hotfix software vulnerabilities
vulnerabilities.aspcode.net
Searching hotfix software vulnerabilities
IIS 3.0 with the iis-fix hotfix installed allow
installed
|
intruders
|
programs
|
instead
|
iis-fix
|
source
|
allows
|
hotfix
|
remote
|
using
|
read
|
code
|
IIS
|
%2e
|
ASP
|
IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL.
Buffer overflow in the _maincfgret.cgi script f
_maincfgretcgi
|
Ipswitch
|
overflow
|
WhatsUp
|
before
|
Buffer
|
script
|
Gold
|
Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp Gold before 8.03 Hotfix 1 allows remote attackers to execute arbitrary code via a long instancename parameter.
The HTTP daemon in Ipswitch WhatsUp Gold 8.03 a
Ipswitch
|
WhatsUp
|
daemon
|
Gold
|
HTTP
|
The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows remote attackers to cause a denial of service (server crash) via a GET request containing an MS-DOS device name, as demonstrated using "prn.htm".
Stack-based buffer overflow in the Agent Browse
Stack-based
|
overflow
|
Browser
|
Veritas
|
Backup
|
before
|
buffer
|
Agent
|
Exec
|
Stack-based buffer overflow in the Agent Browser in Veritas Backup Exec 8.x before 8.60.3878 Hotfix 68, and 9.x before 9.1.4691 Hotfix 40, allows remote attackers to execute arbitrary code via a registration request with a long hostname.
Hosting Controller 6.1 Hotfix 1.4, and possibly
directories
|
specifying
|
Controller
|
attackers
|
arbitrary
|
parameter
|
possibly
|
pathname
|
FilePath
|
versions
|
Hosting
|
remote
|
allows
|
target
|
Hotfix
|
other
|
view
|
Hosting Controller 6.1 Hotfix 1.4, and possibly other versions, allows remote attackers to view arbitrary directories by specifying the target pathname in the FilePath parameter to (1) Statsbrowse.asp or (2) Generalbrowse.asp.
Unknown vulnerability in F-Secure Anti-Virus (F
vulnerability
|
Anti-Virus
|
F-Secure
|
Unknown
|
Unknown vulnerability in F-Secure Anti-Virus (FSAV) 4.52 for Linux before Hotfix 3 allows the Sober.D worm to bypass FASV.
The Altiris Client Service for Windows 5.6 SP1
Service
|
Windows
|
Altiris
|
Hotfix
|
Client
|
SP1
|
The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) allows local users to execute arbitrary commands by opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2005-1590.
Hosting Controller 6.1 Hotfix 1.7 and earlier s
HCDiskQuotaServicecsv
|
information
|
Controller
|
attackers
|
sensitive
|
request
|
earlier
|
Hosting
|
allows
|
remote
|
obtain
|
stores
|
direct
|
Hotfix
|
under
|
files
|
which
|
root
|
log
|
web
|
via
|
Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under the web root, which allows remote attackers to obtain sensitive information via a direct request to HCDiskQuotaService.csv.
The password recovery feature (forgotpassword.a
recovery
|
password
|
feature
|
The password recovery feature (forgotpassword.asp) in Hosting Controller 6.1 Hotfix 1.7 and earlier allows remote attackers to determine the owner's e-mail address by providing a portion of the domain name to the "login ID" field.
Buffer overflow in the IMAP daemon (IMAP4d32.ex
overflow
|
daemon
|
Buffer
|
IMAP
|
Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch Collaboration Suite (ICS) before 8.15 Hotfix 1 allows remote authenticated users to execute arbitrary code via a long EXAMINE command.
Hosting Controller 6.1 Hotfix 1.9 and earlier a
addsubsiteasp
|
Controller
|
parameters
|
attackers
|
arbitrary
|
loginname
|
password
|
register
|
earlier
|
request
|
Hosting
|
Hotfix
|
allows
|
remote
|
direct
|
users
|
set
|
via
|
Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers to register arbitrary users via a direct request to addsubsite.asp with the loginname and password parameters set.
