Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
 home presentation resources documentation contact  
subscriber area subscriber area
free access free access

Vigil@nce describes vulnerabilities impacting your systems, and offers solutions.

Each user customizes the list of products to track.

As soon as Vigil@nce publishes an alert for one of these products, the user receives a bulletin, containing an helpful explanation of the threat, its patches and workarounds.

The administrator then uses the online Vigil@nce diary in order to plan and track the security process.

Next page...
public vulnerabilities
3MIT krb5: integer overflow of AES and RC4
An attacker can send a malicious query to MIT krb5, in order to stop the KDC, and possibly to execute code.
1Linux kernel: denial of service via GFS
A local attacker can lock a file on a GFS system, in order to stop the kernel.
2CA SiteMinder: Cross Site Scripting via WebWorks Help
An attacker can use the WebWorks Help in order to generate a Cross Site Scripting in CA SiteMinder.
2Adobe Flash: file reading
An attacker can create a malicious Flash application, which indicates file fragments to a CIFS/SMB share.
2CUPS: privilege elevation via lppasswd
A local attacker can modify the LOCALEDIR environment variable, in order to generate a format string attack in lppasswd, leading to the execution of privileged code.
2OpenSSL: denial of service via Kerberos
When OpenSSL supports the Kerberos key exchange, and when the server application is in a chroot jail, an attacker can send a special ClientHello message, in order to stop the application.
1PostgreSQL: denial of service via JOIN
An authenticated attacker can create a query containing numerous JOINs, in order to stop PostgreSQL.
2Cisco Unified Communications Manager: denials of service
An attacker can use SCCP, SIP or CIT messages, in order to generate denials of service on Cisco Unified Communications Manager.
2Apache httpd: information disclosure via SubRequest
When Apache httpd uses a SubRequest and a multi-threaded MPM, session data can be returned to another user.
2Linux kernel: denial of service via NFS
An attacker can truncate a NFS file, in order to stop the kernel, and possibly to execute code.
   recent vulnerabilities
1Linux kernel: denial of service via GFS
A local attacker can lock a file on a GFS system, in order to stop the kernel.
2Windows: code execution via Notepad
An attacker can invite the victim to open a text file with Notepad, and then to press the F1 key, in order to execute code on his computer.
3IE 6, 7: code execution via iepeers.dll
An attacker can create an HTML page forcing the usage of a freed memory area in iepeers.dll, which leads to code execution.
2GNU tar, cpio: buffer overflow via rmt
An attacker, owning a malicious rmt server, or inviting the victim to open a malicious file with GNU tar or cpio, can generate an overflow, leading to code execution.
1PostgreSQL: denial of service via JOIN
An authenticated attacker can create a query containing numerous JOINs, in order to stop PostgreSQL.
3HP Performance Insight: code execution
A remote attacker can execute code in HP OpenView Performance Insight.
3Excel: several vulnerabilities
An attacker can invite the victim to open a malicious Excel document, in order to execute code on his computer.
3Windows: code execution via Movie Maker and Producer
An attacker can invite the victim to open a malicious document with Windows Movie Maker or Microsoft Producer 2003, in order to generate a buffer overflow leading to code execution.
2AIX: buffer overflow of qoslist and qosmod
A local attacker can generate an overflow in the qoslist and qosmod commands, in order to elevate his privileges.
3Samba: file access via CAP_DAC_OVERRIDE
The smbd daemon of Samba inherits the CAP_DAC_OVERRIDE capability, which can be used by an user to bypass file access restrictions.


Vulnerabilities are discovered daily and published on thousands of internet information sources.
Vigil@nce describes these vulnerabilities and how to protect your system. This information is customized according to your environment and is available on a web site or sent by alert e-mails.
Your team secures and protects your networks based on information and advice from our team.

your security watch

  • a database containing over 8000 vulnerabilities and 16000 solutions
  • a web access, to read descriptive information and use advanced search features
  • alert and synthesis e-mails, to inform your teams
  • a customized tracking service addressing software and products of your information system
  • a work space where each user selects his preferences
  • a diary to plan and track the securization process of each platform
  • ten options in response to your specific needs

your benefits

  • a customized watch on computer vulnerabilities and their solutions
  • an experienced team at your service since 10 years
  • a tool to monitor the security process of your networks and computers
  • your team saves time in vulnerabilities research and concentrates on important tasks
  • a CVE compatible solution



















France Télécom Copyright 1999-2010 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française