Vigil@nce describes vulnerabilities impacting your systems, and offers solutions.
Each user customizes the list of products to track.
As soon as Vigil@nce publishes an alert for one of these products, the user receives a bulletin, containing an helpful explanation of the threat, its patches and workarounds.
The administrator then uses the online Vigil@nce diary in order to plan and track the security process.
Next page...
|
public vulnerabilities
| 3 | Windows: vulnerabilities of the Indeo codec
An attacker can invite the victim to play malicious multimedia documents, in order to execute code in his computer. |
| 3 | Microsoft Project: code execution
An attacker can invite the victim to open a malicious file with Microsoft Project in order to execute code in his computer. |
| 3 | WordPad, Word: code execution via Word 97
An attacker can invite the victim to open a malicious file in the Word 97 format, in order to execute code when it is converted by WordPad or Word. |
| 3 | Windows: two vulnerabilities of ADFS
An authenticated attacker can use two vulnerabilities of ADFS, in order to spoof the identity of a user, or to execute code. |
| 2 | Linux kernel: incorrect permissions on devtmpfs
On a 2.6.32.x kernel, a local attacker can access to devtmpfs. |
| 2 | TYPO3: vulnerabilities of extensions
An attacker can use several vulnerabilities of TYPO3 extensions in order to generate a Cross Site Scripting or to inject SQL code. |
| 2 | Ingres: buffer overflow of iidbms
An attacker can send a malicious query to the iidbms process of Ingres, in order to generate a denial of service or to execute code. |
| 2 | ncpfs: privilege elevation via ncpmount and ncpumount
When the ncpmount and ncpumount tools are installed suid root, a local attacker can use a symbolic link, in order to elevate his privileges, to obtain information or to create a denial of service. |
| 2 | Samba: privilege elevation via mount.cifs
When the mount.cifs tool is installed suid root, a local attacker can use a symbolic link, in order to elevate his privileges or to obtain information. |
| 1 | Linux kernel: denial of service via connector
A local attacker can force the connector driver to use all system memory, which halts the system. |
|
|
|
recent vulnerabilities
| 1 | GNOME: unlocking gnome-screensaver
A local attacker can unplug a screen, in order to stop gnome-screensaver. |
| 1 | Linux kernel: memory reading via sys_move_pages
A local attacker can use the move_pages() system call, in order to read kernel memory pages. |
| 3 | HP Operations Agent: user access on Solaris
When HP Operations Agent is installed on Solaris 10, an attacker can login to the operator account. |
| 1 | Samba: corruption of mtab via mount.cifs
A local attacker can use the mount.cifs command, in order to inject invalid characters in the /etc/mtab file. |
| 2 | Oracle Database: privilege elevation via DBMS_JVM/DBMS_JAVA
An attacker, authenticated on an Oracle database, can call procedures of DBMS_JVM_EXP_PERMS and DBMS_JAVA, in order to execute commands with system privileges. |
| 2 | Samba: exiting the root directory
In the default writable share configuration, Samba allows the creation of symbolic links pointing outside the shared root. |
| 2 | WebSphere AS: SSL not used for SSO
When the Single Sign-On authentication of WebSphere is configured to enforce SSL, the session does not use SSL. |
| 2 | ModSecurity: denials of service
An attacker can generate several denials of service in the ModSecurity module for Apache httpd. |
| 2 | OpenSolaris: user access via kclient or smbadm
An attacker can guess the password used by kclient or smbadm. |
| 2 | GNOME: buffer overflow of gmime
An attacker can use long data, in order to generate an overflow when they are encoded with UUencode by gmime. |
|
|
Vulnerabilities are discovered daily and published on thousands of internet information sources.
Vigil@nce describes these vulnerabilities and how to protect your system. This information is customized according to your environment and is available on a web site or sent by alert e-mails.
Your team secures and protects your networks based on information and advice from our team.
your security watch
- a database containing over 8000 vulnerabilities and 16000 solutions
- a web access, to read descriptive information and use advanced search features
- alert and synthesis e-mails, to inform your teams
- a customized tracking service addressing software and products of your information system
- a work space where each user selects his preferences
- a diary to plan and track the securization process of each platform
- ten options in response to your specific needs
your benefits
- a customized watch on computer vulnerabilities and their solutions
- an experienced team at your service since 10 years
- a tool to monitor the security process of your networks and computers
- your team saves time in vulnerabilities research and concentrates on important tasks
- a CVE compatible solution
|
|
