Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
 home presentation resources documentation contact  
subscriber area subscriber area
free access free access

Vigil@nce describes vulnerabilities impacting your systems, and offers solutions.

Each user customizes the list of products to track.

As soon as Vigil@nce publishes an alert for one of these products, the user receives a bulletin, containing an helpful explanation of the threat, its patches and workarounds.

The administrator then uses the online Vigil@nce diary in order to plan and track the security process.

Next page...
public vulnerabilities
3Windows: vulnerabilities of the Indeo codec
An attacker can invite the victim to play malicious multimedia documents, in order to execute code in his computer.
3Microsoft Project: code execution
An attacker can invite the victim to open a malicious file with Microsoft Project in order to execute code in his computer.
3WordPad, Word: code execution via Word 97
An attacker can invite the victim to open a malicious file in the Word 97 format, in order to execute code when it is converted by WordPad or Word.
3Windows: two vulnerabilities of ADFS
An authenticated attacker can use two vulnerabilities of ADFS, in order to spoof the identity of a user, or to execute code.
2Linux kernel: incorrect permissions on devtmpfs
On a 2.6.32.x kernel, a local attacker can access to devtmpfs.
2TYPO3: vulnerabilities of extensions
An attacker can use several vulnerabilities of TYPO3 extensions in order to generate a Cross Site Scripting or to inject SQL code.
2Ingres: buffer overflow of iidbms
An attacker can send a malicious query to the iidbms process of Ingres, in order to generate a denial of service or to execute code.
2ncpfs: privilege elevation via ncpmount and ncpumount
When the ncpmount and ncpumount tools are installed suid root, a local attacker can use a symbolic link, in order to elevate his privileges, to obtain information or to create a denial of service.
2Samba: privilege elevation via mount.cifs
When the mount.cifs tool is installed suid root, a local attacker can use a symbolic link, in order to elevate his privileges or to obtain information.
1Linux kernel: denial of service via connector
A local attacker can force the connector driver to use all system memory, which halts the system.
   recent vulnerabilities
1GNOME: unlocking gnome-screensaver
A local attacker can unplug a screen, in order to stop gnome-screensaver.
1Linux kernel: memory reading via sys_move_pages
A local attacker can use the move_pages() system call, in order to read kernel memory pages.
3HP Operations Agent: user access on Solaris
When HP Operations Agent is installed on Solaris 10, an attacker can login to the operator account.
1Samba: corruption of mtab via mount.cifs
A local attacker can use the mount.cifs command, in order to inject invalid characters in the /etc/mtab file.
2Oracle Database: privilege elevation via DBMS_JVM/DBMS_JAVA
An attacker, authenticated on an Oracle database, can call procedures of DBMS_JVM_EXP_PERMS and DBMS_JAVA, in order to execute commands with system privileges.
2Samba: exiting the root directory
In the default writable share configuration, Samba allows the creation of symbolic links pointing outside the shared root.
2WebSphere AS: SSL not used for SSO
When the Single Sign-On authentication of WebSphere is configured to enforce SSL, the session does not use SSL.
2ModSecurity: denials of service
An attacker can generate several denials of service in the ModSecurity module for Apache httpd.
2OpenSolaris: user access via kclient or smbadm
An attacker can guess the password used by kclient or smbadm.
2GNOME: buffer overflow of gmime
An attacker can use long data, in order to generate an overflow when they are encoded with UUencode by gmime.


Vulnerabilities are discovered daily and published on thousands of internet information sources.
Vigil@nce describes these vulnerabilities and how to protect your system. This information is customized according to your environment and is available on a web site or sent by alert e-mails.
Your team secures and protects your networks based on information and advice from our team.

your security watch

  • a database containing over 8000 vulnerabilities and 16000 solutions
  • a web access, to read descriptive information and use advanced search features
  • alert and synthesis e-mails, to inform your teams
  • a customized tracking service addressing software and products of your information system
  • a work space where each user selects his preferences
  • a diary to plan and track the securization process of each platform
  • ten options in response to your specific needs

your benefits

  • a customized watch on computer vulnerabilities and their solutions
  • an experienced team at your service since 10 years
  • a tool to monitor the security process of your networks and computers
  • your team saves time in vulnerabilities research and concentrates on important tasks
  • a CVE compatible solution



















France Télécom Copyright 1999-2010 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française