Vigil@nce describes vulnerabilities impacting your systems, and offers solutions.
Each user customizes the list of products to track.
As soon as Vigil@nce publishes an alert for one of these products, the user receives a bulletin, containing an helpful explanation of the threat, its patches and workarounds.
The administrator then uses the online Vigil@nce diary in order to plan and track the security process.
Next page...
|
public vulnerabilities
| 3 | MIT krb5: integer overflow of AES and RC4
An attacker can send a malicious query to MIT krb5, in order to stop the KDC, and possibly to execute code. |
| 1 | Linux kernel: denial of service via GFS
A local attacker can lock a file on a GFS system, in order to stop the kernel. |
| 2 | CA SiteMinder: Cross Site Scripting via WebWorks Help
An attacker can use the WebWorks Help in order to generate a Cross Site Scripting in CA SiteMinder. |
| 2 | Adobe Flash: file reading
An attacker can create a malicious Flash application, which indicates file fragments to a CIFS/SMB share. |
| 2 | CUPS: privilege elevation via lppasswd
A local attacker can modify the LOCALEDIR environment variable, in order to generate a format string attack in lppasswd, leading to the execution of privileged code. |
| 2 | OpenSSL: denial of service via Kerberos
When OpenSSL supports the Kerberos key exchange, and when the server application is in a chroot jail, an attacker can send a special ClientHello message, in order to stop the application. |
| 1 | PostgreSQL: denial of service via JOIN
An authenticated attacker can create a query containing numerous JOINs, in order to stop PostgreSQL. |
| 2 | Cisco Unified Communications Manager: denials of service
An attacker can use SCCP, SIP or CIT messages, in order to generate denials of service on Cisco Unified Communications Manager. |
| 2 | Apache httpd: information disclosure via SubRequest
When Apache httpd uses a SubRequest and a multi-threaded MPM, session data can be returned to another user. |
| 2 | Linux kernel: denial of service via NFS
An attacker can truncate a NFS file, in order to stop the kernel, and possibly to execute code. |
|
|
|
recent vulnerabilities
| 1 | Linux kernel: denial of service via GFS
A local attacker can lock a file on a GFS system, in order to stop the kernel. |
| 2 | Windows: code execution via Notepad
An attacker can invite the victim to open a text file with Notepad, and then to press the F1 key, in order to execute code on his computer. |
| 3 | IE 6, 7: code execution via iepeers.dll
An attacker can create an HTML page forcing the usage of a freed memory area in iepeers.dll, which leads to code execution. |
| 2 | GNU tar, cpio: buffer overflow via rmt
An attacker, owning a malicious rmt server, or inviting the victim to open a malicious file with GNU tar or cpio, can generate an overflow, leading to code execution. |
| 1 | PostgreSQL: denial of service via JOIN
An authenticated attacker can create a query containing numerous JOINs, in order to stop PostgreSQL. |
| 3 | HP Performance Insight: code execution
A remote attacker can execute code in HP OpenView Performance Insight. |
| 3 | Excel: several vulnerabilities
An attacker can invite the victim to open a malicious Excel document, in order to execute code on his computer. |
| 3 | Windows: code execution via Movie Maker and Producer
An attacker can invite the victim to open a malicious document with Windows Movie Maker or Microsoft Producer 2003, in order to generate a buffer overflow leading to code execution. |
| 2 | AIX: buffer overflow of qoslist and qosmod
A local attacker can generate an overflow in the qoslist and qosmod commands, in order to elevate his privileges. |
| 3 | Samba: file access via CAP_DAC_OVERRIDE
The smbd daemon of Samba inherits the CAP_DAC_OVERRIDE capability, which can be used by an user to bypass file access restrictions. |
|
|
Vulnerabilities are discovered daily and published on thousands of internet information sources.
Vigil@nce describes these vulnerabilities and how to protect your system. This information is customized according to your environment and is available on a web site or sent by alert e-mails.
Your team secures and protects your networks based on information and advice from our team.
your security watch
- a database containing over 8000 vulnerabilities and 16000 solutions
- a web access, to read descriptive information and use advanced search features
- alert and synthesis e-mails, to inform your teams
- a customized tracking service addressing software and products of your information system
- a work space where each user selects his preferences
- a diary to plan and track the securization process of each platform
- ten options in response to your specific needs
your benefits
- a customized watch on computer vulnerabilities and their solutions
- an experienced team at your service since 10 years
- a tool to monitor the security process of your networks and computers
- your team saves time in vulnerabilities research and concentrates on important tasks
- a CVE compatible solution
|
|
