Vigil@nce describes vulnerabilities impacting your systems, and offers solutions.
Each user customizes the list of products to track.
As soon as Vigil@nce publishes an alert for one of these products, the user receives a bulletin, containing an helpful explanation of the threat, its patches and workarounds.
The administrator then uses the online Vigil@nce diary in order to plan and track the security process.
Next page...
|
public vulnerabilities
| 2 | OpenSSL: buffer overflow via bn_wexpand
The OpenSSL library does not check the error code of the bn_wexpand() function, which can generate a denial of service, or lead to code execution. |
| 2 | FreeBSD, NetBSD, OpenBSD: denial of service of ftpd
An attacker can use the LIST command, in order to force ftpd to dereference a NULL pointer, which stops it. |
| 3 | TYPO3: authentication via OpenID
An attacker, who knows the OpenID identity of a TYPO3 user, can authenticate under his account. |
| 3 | Sun Identity Manager: privilege elevation
A local or remote attacker can obtain administrator privileges via Sun Identity Manager. |
| 3 | Oracle WebLogic: several vulnerabilities of January 2010
Several vulnerabilities of WebLogic are corrected by the CPU of January 2010. |
| 3 | Oracle Application Server: several vulnerabilities of January 2010
Several vulnerabilities of Oracle Application Server are corrected by the CPU of January 2010. |
| 3 | MIT krb5: integer overflow of AES and RC4
An attacker can send a malicious query to MIT krb5, in order to stop the KDC, and possibly to execute code. |
| 1 | Linux kernel: denial of service via GFS
A local attacker can lock a file on a GFS system, in order to stop the kernel. |
| 2 | CA SiteMinder: Cross Site Scripting via WebWorks Help
An attacker can use the WebWorks Help in order to generate a Cross Site Scripting in CA SiteMinder. |
| 2 | Adobe Flash: file reading
An attacker can create a malicious Flash application, which indicates file fragments to a CIFS/SMB share. |
|
|
|
recent vulnerabilities
| 2 | phpMyAdmin: Cross Site Scripting of db_create.php
An attacker can use the database creation feature to generate a Cross Site Scripting in phpMyAdmin. |
| 1 | PHP: denial of service of xmlrpc
The xmlrpc_decode_request() function of PHP does not validate XML data, which forces a NULL pointer dereference. |
| 3 | Adobe Acrobat/Reader: two vulnerabilities
An attacker can use two Adobe Acrobat/Reader vulnerabilities, in order to access to a domain, or to execute code. |
| 1 | Linux kernel: denial of service via GFS
A local attacker can lock a file on a GFS system, in order to stop the kernel. |
| 2 | Windows: code execution via Notepad
An attacker can invite the victim to open a text file with Notepad, and then to press the F1 key, in order to execute code on his computer. |
| 3 | IE 6, 7: code execution via iepeers.dll
An attacker can create an HTML page forcing the usage of a freed memory area in iepeers.dll, which leads to code execution. |
| 2 | GNU tar, cpio: buffer overflow via rmt
An attacker, owning a malicious rmt server, or inviting the victim to open a malicious file with GNU tar or cpio, can generate an overflow, leading to code execution. |
| 1 | PostgreSQL: denial of service via JOIN
An authenticated attacker can create a query containing numerous JOINs, in order to stop PostgreSQL. |
| 3 | HP Performance Insight: code execution
A remote attacker can execute code in HP OpenView Performance Insight. |
| 3 | Excel: several vulnerabilities
An attacker can invite the victim to open a malicious Excel document, in order to execute code on his computer. |
|
|
Vulnerabilities are discovered daily and published on thousands of internet information sources.
Vigil@nce describes these vulnerabilities and how to protect your system. This information is customized according to your environment and is available on a web site or sent by alert e-mails.
Your team secures and protects your networks based on information and advice from our team.
your security watch
- a database containing over 8000 vulnerabilities and 16000 solutions
- a web access, to read descriptive information and use advanced search features
- alert and synthesis e-mails, to inform your teams
- a customized tracking service addressing software and products of your information system
- a work space where each user selects his preferences
- a diary to plan and track the securization process of each platform
- ten options in response to your specific needs
your benefits
- a customized watch on computer vulnerabilities and their solutions
- an experienced team at your service since 10 years
- a tool to monitor the security process of your networks and computers
- your team saves time in vulnerabilities research and concentrates on important tasks
- a CVE compatible solution
|
|
