Searching sp4 software vulnerabilities

Microsoft Site Server 3.0 prior to SP4 installs

LDAP_Anonymous | LdapPassword_1 | attackers | Microsoft | privilege | password | locally" | installs | default | allows | Server | remote | prior | which | "Log | Site | user | SP4 |

Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAP_Anonymous, with a default password of LdapPassword_1, which allows remote attackers the "Log on locally" privilege.


Microsoft SQL Server before Windows 2000 SP4 al

Microsoft | Windows | before | Server | SQL |

Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.


Buffer overflow in the ShellExecute API functio

ShellExecute | SHELL32DLL | function | overflow | Windows | Buffer | API |

Buffer overflow in the ShellExecute API function of SHELL32.DLL in Windows 2000 before SP4 may allow attackers to cause a denial of service or execute arbitrary code via a long third argument.


Directory traversal vulnerability in Microsoft

vulnerability | NetMeeting | Microsoft | traversal | Directory |

Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request.


Microsoft NetMeeting 3.01 2000 before SP4 allow

NetMeeting | Microsoft |

Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation.


Buffer overflow in Troubleshooter ActiveX Contr

Troubleshooter | overflow | ActiveX | Control | Buffer |

Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.


Buffer overflow in the Windows logon process (w

overflow | process | Windows | Buffer | logon |

Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code.


The SMTP service in Microsoft Windows 2000 befo

Microsoft | Windows | service | SMTP |

The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute.


Heap-based buffer overflow in winhlp32.exe in W

winhlp32exe | Heap-based | overflow | Windows | buffer |

Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a crafted .hlp file.


Unspecified vulnerability in BEA WebLogic Porta

vulnerability | restrictions | entitlements | Unspecified | attackers | WebLogic | crafted | through | access | bypass | remote | Portal | allows | pages | using | URLs | Book | SP4 | BEA | via |

Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when using entitlements, allows remote attackers to bypass access restrictions for the pages of a Book via crafted URLs.


Microsoft Windows 2000 before Update Rollup 1 f

Microsoft | Windows |

Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long.


Microsoft Windows 2000 before Update Rollup 1 f

Microsoft | Windows |

Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator.


BEA WebLogic Server and WebLogic Express 8.1 SP

attackers | WebLogic | Express | service | earlier | remote | Server | denial | cause | allow | SP4 | BEA | SP7 | SP5 |

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier allow remote attackers to cause a denial of service (server thread hang) via unknown attack vectors.


BEA WebLogic Server and WebLogic Express 8.1 SP

PrincipalValidators | Principals | privileges | attackers | properly | validate | multiple | WebLogic | derived | Express | earlier | Server | might | allow | which | gain | BEA | not | SP5 | SP4 |

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not properly validate derived Principals with multiple PrincipalValidators, which might allow attackers to gain privileges.


BEA WebLogic Server and WebLogic Express 8.1 SP

administrative | privileges | sometimes | cleartext | registry | password | WebLogic | Express | earlier | stores | Server | allow | might | which | users | local | gain | boot | SP4 | BEA | SP7 | SP6 |

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier sometimes stores the boot password in the registry in cleartext, which might allow local users to gain administrative privileges.


BEA WebLogic Server and WebLogic Express 8.1 SP

synchronization | multicast | sensitive | attackers | WebLogic | messages | sniffing | traffic | cluster | earlier | Express | encrypt | remote | Server | which | might | allow | read | BEA | not | SP5 | SP4 |

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not encrypt multicast traffic, which might allow remote attackers to read sensitive cluster synchronization messages by sniffing the multicast traffic.


BEA WebLogic Portal 8.1 through SP4 allows remo

deployment | descriptor | attackers | WebLogic | unknown | through | vectors | source | obtain | allows | remote | Portal | file | SP4 | BEA | via |

BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain the source for a deployment descriptor file via unknown vectors.


Microsoft Internet Explorer 5.01 SP4 on Windows

Microsoft | Explorer | Internet |

Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls", which allows remote attackers to execute arbitrary code via a crafted COM object.


Unspecified vulnerability in the CTableCol::OnP

vulnerability | Unspecified |

Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the "Uninitialized Memory Corruption Vulnerability."


Unspecified vulnerability in the mdsauth.dll CO

vulnerability | Unspecified | mdsauthdll | Microsoft | Explorer | Internet | Windows | object | Server | Media |

Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; or 7 on Windows Vista allows remote attackers to overwrite arbitrary files via unspecified vectors, aka the "Arbitrary File Rewrite Vulnerability."


Software vulnerabilities results 1 to 20 of 158     
Page: 12345...8