Lucene search
+L

1942 matches found

Cvelist
Cvelist
added 2007/07/27 10:0 p.m.27 views

CVE-2007-4040

Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command...

9.2AI score0.13472EPSS
Exploits0References2
Cvelist
Cvelist
added 2007/07/27 10:0 p.m.27 views

CVE-2007-4041

Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte %00 and shell metacharacters in a 1 mailto, 2 nntp, 3 news, 4 snews, or 5 telnet URI, a similar issue to CVE-2007-3670...

9.7AI score0.19655EPSS
Exploits0References6
Cvelist
Cvelist
added 2007/07/27 10:0 p.m.26 views

CVE-2007-4042

Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte %00 and shell metacharacters in a 1 mailto, 2 nntp, 3 news, 4 snews, or 5 telnet URI, a similar issue to CVE-2007-3670...

9.6AI score0.10324EPSS
Exploits0References2
Cvelist
Cvelist
added 2007/07/27 10:0 p.m.34 views

CVE-2007-4038

Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, when running on systems with Thunderbird 1.5 installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which...

9.2AI score0.01112EPSS
Exploits0References4
CVE
CVE
added 2007/07/27 10:0 p.m.67 views

CVE-2007-4039

Technical details for CVE-2007-4039 are not publicly provided in the connected documents. The initial description is the only source with general impact; monitor for updates from official advisories or vendor disclosures.

9.8CVSS8.2AI score0.02014EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2007/07/27 10:0 p.m.65 views

CVE-2007-4040

Technical details for CVE-2007-4040 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.

8.8CVSS8.1AI score0.13472EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2007/07/24 5:0 p.m.63 views

CVE-2007-3954

Technical details for CVE-2007-3954 are not publicly available in the provided connected documents. The materials do not specify affected products, versions, impact, exploit status, or remediation. Monitor for updates and rely on official advisories for precise information.

4.3CVSS8AI score0.29355EPSS
Exploits3References2Affected Software2
Cvelist
Cvelist
added 2007/07/24 5:0 p.m.24 views

CVE-2007-3954

Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are...

9.2AI score0.29355EPSS
Exploits3References2
Prion
Prion
added 2007/07/21 12:30 a.m.24 views

Cross site scripting

Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the...

9.3CVSS8.6AI score0.29355EPSS
Exploits3References2Affected Software1
Prion
Prion
added 2007/07/10 7:30 p.m.21 views

Cross site scripting

Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a 1 FirefoxURL or 2 FirefoxHTM...

4.3CVSS8.4AI score0.29355EPSS
Exploits3References39Affected Software1
Prion
Prion
added 2007/03/16 9:19 p.m.25 views

Design/Logic Flaw

Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames...

6.8CVSS6.9AI score0.04946EPSS
Exploits0References9Affected Software2
UbuntuCve
UbuntuCve
added 2007/03/16 9:19 p.m.35 views

CVE-2007-1474

Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames...

6.8CVSS6AI score0.04946EPSS
Exploits0References1
CVE
CVE
added 2007/03/16 9:0 p.m.64 views

CVE-2007-1474

CVE-2007-1474 affects Horde Project Horde and IMP prior to Horde Application Framework 3.1.4. The vulnerability is an argument injection flaw in the cleanup cron script that can let local users delete arbitrary files and potentially gain privileges by supplying multiple space-delimited pathnames....

6.8CVSS6.7AI score0.04946EPSS
Exploits0References9Affected Software2
Prion
Prion
added 2007/02/12 8:28 p.m.32 views

Design/Logic Flaw

Argument injection vulnerability in the telnet daemon in.telnetd in Solaris 10 and 11 SunOS 5.10 and 5.11 misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the...

10CVSS6.9AI score0.97848EPSS
Exploits13References19Affected Software2
CVE
CVE
added 2007/02/12 8:0 p.m.161 views

CVE-2007-0882

CVE-2007-0882 affects Sun Solaris in.telnetd (Solaris 10/11, SunOS 5.10/5.11). The vulnerability is an argument-injection flaw that misinterprets certain client "-f" sequences as login requests, enabling remote login bypass (e.g., to bin account) without authentication. Public exploit indications...

10CVSS6.6AI score0.97848EPSS
Exploits13References19Affected Software2
Positive Technologies
Positive Technologies
added 2007/02/12 12:0 a.m.2 views

PT-2007-2324

Name of the Vulnerable Software and Affected Versions: Solaris versions 10 and 11 Description: The issue concerns an argument injection vulnerability in the telnet daemon, where certain client sequences are misinterpreted as valid requests to skip authentication. This allows remote attackers to l...

10CVSS5.3AI score0.97848EPSS
Exploits13References26
NVD
NVD
added 2006/12/15 10:28 p.m.21 views

CVE-2006-6597

Argument injection vulnerability in HyperAccess 8.4 allows user-assisted remote attackers to execute arbitrary vbscript and commands via the /r option in a telnet:// URI, which is configured to use hawin32.exe...

6.8CVSS7.8AI score0.02606EPSS
Exploits0References5
CVE
CVE
added 2006/12/15 10:0 p.m.59 views

CVE-2006-6597

CVE-2006-6597 affects HyperAccess 8.4. An argument-injection vulnerability lets user-assisted remote attackers run arbitrary vbscript and commands via the /r option in a telnet:// URI configured to use hawin32.exe. The NVD entry assigns a CVSSv2 base score of 6.8 (Network, Medium complexity, no a...

6.8CVSS8.1AI score0.02606EPSS
Exploits0References5Affected Software1
Kaspersky
Kaspersky
added 2006/06/14 12:0 a.m.29 views

KLA11446 SB vulnerability in WinSCP

Argument injection vulnerability was found in WinSCP. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories Older Versions Related products WinSCP CVE list CVE-2006-3015 high Solution Update to the latest version Download WinSCP Impacts SB Security...

7.1CVSS6.8AI score0.06453EPSS
Exploits1References3
Prion
Prion
added 2006/05/19 9:2 p.m.18 views

Design/Logic Flaw

Argument injection vulnerability in the URI handler in Skype 2.0..104 and 2.5..0 through 2.5..78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches...

2.6CVSS7.2AI score0.04149EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder