35 matches found
The vulnerability of Novell ZENworks Patch Management’s update agent to PatchLink updates allows a hacker to gain access to confidential data, compromise its integrity, and cause service interruptions.
The vulnerability of Novell ZENworks Patch Management’s update agent, when combined with the PatchLink client update, is related to an incorrect definition of the link before accessing the file. Exploiting this vulnerability can allow attackers to access confidential data, compromise its integrit...
Blizzard Update Agent - JSON RPC DNS Rebinding Vulnerability
Exploit for windows platform in category local exploits All blizzard games are installed alongside a shared tool called "Blizzard Update Agent", investor.activision.com claims they have "500 million monthly active users", who presumably all have this utility installed. The agent utility creates a...
Blizzard Update Agent - JSON RPC DNS Rebinding
All blizzard games are installed alongside a shared tool called "Blizzard Update Agent", investor.activision.com claims they have "500 million monthly active users", who presumably all have this utility installed. The agent utility creates an JSON RPC server listening on localhost port 1120, and...
Blizzard Update Agent - JSON RPC DNS Rebinding
Blizzard Update Agent - JSON RPC DNS Rebinding All blizzard games are installed alongside a shared tool called "Blizzard Update Agent", investor.activision.com claims they have "500 million monthly active users", who presumably all have this utility installed. The agent utility creates an JSON RP...
Lenovo company to inform the user as soon as the uninstall containing the vulnerability the software update program-vulnerability warning-the black bar safety net
! Recently,LenovoLenovo, said in a statement,they found that:before the launch of the software update program in the presence of security vulnerabilities. Due to the vulnerability within a short time can not be timely repair,so the requirements of the user as soon as possible in their use,install...
Vulnerability in Microsoft Security Essentials <v4.2
Hi @ll, versions of Microsoft Security Essentials before the current v4.2 see https://support.microsoft.com/kb/2805304 have a vulnerability that could lead to execution of arbitrary code in the security context of the LocalSystem account almost like https://support.microsoft.com/kb/2781197 alias...
RedHat Security Advisory RHSA-2009:1584
The remote host is missing updates to OpenJDK announced in advisory RHSA-2009:1584. For the details on the issues addressed in this update, please visit the referenced security advisories. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues...
RedHat Security Advisory RHSA-2009:1522
The remote host is missing updates announced in advisory RHSA-2009:1522. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: multiple, missing initialization flaws were found in the Linux kernel. Padding data in...
RedHat Security Advisory RHSA-2009:1193
The remote host is missing updates to the Linux kernel announced in advisory RHSA-2009:1193. For details on the issues addressed in this update, please visit the referenced security advisories. Users should upgrade to these updated packages, which contain backported patches to correct these issue...
Trend Micro OfficeScan directory traversal
Directory traversal in update agent server part...
CVE-2008-1093
Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules...
Design/Logic Flaw
Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules...
CVE-2008-1093
The CVE-2008-1093 issue affects Acresso/Macrovision/InstallShield Update Agent (FLEXnet Connect) where Rule Scripts retrieved from GetRules.asp are not authenticated or encrypted, allowing a remote attacker to inject arbitrary VBScript and execute code on a vulnerable system. The root cause is in...
CVE-2008-1093
Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules...
InstallShield Update Agent - Downloads and executes "Rule Scripts" insecurely.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUMMARY InstallShield Update Agent - Remote "Rule Script" Code Execution Vulnerability. OVERVIEW InstallShield Update Agent uses insecure methods of retrieving operational script code from unauthenticated, unverified external sources over HTTP...