Vigil@nce vulnerabilities - watch on computer security


we track for your security since 1999

home

Vigil@nce team describes computer vulnerabilities impacting your systems, and offers solutions.

Each user customizes the list of products to track.

As soon as Vigil@nce publishes an alert for one of these products, the user receives a bulletin, containing an helpful explanation of the threat, its patches and workarounds.

The administrator then uses the online Vigil@nce diary in order to plan and track the security process.

Next page...

public vulnerabilities

2	WebSphere AS: vulnerability of JAX-WS A vulnerability of Java API for XML Web Services (JAX-WS) runtime exists.
2	SSSD: connexion without password An attacker can connect via SSSD and LDAP with an account without knowing the password.
2	HP-UX: privilege elevation using Software Distributor A local attacker can elevate his privileges using Software Distributor.
2	AIX: buffer overflow of ftpd An attacker can use NLST in order to execute code.
2	Cisco Unified Communications Manager: denials of service An attacker can use SIP messages, in order to generate denials of service on Cisco Unified Communications Manager.
1	Linux kernel: memory disclosure via ioctl_standard_iw_point An attacker can use ioctl SIOCxxx in order to read kernel data.
2	Windows: code execution via "DLL preload" An attacker can use a malicious DLL in order to execute code in the context of the targeted application.
2	Quagga Routing Suite: two vulnerabilities Two vulnerabilities in Quagga Routing Suite can be used by an attacker to create a denial of service or possibly to execute code.
1	Cisco IOS XR: BGP vulnerability An attacker can send a BGP prefix with transitive attribute to generate a denial of service.
2	phpMyAdmin: Cross Site Scripting of setup.php An attacker can use parameters of setup.php script in order to inject HTML code in phpMyAdmin.

recent vulnerabilities

2	Zope: denial of service A remote attacker can access a private page of a Plone website, in order to create a denial of service.
2	Linux kernel: denial of service via keyctl(KEYCTL_SESSION_TO_PARENT) An attacker can use keyctl(KEYCTL_SESSION_TO_PARENT) in order to stop the kernel.
2	HP Operations Agent: two vulnerabilities Two vulnerabilities of HP Operations Agent running on Windows can be used by an attacker to elevate his privileges or execute code.
3	TYPO3: vulnerabilities of extensions An attacker can use several vulnerabilities of TYPO3 extensions in order to execute code, to generate a Cross Site Scripting or to inject SQL code.
3	QuickTime: several vulnerabilities Several QuickTime vulnerabilities can lead to code execution.
2	phpMyAdmin: Cross Site Scripting via backtrace An attacker can use backtrace features to generate a Cross Site Scripting in phpMyAdmin.
4	Adobe Flash, Reader: code execution via AVM2 An attacker can invite the victim to display a malicious Flash document, or a PDF document containing malicious Flash data, in order to execute code on his computer.
3	Apple QuickTime ActiveX: code execution via _Marshaled_pUnk parameter An attacker can use the _Marshaled_pUnk parameter of QuickTime ActiveX in order to execute code.
2	Linux kernel: denial of service irda_bind An attacker can use irda_bind() in order to stop the kernel.
2	NetWare 6.5: buffer overflow of SSHD.NLM An authenticated attacker can generate a buffer overflow in the SSHD service of Netware, in order to create a denial of service, and possibly to execute code.

Vulnerabilities are discovered daily and published on thousands of internet information sources.
Vigil@nce describes these vulnerabilities and how to protect your system. This information is customized according to your environment and is available on a web site or sent by alert e-mails.
Your team secures and protects your networks based on information and advice from our team.

your security watch

a database containing over 8000 vulnerabilities and 16000 solutions
a web access, to read descriptive information and use advanced search features
alert and synthesis e-mails, to inform your teams
a customized tracking service addressing software and products of your information system
a work space where each user selects his preferences
a diary to plan and track the securization process of each platform
ten options in response to your specific needs

your benefits

a customized watch on computer vulnerabilities and their solutions
an experienced team at your service since 10 years
a tool to monitor the security process of your networks and computers
your team saves time in vulnerabilities research and concentrates on important tasks
a CVE compatible solution