The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Cisco ASA: denial of service via CIFS UNC
An attacker can use a CIFS UNC (Universal Naming Convention) path, in order to stop Cisco ASA...
Cisco ASA: denial of service via SSH
An authenticated attacker can open several SSH sessions, in order to stop Cisco ASA...
Cisco ASA 1000V Cloud Firewall: denial of service via H.323
When the H.323 inspection for H.225 is enabled on Cisco ASA 1000V Cloud Firewall, an attacker can send a malformed packet, in order to stop the product...
Xen: denial of service via PVOPS xen_failsafe_callback
When Xen uses PVOPS, an attacker who is located in a guest system can trigger an interruption, in order to stop the kernel...
MySQL: several vulnerabilities of January 2013
Several vulnerabilities of MySQL are fixed by the CPU of January 2013...
Solaris: several vulnerabilities of January 2013
Several vulnerabilities of Solaris are fixed by the CPU of January 2013...
Oracle Outside In Technology: several vulnerabilities of January 2013
Several vulnerabilities of Oracle Outside In Technology are fixed by the CPU of January 2013...
Oracle Fusion Middleware: several vulnerabilities of January 2013
Several vulnerabilities of Oracle Fusion Middleware are fixed by the CPU of January 2013...
Oracle Database: vulnerability of January 2013
An attacker, who is authenticated on Oracle Database, can use a vulnerability of Spatial, in order to obtain information, to alter information, or to create a denial of service...
Samba: altering AD DC LDAP objects
When Samba is configured as an Active Directory Domain Controller, an authenticated attacker can alter LDAP objects...
Microsoft Lync Server: Cross Site Scripting via User-Agent
When an attacker can modify the User-Agent header sent by victim's web browser, he can trigger a Cross Site Scripting, in order to execute JavaScript code in the context of the web site of Microsoft Lync Server...
Oracle Java JRE: code execution via MethodHandle
An attacker can create a malicious applet, using MethodHandle and sun.misc.reflect.Trampoline, in order to execute arbitrary Java code...
Siemens Simatic RF Manager: buffer overflow of ActiveX
When Simatic RF Manager is installed on user's computer, an attacker can invite him to display a web page calling an ActiveX, in order to execute code on his computer...
Apache HttpClient: parameter injection with addRequestHeader
When an attacker can control the parameter of the addRequestHeader() method of Apache HttpClient, he can insert additional HTTP headers...
TYPO3: vulnerabilities of extensions
An attacker can use several vulnerabilities of TYPO3 extensions in order to generate a Cross Site Scripting or to inject code...
Oracle Java JRE: code execution via MBeanInstantiator
An attacker can create an applet using a JMX MBean, to bypass the security manager, in order to execute arbitrary Java code...
Dell OpenManage Server Administrator: Cross Site Scripting via index_main.htm
An attacker can create a Cross Site Scripting in Dell OpenManage Server Administrator, in order to execute JavaScript code in the context of the web site...
Cisco Prime LMS Virtual Appliance: code execution as root via rshd
An attacker can connect to the rsh service of Cisco Prime LMS Virtual Appliance, based on Linux, in order to execute commands as root...
Xen: denial of service via VT-d and PCI Bridge
When a PCI device is reachable from a Xen guest system, a local attacker can inject interruptions, which are transmitted to other guests, and lead to a denial of service...
Sybase ASE: several vulnerabilities
An attacker can use several vulnerabilities of Sybase ASE, in order to elevate his privileges, or to execute code...
Adobe Reader, Acrobat: several vulnerabilities
Several Adobe Reader/Acrobat vulnerabilities can be used by an attacker to execute code or to create a denial of service...
Adobe Flash Player: code execution
An attacker can invite the victim to display a malicious web page with Adobe Flash Player, in order to stop the web browser, or to execute code on victim's computer...
Microsoft .NET, IIS: denial of service via Open Data Protocol
An attacker can process data with Open Data Protocol, in order to stop a Microsoft .NET service...
Windows: data injection in SSL/TLS
An attacker, who acts as a Man-in-the-Middle, can force a SSLv3/TLS session to use SSLv2, so that it is easier to decrypt the session...
Windows: privilege elevation via win32k.sys
A local attacker can use a vulnerability of the win32k.sys kernel driver, in order to execute code with system privileges...
Microsoft .NET: four vulnerabilities
An attacker can use several vulnerabilities of Microsoft .NET, in order to elevate his privileges...
Microsoft System Center Operations Manager: two Cross Site Scripting
An attacker can use two Cross Site Scripting of Microsoft System Center Operations Manager, in order to execute JavaScript code in the context of the web site...
Windows, IE, Office, SharePoint: code execution via Microsoft XML Core Services
An attacker can invite the victim to open a malformed XML document, with an application using Microsoft XML Core Services, in order to corrupt the memory, and to execute code...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 358 359 360 361 362 363 364 365 366 368 370 371 372 373 374 375 376 377 378 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1036