Searching patch software vulnerabilities

A system-critical program or library does not h

system-critical | appropriate | installed | outdated | obsolete | service | program | library | hotfix | patch | does | have | pack | not |

A system-critical program or library does not have the appropriate patch, hotfix, or service pack installed, or is outdated or obsolete.


Internet Explorer 5.5 and 6 with the Q312461 (M

Explorer | Internet | Q312461 |

Internet Explorer 5.5 and 6 with the Q312461 (MS01-055) patch modifies the HTTP_USER_AGENT (UserAgent) information that indicates that the patch has been installed, which could allow remote malicious web sites to more easily identify and exploit vulnerable clients.


SQL injection vulnerability in the LDAP and MyS

authentication | vulnerability | injection | Cyrus | patch | MySQL | SASL | LDAP | SQL |

SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password.


Multiple buffer overflows in Novell iChain 2.1

overflows | attackers | Multiple | service | denial | before | buffer | Novell | iChain | cause | Field | Patch | allow |

Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, and iChain 2.2 before Field Patch 1a, allow attackers to cause a denial of service (ABEND) and possibly execute arbitrary code via (1) a long user name or (2) an unknown attack related to a "special script against login."


McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 1

Orchestrator | ePolicy | McAfee |

McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 allows remote attackers to execute arbitrary commands via certain HTTP POST requests to the spipe/file handler on ePO TCP port 81.


CVS 1.12 and earlier on Debian GNU/Linux, when

CVS |

CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method.


The patch to the checklogin function in omail.p

checklogin | function | webmail | omailpl | patch | omail |

The patch to the checklogin function in omail.pl for omail webmail 0.98.5 is incomplete, which allows remote attackers to execute arbitrary commands via shell metacharacters such as "`" (backticks) in the password.


Breed patch 1 and earlier allows remote attacke

attackers | earlier | service | denial | remote | allows | Breed | patch | cause |

Breed patch 1 and earlier allows remote attackers to cause a denial of service (application crash) via an empty UDP packet, which triggers a null dereference.


Cross-site request forgery (CSRF) vulnerability

Cross-site | forgery | request |

Cross-site request forgery (CSRF) vulnerability in the management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 allows allows remote attackers to perform unauthorized actions as the administrator via URLs, as demonstrated using the setUsr operation to change a password. NOTE: this issue can be leveraged with CVE-2005-3619 to automatically perform the attacks.


Cross-site scripting (XSS) vulnerability in the

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in the management interface for VMware ESX 2.5.x before 2.5.2 upgrade patch 2, 2.1.x before 2.1.2 upgrade patch 6, and 2.0.x before 2.0.1 upgrade patch 6 allows remote attackers to inject arbitrary web script or HTML via messages that are not sanitized when viewing syslog log files.


The management interface for VMware ESX Server

management | interface | Server | before | VMware | 20x | ESX |

The management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 records passwords in cleartext in URLs that are stored in world-readable web server log files, which allows local users to gain privileges.


The Linux 2.4 kernel patch in kernel-patch-vser

kernel-patch-vserver | kernel | before | Linux | patch |

The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux does not correctly set the "chroot barrier" with util-vserver, which allows attackers to access files on the host system that are outside of the vserver.


Unquoted Windows search path vulnerability in M

vulnerability | Enterprise | VirusScan | Unquoted | Windows | search | McAfee | path | 80i |

Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run by naPrdMgr.exe when it attempts to execute EntVUtil.EXE under an unquoted "Program Files" path.


Kerio MailServer before 6.1.3 Patch 1 allows re

MailServer | before | Kerio |

Kerio MailServer before 6.1.3 Patch 1 allows remote attackers to cause a denial of service (application crash) via a crafted IMAP LOGIN command.


Unspecified vulnerability in the kernel in Sola

vulnerability | Unspecified | 118822-29 | Solaris | kernel | patch |

Unspecified vulnerability in the kernel in Solaris 10 with patch 118822-29 (118844-29 on x86) and without patch 118833-11 (118855-08) allows remote authenticated users to cause a denial of service via unspecified vectors that lead to "kernel data structure corruption" that can trigger a system panic, application failure, or "data corruption."


The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.

kernel | Linux |

The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows local users to cause a denial of service (crash) via an SCTP socket with a certain SO_LINGER value, possibly related to the patch for CVE-2006-3745. NOTE: older kernel versions for specific Linux distributions are also affected, due to backporting of the CVE-2006-3745 patch.


Unspecified vulnerability in SAP Web Applicatio

vulnerability | Application | Unspecified | Server | SAP | Web |

Unspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to cause a denial of service (enserver.exe crash) via a 0x72F2 sequence on UDP port 64999.


Stack-based buffer overflow in the SPIDERLib.Lo

SPIDERLibLoader | Stack-based | overflow | control | ActiveX | buffer |

Stack-based buffer overflow in the SPIDERLib.Loader ActiveX control (Spider90.ocx) 9.1.0.4353 in TestDirector (TD) for Mercury Quality Center 9.0 before Patch 12.1, and 8.2 SP1 before Patch 32, allows remote attackers to execute arbitrary code via a long ProgColor property.


Unspecified vulnerability in the Username Hijac

vulnerability | Unspecified | Hijacking | Username | Patch |

Unspecified vulnerability in the Username Hijacking Patch Monday, March 12, 2007 for web-app.org WebAPP 0.9.9.6 allows remote attackers to obtain administrative access via unknown vectors, related to "something overlooked in the original that was still overlooked in the patch", and possibly related to copying files to the user-lib and the "XSS and cookies exploit."


Arbor Networks Peakflow SP before 3.5.1 patch 1

Peakflow | Networks | before | Arbor |

Arbor Networks Peakflow SP before 3.5.1 patch 14, and 3.6.x before 3.6.1 patch 5, allows remote authenticated users to bypass access restrictions and read or write unspecified data via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.


Software vulnerabilities results 1 to 20 of 121     
Page: 12345...7