233 matches found
Configuration Update Manager - Moderately critical - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2017-091
The Configuration Update Reports sub-module in the Configuration Update module project enables you to run reports to see what configuration on your site differs from the configuration distributed by a module, theme, or installation profile, and to revert, delete, or import configuration. This...
The vulnerability of the Avira Management Console allows a hacker to execute arbitrary code.
The vulnerability of the Update Manager service in the Avira Management Console relates to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
Avira Management Console Server HTTP Header Processing Heap Buffer Overflow
A heap buffer overflow vulnerability has been reported in Avira Management Console Server. The vulnerability exists in the way Update Manager Service handles overly long HTTP headers. A remote unauthenticated attacker could exploit this vulnerability by sending crafted HTTP requests to the server...
Avira Management Console Memory Misreference Vulnerability
Avira Management Console provides centralized and effective control of Avira security components. A memory misreference vulnerability exists in the Avira Management Console's Update Manager service, which can be exploited by a remote attacker to execute arbitrary code...
CVE-2015-7303
Use-after-free vulnerability in the Update Manager service in Avira Management Console allows remote attackers to execute arbitrary code via a large header...
Design/Logic Flaw
Use-after-free vulnerability in the Update Manager service in Avira Management Console allows remote attackers to execute arbitrary code via a large header...
CVE-2015-7303
Use-after-free vulnerability in the Update Manager service in Avira Management Console allows remote attackers to execute arbitrary code via a large header...
CVE-2015-7303
CVE-2015-7303 is a use-after-free in Avira Management Console's Update Manager service. By sending oversized HTTP headers, remote attackers can trigger memory reuse and execute arbitrary code, potentially with SYSTEM privileges; authentication is not required per ZDI-15-445. Multiple entries (NVD...
(0Day) Avira Management Console Update Manager Service HTTP Header Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Avira Management Console. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP headers by the Update Manager service. By sending overly...
VMWare Update Manager 4 Directory Traversal
This modules exploits a directory traversal vulnerability in VMWare Update Manager on port 9084. Versions affected by this vulnerability: vCenter Update Manager 4.1 prior to Update 2, vCenter Update Manager 4 Update 4. This module requires Metasploit: https://metasploit.com/download Current sourc...
VMware vSphere Update Manager Java Vulnerability (VMSA-2015-0003)
The version of VMware vSphere Update Manager installed on the remote Windows host is 5.0 prior to Update 3d, 5.1 prior to Update 3a, 5.5 prior to Update 2e, or 6.0 prior to 6.0.0a. It is, therefore, affected by a vulnerability related to the bundled version of Oracle JRE prior to 1.7.076. A flaw...
VMware vCenter Update Manager Multiple Java Vulnerabilities (VMSA-2014-0012)
The version of VMware vCenter Update Manager installed on the remote Windows host is 5.1 prior to Update 3. It is, therefore, affected by multiple vulnerabilities related to the bundled version of Oracle JRE prior to 1.6.081. C Tenable Network Security, Inc. include"compat.inc"; if description...
[security bulletin] HPSBMU03043 rev.1 - HP Smart Update Manager for Windows and Linux, Local Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04302476 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04302476 Version: 1 HPSBMU03043 rev....
CVE-2014-2608
Unspecified vulnerability in HP Smart Update Manager 6.x before 6.4.1 on Windows, and 6.2.x through 6.4.x before 6.4.1 on Linux, allows local users to obtain sensitive information, and consequently gain privileges, via unknown vectors...
Design/Logic Flaw
Unspecified vulnerability in HP Smart Update Manager 6.x before 6.4.1 on Windows, and 6.2.x through 6.4.x before 6.4.1 on Linux, allows local users to obtain sensitive information, and consequently gain privileges, via unknown vectors...
CVE-2014-2608
Unspecified vulnerability in HP Smart Update Manager 6.x before 6.4.1 on Windows, and 6.2.x through 6.4.x before 6.4.1 on Linux, allows local users to obtain sensitive information, and consequently gain privileges, via unknown vectors...
CVE-2014-2608
HP Smart Update Manager (SUM) for Windows (6.x, fixed in 6.4.1) and Linux (6.2.x–6.4.x, fixed in 6.4.1) is affected by CVE-2014-2608. The issue enables local disclosure of information and potential privilege escalation via unknown vectors. HP’s Security Bulletin HPSBMU03043 rev.1 notes the affect...
CVE-2014-2608
Unspecified vulnerability in HP Smart Update Manager 6.x before 6.4.1 on Windows, and 6.2.x through 6.4.x before 6.4.1 on Linux, allows local users to obtain sensitive information, and consequently gain privileges, via unknown vectors...
VMware vCenter Update Manager Multiple Java Vulnerabilities (VMSA-2014-0008)
The version of VMware vCenter Update Manager installed on the remote Windows host is 5.5 prior to Update 2. It is, therefore, affected by multiple vulnerabilities related to the bundled version of Oracle JRE prior to 1.7.055. C Tenable Network Security, Inc. include"compat.inc"; if description...
HP Smart Update Manager Detection
Binary data hpsumdetect.nbin...