Searching update software vulnerabilities

NAI VirusScan NT 4.0.2 does not properly modify

VirusScan | NAI |

NAI VirusScan NT 4.0.2 does not properly modify the scan.dat virus definition file during an update via FTP, but it reports that the update was successful, which could cause a system administrator to believe that the definitions have been updated correctly.


Auto-update feature of Macromedia Shockwave 7 t

information | Auto-update | Macromedia | transmits | Shockwave | password | feature | user's | back | hard | disk |

Auto-update feature of Macromedia Shockwave 7 transmits a user's password and hard disk information back to Macromedia.


Cheyenne InocuLAN Anti-Virus Server in Inoculan

permissions | Anti-Virus | Inoculan's | "EVERYONE | directory | antivirus | CONTROL" | Cheyenne | InocuLAN | feature | install | creates | Service | allows | Trojan | update | Server | before | horse | local | which | cause | users | Pack | FULL | dll |

Cheyenne InocuLAN Anti-Virus Server in Inoculan 4.0 before Service Pack 2 creates an update directory with "EVERYONE FULL CONTROL" permissions, which allows local users to cause Inoculan's antivirus update feature to install a Trojan horse dll.


Mantis 0.17.4a and earlier allows remote attack

parameter | attackers | modifying | private | earlier | Mantis | allows | remote | 0174a | f_id | view | bugs | bug |

Mantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID parameter to (1) bug_update_advanced_page.php, (2) bug_update_page.php, (3) view_bug_advanced_page.php, or (4) view_bug_page.php.


devices_update_printer_fw_upload.hts in HP Web

devices_update_printer_fw_uploadhts | JetAdmin | Web |

devices_update_printer_fw_upload.hts in HP Web JetAdmin 7.5.2546, when no password is set, allows remote attackers to upload arbitrary files to the printer directory.


YaST Online Update (YOU) in SuSE 8.2 and 9.0 al

Update | Online | YaST |

YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to overwrite arbitrary files via a symlink attack on you-$USER/cookies.


Buffer overflow in the sh_hash_compdata functio

sh_hash_compdata | function | overflow | Samhain | Buffer |

Buffer overflow in the sh_hash_compdata function for Samhain 1.8.9 through 2.0.1, when running in update mode ("-t update"), might allow attackers to execute arbitrary code.


Unspecified vulnerability in Tincan Limited PHP

vulnerability | Unspecified | Limited | PHPlist | before | Tincan |

Unspecified vulnerability in Tincan Limited PHPlist before 2.8.12 has unknown impact and attack vectors, related to a "security update release."


Unknown vulnerability in Sun ONE Application Se

vulnerability | Application | Maintenance | attackers | Unknown | earlier | allows | Update | Server | files | read | Sun | ONE | SP1 |

Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier allows attackers to read files.


Java Web Start in Java 2 Platform Standard Edit

Platform | Standard | Edition | Start | Java | Web |

Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0 Update 1 allows applications to assign permissions to themselves and gain privileges.


The network interface for Apple AirPort Express

attackers | interface | Firmware | Extreme | Express | service | network | AirPort | remote | denial | before | Update | allows | Apple | cause |

The network interface for Apple AirPort Express 6.x before Firmware Update 6.3, and AirPort Extreme 5.x before Firmware Update 5.7, allows remote attackers to cause a denial of service (unresponsive interface) via malformed packets.


The automatic update feature in Google Talk all

attackers | automatic | feature | service | remote | denial | Google | update | allows | cause | Talk |

The automatic update feature in Google Talk allows remote attackers to cause a denial of service (CPU and memory consumption) by poisoning a target's DNS cache and causing a large update file to be sent, which consumes large amounts of CPU and memory during the signature verification, aka BenjiBug.


The Java Plug-in J2SE 1.3.0_02 through 5.0 Upda

through | Plug-in | Update | 130_02 | Start | Java | J2SE | Web |

The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java Web Start 1.0 through 1.2 and J2SE 1.4.2 through 5.0 Update 5, allows remote attackers to exploit vulnerabilities by specifying a JRE version that contain vulnerabilities.


Mozilla Firefox before 1.5.0.7 and Thunderbird

Firefox | Mozilla | before |

Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update.


admin/uploads.php in PHP-Update 2.7 and earlier

admin/uploadsphp | privileges | PHP-Update | attackers | rights[7] | parameter | earlier | setting | during | allows | remote | action | login | gain |

admin/uploads.php in PHP-Update 2.7 and earlier allows remote attackers to gain privileges by setting the rights[7] parameter to 1 during a login action.


Buffer overflow in the Update Service Agent Act

Macrovision | isuswebdll | overflow | Control | Connect | FLEXnet | Service | ActiveX | Buffer | Update | Agent |

Buffer overflow in the Update Service Agent ActiveX Control in isusweb.dll for Macrovision FLEXnet Connect (formerly InstallShield Update Service) allows remote attackers to execute arbitrary code via the Download method.


Unspecified vulnerability in the installer for

vulnerability | Unspecified | installer | Bridge | Adobe |

Unspecified vulnerability in the installer for Adobe Bridge 1.0.3 update for Apple OS X, when patching with desktop management tools, allows local users to gain privileges via unspecified vectors during installation of the update by a different user who has administrative privileges.


Static code injection vulnerability in process.

vulnerability | processphp | attackers | parameter | configphp | injection | AimStats | update | number | Static | action | allows | remote | inject | into | code | PHP | via |

Static code injection vulnerability in process.php in AimStats 3.2 allows remote attackers to inject PHP code into config.php via the number parameter in an update action.


Stack-based buffer overflow in javaws.exe in Su

Stack-based | arbitrary | attackers | javawsexe | attribute | codebase | overflow | earlier | execute | allows | remote | buffer | Update | Start | long | file | JNLP | Java | code | JRE | Web | via | Sun |

Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file.


MySQL Community Server before 5.0.45 allows rem

Community | before | Server | MySQL |

MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.


Software vulnerabilities results 1 to 20 of 164     
Page: 12345...9