The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Cisco IOS, Catalyst: denial of service via HTTP
When the HTTP server is enabled on Cisco Catalyst/IOS, an attacker can send a special sequence of TCP packets to ports 80/443, in order to stop the switch...
Oracle JRE, JDK, JavaFX: several vulnerabilities
Several vulnerabilities of Oracle JRE, JDK and JavaFX can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code...
IBM TSM: file access via Client Web GUI
An attacker can use a vulnerability of IBM TSM Client Web GUI, in order to access to server files...
IBM TSM: denial of service of Client Scheduler
When IBM TSM Client Scheduler is configured in mode "SCHEDMODE=PROMPTED", a remote attacker can disable it...
Squid: memory leaks in cachemgr.cgi
An attacker can send inconsistent requests to cachemgr.cgi, in order to make it allocate too much memory and eventually halt...
HP NNMi: Cross Site Scripting
An attacker can trigger a Cross Site Scripting on the web server of HP Network Node Manager i, in order to execute JavaScript code in the context of the site...
VMware vCenter Server, vSphere Client, ESX: memory corruption of client authentication
An attacker can setup a malicious sever, and invite VMware vCenter Server, vSphere Client and ESX clients to connect, in order to corrupt their memory, which leads to code execution...
IE: cookie reading via a proxy
When Internet Explorer is configured to use the same proxy for HTTP and HTTPS, some queries are sent to another site, so an attacker can for example obtain victim's cookies...
libupnp: buffer overflow via UPnP SSDP
An attacker can send a malicious UDP packet to applications compiled with libupnp, in order to execute code...
Opera: four vulnerabilities
An attacker can invite the victim to display a malicious site with Opera, in order to obtain information, or to execute code...
glibc: denial of service via regex
When an attacker can transmit Unicode data to an application using a regular expression, he can stop the application...
Samba: vulnerabilities of SWAT
An attacker can use two vulnerabilities of Samba Web Administration Tool, in order to trigger a Clickjacking or a Cross Site Request Forgery...
Wireshark: nine vulnerabilities
Several vulnerabilities of Wireshark can be used by a remote attacker to create a denial of service...
NetBSD: denial of service of uipc_syscalls.c
A local attacker can use sendmsg/recvmsg and ktrace/ktruss, in order to stop the NetBSD kernel...
Cisco Unified Communications Domain Manager: Cross Site Scripting
An attacker can trigger a Cross Site Scripting in Cisco Unified Communications Domain Manager, in order to execute JavaScript code in the context of the web site...
TYPO3: vulnerabilities of extensions
An attacker can use several vulnerabilities of TYPO3 extensions in order to generate a Cross Site Scripting or to inject code...
FFmpeg: several vulnerabilities
An attacker can create a malicious video, and invite the victim to display it with an application linked to FFmpeg, in order to stop it or to execute code on his computer...
BIND: denial of service via DNS64 and RPZ
When BIND is configured with DNS64, and with a RPZ rewriting rule for an A record only, then an AAAA query triggers an assertion error, which stops the service...
IE 6, 9: file reading via Administrative Shares
An attacker can create an HTML page using JavaScript code, to access to files located in Administrative Shares...
Xen: memory leak via Nested Virtualization
An attacker, who is an administrator in a guest system, can use the Nested Virtualization feature, in order to stop the Xen host system...
Xen: denial of service via Nested Virtualization
An attacker, who is an administrator in a guest system, can use the Nested Virtualization feature, in order to stop the Xen host system...
F5 BIG-IP: SQL injection via saveSettings.php
An attacker, who is authenticated on F5 BIG-IP Secure Access Manager, can inject a SQL query in the saveSettings.php form, in order to access to the database...
WebSphere AS 7.0: seven vulnerabilities
An attacker can use several vulnerabilities of WebSphere Application Server...
F5 BIG-IP: file reading via an XML entity
An attacker, who is authenticated on F5 BIG-IP Secure Access Manager, can transmit malicious XML data, in order to force it to include a file, which can then be returned to the attacker...
Snort: buffer overflow of Sourcefire VRT Rules
When the administrator installed Sourcefire VRT Rules, and enabled the rule "3:20275", an attacker can use the DCE RPC EnumeratePrintShares function, in order to trigger an overflow in Snort, which may lead to code execution...
McAfee Security for Microsoft Exchange: denial of service via XLSX
An attacker can use a malicious Microsoft Excel XLSX file, in order to generate two denials of service in McAfee Security for Microsoft Exchange...
PHP: memory reading via openssl_encrypt
When an attacker can control data sent to the PHP openssl_encrypt() function, and when he can read the result of this function, then he can obtain fragments of the application memory...
Dnsmasq: listening on all interfaces via libvirt and TCP
When Dnsmasq is installed on a server using libvirt, Dnsmasq accepts TCP queries coming from all interfaces, so an attacker can for example create a distributed denial of service...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 359 360 361 362 363 364 365 366 367 369 371 372 373 374 375 376 377 378 379 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1014