1942 matches found
CVE-2007-4040
Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command...
CVE-2007-4041
Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte %00 and shell metacharacters in a 1 mailto, 2 nntp, 3 news, 4 snews, or 5 telnet URI, a similar issue to CVE-2007-3670...
CVE-2007-4042
Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte %00 and shell metacharacters in a 1 mailto, 2 nntp, 3 news, 4 snews, or 5 telnet URI, a similar issue to CVE-2007-3670...
CVE-2007-4038
Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, when running on systems with Thunderbird 1.5 installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which...
CVE-2007-4039
Technical details for CVE-2007-4039 are not publicly provided in the connected documents. The initial description is the only source with general impact; monitor for updates from official advisories or vendor disclosures.
CVE-2007-4040
Technical details for CVE-2007-4040 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.
CVE-2007-3954
Technical details for CVE-2007-3954 are not publicly available in the provided connected documents. The materials do not specify affected products, versions, impact, exploit status, or remediation. Monitor for updates and rely on official advisories for precise information.
CVE-2007-3954
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are...
Cross site scripting
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the...
Cross site scripting
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a 1 FirefoxURL or 2 FirefoxHTM...
Design/Logic Flaw
Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames...
CVE-2007-1474
Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames...
CVE-2007-1474
CVE-2007-1474 affects Horde Project Horde and IMP prior to Horde Application Framework 3.1.4. The vulnerability is an argument injection flaw in the cleanup cron script that can let local users delete arbitrary files and potentially gain privileges by supplying multiple space-delimited pathnames....
Design/Logic Flaw
Argument injection vulnerability in the telnet daemon in.telnetd in Solaris 10 and 11 SunOS 5.10 and 5.11 misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the...
CVE-2007-0882
CVE-2007-0882 affects Sun Solaris in.telnetd (Solaris 10/11, SunOS 5.10/5.11). The vulnerability is an argument-injection flaw that misinterprets certain client "-f" sequences as login requests, enabling remote login bypass (e.g., to bin account) without authentication. Public exploit indications...
PT-2007-2324
Name of the Vulnerable Software and Affected Versions: Solaris versions 10 and 11 Description: The issue concerns an argument injection vulnerability in the telnet daemon, where certain client sequences are misinterpreted as valid requests to skip authentication. This allows remote attackers to l...
CVE-2006-6597
Argument injection vulnerability in HyperAccess 8.4 allows user-assisted remote attackers to execute arbitrary vbscript and commands via the /r option in a telnet:// URI, which is configured to use hawin32.exe...
CVE-2006-6597
CVE-2006-6597 affects HyperAccess 8.4. An argument-injection vulnerability lets user-assisted remote attackers run arbitrary vbscript and commands via the /r option in a telnet:// URI configured to use hawin32.exe. The NVD entry assigns a CVSSv2 base score of 6.8 (Network, Medium complexity, no a...
KLA11446 SB vulnerability in WinSCP
Argument injection vulnerability was found in WinSCP. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories Older Versions Related products WinSCP CVE list CVE-2006-3015 high Solution Update to the latest version Download WinSCP Impacts SB Security...
Design/Logic Flaw
Argument injection vulnerability in the URI handler in Skype 2.0..104 and 2.5..0 through 2.5..78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches...