7963 matches found
CVE-2006-2312
Argument injection vulnerability in the URI handler in Skype 2.0..104 and 2.5..0 through 2.5..78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches...
CVE-2006-2465
Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary code via a long command line argument. NOTE: if mp3info is not installed setuid or setgid in any reasonable context, then this issue might not be a vulnerability...
DEBIAN-CVE-2006-2465
Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary code via a long command line argument. NOTE: if mp3info is not installed setuid or setgid in any reasonable context, then this issue might not be a vulnerability...
CVE-2006-2465
CVE-2006-2465 refers to a buffer overflow in MP3Info (notably versions around 0.8.4/0.8.5) that can be triggered by a long command-line argument. Several connected sources document a stack/SEH-based overflow and demonstrate that crafted input may lead to arbitrary code execution, highlighting loc...
CVE-2006-2465
Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary code via a long command line argument. NOTE: if mp3info is not installed setuid or setgid in any reasonable context, then this issue might not be a vulnerability...
FreeBSD : opera -- command line URL shell command injection (dfc1daa8-61de-11da-b64c-0001020eed82)
An Opera Advisory reports : Opera for UNIX uses a wrapper shell script to start up Opera. This shell script reads the input arguments, like the file names or URLs that Opera is to open. It also performs some environment checks, for example whether Java is available and if so, where it is located...
FreeBSD : firefox & mozilla -- command line URL shell command injection (2e28cefb-2aee-11da-a263-0001020eed82)
A Secunia Advisory reports : Peter Zelezny has discovered a vulnerability in Firefox, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the shell script used to launch Firefox parsing shell commands that are enclosed within backticks in t...
Format string
Multiple format string vulnerabilities in xiTK xitk/main.c in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack...
CVE-2006-2230
Multiple format string vulnerabilities in xiTK xitk/main.c in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack...
CVE-2006-2230
Multiple format string vulnerabilities in xiTK xitk/main.c in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack...
CVE-2006-2230
Multiple format string vulnerabilities in xiTK xitk/main.c in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack...
CVE-2006-2230
CVE-2006-2230 affects xine-ui (the xine viewer UI) and is described as multiple format string vulnerabilities in xiTK/main.c of xine 0.99.4 that can cause a denial of service via a filename argument. Public references in Debian and OpenVAS advisories confirm a format-string issue exploitable loca...
Design/Logic Flaw
Argument injection vulnerability in Avant Browser 10.1 Build 17 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " double quote characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as ...
Design/Logic Flaw
Argument injection vulnerability in Mozilla Firefox 1.0.6 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " double quote characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an...
Design/Logic Flaw
Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " double quote characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary...
CVE-2006-2057
Argument injection vulnerability in Mozilla Firefox 1.0.6 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " double quote characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an...
Design/Logic Flaw
Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " double quote characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as a...
CVE-2006-2058
Argument injection vulnerability in Avant Browser 10.1 Build 17 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " double quote characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as ...
CVE-2006-2043
na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local users to gain Unix shell access via "" backtick characters in the appliance's command line interface CLI...
CVE-2006-2058
Argument injection vulnerability in Avant Browser 10.1 Build 17 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " double quote characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as ...