to the SNMP port, in order to stop Siemens SIMATIC S7-1200...
SAP: vulnerability 1771204
An unknown vulnerability was announced in SAP products...
SAP: vulnerability 1774903
An unknown vulnerability was announced in SAP products...
SAP: vulnerability 1772498
An unknown vulnerability was announced in SAP products...
SAP ERP Central Component: code execution via Project System
A network attacker can call the RFC CJDB_FILL_MEMORY_FROM_PPB function of SAP ERP Central Component Project System, in order to inject code...
SAP: vulnerability 1714607
An unknown vulnerability was announced in SAP products...
SAP: vulnerability 1773758
An unknown vulnerability was announced in SAP products...
SAP: vulnerability 1769099
An unknown vulnerability was announced in SAP products...
SAP: vulnerability 1771020
An unknown vulnerability was announced in SAP products...
IBM DB2 10.1: vulnerabilities
An attacker can use several vulnerabilities of IBM DB2, in order to create a denial of service or to elevate his privileges...
EMC Avamar: file corruption via Backup client for Linux
When EMC Avamar Backup client for Linux is used, permissions on the cache directory allows a local attacker to corrupt a file with root privileges...
Arkoon FAST360: vulnerability of akserver
An attacker can use a vulnerability of the AUTH module of akserver...
VMware vCenter Server Appliance: uncontroled file access
An attacker can use two vulnerabilities of vCenter, in order to fetch arbitrary selected file from the server...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 356 357 358 359 360 361 362 363 364 366 368 369 370 371 372 373 374 375 376 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1035