Searching pack software vulnerabilities

A system-critical program or library does not h

system-critical | appropriate | installed | outdated | obsolete | service | program | library | hotfix | patch | does | have | pack | not |

A system-critical program or library does not have the appropriate patch, hotfix, or service pack installed, or is outdated or obsolete.


Nokia Firewall Appliances running IPSO 3.3 and

VPN-1/FireWall-1 | Appliances | Firewall | Service | running | Nokia | Pack | IPSO |

Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 Service Pack 3, IPSO 3.4 and VPN-1/FireWall-1 4.1 Service Pack 4, and IPSO 3.4 or IPSO 3.4.1 and VPN-1/FireWall-1 4.1 Service Pack 5, when SYN Defender is configured in Active Gateway mode, does not properly rewrite the third packet of a TCP three-way handshake to use the NAT IP address, which allows remote attackers to gain sensitive information.


sscd_suncourier.pl CGI script in the Sun Sunsol

sscd_suncourierpl | metacharacters | attackers | arbitrary | parameter | Sunsolve | commands | execute | address | script | remote | allows | shell | email | pack | CGI | Sun | via |

sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter.


Unknown vulnerability in Compaq WEBES Service T

vulnerability | through | Service | Unknown | Compaq | Tools | WEBES |

Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES 4.0 (Service Pack 5) allows local users to read privileged files.


Unknown vulnerability or vulnerabilities in Nov

vulnerabilities | vulnerability | unauthorized | possibly | Support | related | Unknown | Novell | access | iChain | before | impact | Pack |

Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before Support Pack 1, with unknown impact, possibly related to unauthorized access to (1) NCPIP.NLM and (2) JSTCP.NLM.


Novell iChain 2.2 before Support Pack 1 does no

accelerator | malicious | attackers | redirects | redirect | properly | Support | iChain | allows | Novell | verify | before | sites | which | match | URLs | does | Pack | name | web | DNS | URL | not |

Novell iChain 2.2 before Support Pack 1 does not properly verify that URL redirects match the DNS name of an accelerator, which allows attackers to redirect URLs to malicious web sites.


Novell iChain 2.2 before Support Pack 1 uses a

non-existent | usernames | attackers | password | guessing | timeout | conduct | Support | shorter | remote | easier | Novell | before | iChain | brute | force | guess | valid | which | makes | uses | Pack | than | user |

Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a non-existent user than a valid user, which makes it easier for remote attackers to guess usernames and conduct brute force password guessing.


Unknown vulnerability in Novell iChain 2.2 befo

authentication | vulnerability | restricted | Support | Unknown | without | access | secure | before | iChain | Novell | allows | users | pages | Pack |

Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 allows users to access restricted or secure pages without authentication.


BEA WebLogic Server and WebLogic Express 7.0 th

attackers | accessing | directly | internal | WebLogic | password | username | booting | Express | methods | through | certain | Service | allows | Server | obtain | Pack | BEA |

BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods.


Web Forums Server 1.6 and 2.0 Power Pack stores

Usernameini | privileges | passwords | plaintext | Server | Forums | allows | stores | which | local | Power | users | gain | Pack | file | Web |

Web Forums Server 1.6 and 2.0 Power Pack stores passwords in plaintext in the Username.ini file, which allows local users to gain privileges.


The default installation of NetScreen-Security

NetScreen-Security | communication | installation | information | encryption | attackers | sensitive | sniffing | ScreenOS | devices | running | default | Feature | Manager | remote | obtain | before | enable | allows | which | does | Pack | via | not |

The default installation of NetScreen-Security Manager before Feature Pack 1 does not enable encryption for communication with devices running ScreenOS 5.0, which allows remote attackers to obtain sensitive information via sniffing.


BEA WebLogic Server 7.0 Service Pack 5 and earl

authentication | exceptions | generates | different | attackers | passwords | WebLogic | suggest | attacks | attempt | earlier | Service | easier | Server | remote | brute | guess | login | force | makes | fails | which | Pack | BEA | why | via |

BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service Pack 3 and earlier, generates different login exceptions that suggest why an authentication attempt fails, which makes it easier for remote attackers to guess passwords via brute force attacks.


BEA WebLogic Server and WebLogic Express 8.1 th

exceptions | exception | incorrect | security | properly | identity | provider | WebLogic | Service | Express | through | throws | Server | handle | thread | cause | audit | which | fail | does | Pack | may | BEA | not | use |

BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 and 7.0 through Service Pack 5 does not properly handle when a security provider throws an exception, which may cause WebLogic to use incorrect identity for the thread, or to fail to audit security exceptions.


The UserLogin control in BEA WebLogic Portal 8.

attackers | incorrect | UserLogin | password | standard | WebLogic | attempt | correct | control | through | Service | easier | prints | Portal | output | could | guess | login | which | made | make | Pack | BEA |

The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login attempt is made, which could make it easier for attackers to guess the correct password.


The embedded LDAP server in BEA WebLogic Server

attackers | anonymous | WebLogic | embedded | through | Service | entries | Express | remote | denial | server | allows | allow | cause | binds | which | LDAP | Pack | user | view | may | BEA |

The embedded LDAP server in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 5, allows remote anonymous binds, which may allow remote attackers to view user entries or cause a denial of service.


Buffer overflow in BEA WebLogic Server and WebL

attackers | WebLogic | overflow | Express | Service | remote | Buffer | denial | allows | Server | cause | Pack | BEA |

Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Service Pack 4 allows remote attackers to cause a denial of service (CPU consumption from thread looping).


Heap-based buffer overflow in the Admin Plus Pa

Heap-based | overflow | through | VERITAS | buffer | Backup | Option | Admin | Exec | Plus | Pack |

Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS Backup Exec 9.0 through 10.0 for Windows Servers allows remote attackers to execute arbitrary code.


INSO service in IBM DB2 Content Manager before

attackers | Content | Manager | service | denial | allows | before | cause | Pack | INSO | IBM | Fix | AIX | DB2 |

INSO service in IBM DB2 Content Manager before 8.2 Fix Pack 10 on AIX allows attackers to cause a denial of service (application crash) via unknown attack vectors involving LZH files.


BEA WebLogic Server 8.1 before Service Pack 4 a

transactions | potentially | non-secure | attackers | sensitive | WebLogic | channels | Service | traffic | network | Server | before | remote | allows | which | using | send | read | Pack | over | data | JTA | may | BEA |

BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6, may send sensitive data over non-secure channels when using JTA transactions, which allows remote attackers to read potentially sensitive network traffic.


stopWebLogic.sh in BEA WebLogic Server 8.1 befo

stopWebLogicsh | administrator | displays | executed | password | WebLogic | display | viewing | Service | obtain | allows | Server | before | stdout | users | which | local | Pack | BEA |

stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6 displays the administrator password to stdout when executed, which allows local users to obtain the password by viewing a local display.


Software vulnerabilities results 1 to 20 of 91     
Page: 12345