Hosting Controller 6.1 HotFix 2.0 and earlier a
UserProfileasp
|
updateprofile
|
emailaddress
|
privileges
|
Controller
|
passwords
|
parameter
|
attackers
|
modified
|
earlier
|
Hosting
|
HotFix
|
action
|
allows
|
remote
|
steal
|
gain
|
via
|
Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers to steal passwords and gain privileges via a modified emailaddress parameter in an updateprofile action for UserProfile.asp.
SQL injection vulnerability in resellerresource
resellerresourcesasp
|
vulnerability
|
jresourceid
|
Controller
|
parameter
|
arbitrary
|
attackers
|
injection
|
commands
|
execute
|
Hosting
|
Hotfix
|
allows
|
remote
|
SQL
|
via
|
SQL injection vulnerability in resellerresources.asp in Hosting Controller 6.1 Hotfix 2.0 allows remote attackers to execute arbitrary SQL commands via the jresourceid parameter.
Hosting Controller 6.1 Hotfix 2.1 allows remote
AccountActionsasp
|
UpdateCreditLimit
|
authenticated
|
unauthorized
|
CreditLimit
|
Controller
|
modifying
|
parameter
|
request
|
actions
|
Hosting
|
perform
|
direct
|
remote
|
allows
|
credit
|
action
|
Hotfix
|
limit
|
users
|
such
|
via
|
Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to perform unauthorized actions, such as modifying the credit limit, via a direct request to AccountActions.asp and modifying the CreditLimit parameter in an UpdateCreditLimit action.
Unspecified vulnerability in Hosting Controller
vulnerability"
|
vulnerability
|
Unspecified
|
Controller
|
attackers
|
arbitrary
|
contents
|
related
|
Hosting
|
before
|
drives
|
allows
|
Hotfix
|
remote
|
read
|
"the
|
list
|
PHP
|
Unspecified vulnerability in Hosting Controller 6.1 before Hotfix 2.4 allows remote attackers to list and read contents of arbitrary drives, related to "the PHP vulnerability."
SQL injection vulnerability in Hosting Controll
vulnerability
|
authenticated
|
Controller
|
arbitrary
|
injection
|
commands
|
execute
|
Hosting
|
allows
|
Hotfix
|
remote
|
users
|
via
|
SQL
|
SQL injection vulnerability in Hosting Controller 6.1 Hotfix 2.8 allows remote authenticated users to execute arbitrary SQL commands via the (1) GatewayID parameter in an add action in AddGatewaySettings.asp and (2) IP parameter in IPManager.asp.
Buffer overflow in BlackBerry Attachment Servic
BlackBerry
|
Attachment
|
Research
|
overflow
|
Service
|
Motion
|
Buffer
|
Buffer overflow in BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfix 3 for Microsoft Exchangem, and 4.0 for Novell GroupWise before SP3 Hotfix 1 might allow user-assisted remote attackers to execute arbitrary code on the server via a crafted Microsoft Word document that is opened on a wireless device.
Unspecified vulnerability in InfoVista PortalSE
vulnerability
|
Unspecified
|
InfoVista
|
PortalSE
|
Build
|
Unspecified vulnerability in InfoVista PortalSE 2.0 Build 20087 on Solaris 8 without the IV00038969 hotfix allows remote attackers to read arbitrary files via a crafted URL.
Clearswift MIMEsweeper for Web before 5.1.15 Ho
MIMEsweeper
|
Clearswift
|
before
|
Web
|
Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote attackers to cause a denial of service (crash) via an encrypted archived .RAR file, which triggers a scan error and causes the Web Policy Engine service to terminate.
Multiple buffer overflows in Ipswitch WS_FTP Se
overflows
|
Ipswitch
|
Multiple
|
Server
|
WS_FTP
|
buffer
|
Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands.
Software vulnerabilities results 1 to 20 of 42
Page:
1
2
3
►