7963 matches found
CVE-2006-2057
The CVE-2006-2057 issue affects Mozilla Firefox 1.0.6. It describes an argument injection vulnerability where user-assisted attackers could alter command line arguments of an invoked mail client via double-quote characters in a mailto: handler, demonstrated by launching Outlook with an arbitrary ...
CVE-2006-2058
The CVE describes an argument-injection vulnerability in Avant Browser 10.1 Build 17 where user-supplied input in a mailto: link can modify the command line arguments passed to an invoked mail client (e.g., launching Outlook with a crafted filename attachment). The issue is triggered by untrusted...
CVE-2006-2055
Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " double quote characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as a...
CVE-2006-2056
Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " double quote characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary...
CVE-2006-2056
CVE-2006-2056 affects Internet Explorer 6 on Windows XP SP2. The vuln is an argument-injection flaw where an attacker can influence command line arguments passed to a launched mail client via double-quote characters in a mailto: handler, demonstrated by starting Outlook with an arbitrary attachme...
beagle insecure command line construction
CESA-2006-002 - rev 1 See all my vulnerabilities at http://scary.beasts.org/security beagle insecure command line construction Programs affected: beagle-0.2.4 and older. Severity: Command line argument injection to helper applications. Fixed: beagle-0.2.5 CVE identifiers: CVE-2006-1865 beagle is ...
PT-2006-3037 · Microsoft · Outlook +2
Name of the Vulnerable Software and Affected Versions: Internet Explorer 6 for Windows XP SP2 Description: The issue allows remote attackers to modify command line arguments to an invoked mail client via " double quote characters in a mailto: scheme handler. This can be demonstrated by launching...
Multiple CiscoWorks Wireless LAN LAN Solution Engine / Cisco User Registration Tool / Cisco Hosting Solution Engine security vulnerabilities
Crossite scripting, command line escape...
Sniffit 0.3.7 FOR NT installation and examples-vulnerabilities-warning-the black bar safety net
Sniffit 0.3.7 launched the NT version, also support WINDOWS2000, I want to hurry to try, because I A friend wanted to install Netxray 3. 0 3 in WIN2K 2000BETA3 equipped not, is probably not supported by WIN2K. So see SNIFFIT NT version I this morning to pull it down. This sniffit need WinPcap...
CVE-2005-4761
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier log the Java command line at server startup, which might include sensitive information passwords or keyphrases in the server log file when the -D option is used...
[SECURITY] [DSA 1012-1] New unzip packages fix arbitrary code execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 1012-1 [email protected] http://www.debian.org/security/ Martin Schulze March 21st, 2006 http://www.debian.org/security/faq -...
CVE-2006-0745
X.Org server xorg-server 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and 1 execute arbitrary code via the -modulepath command line optio...
DSA-1012-1 unzip - buffer overflow
Bulletin has no description...
Fedora Core 5 : xorg-x11-server-1.0.1-9 (2006-172)
Coverity scanned the X.Org source code for problems and reported their findings to the X.Org development team. Upon analysis, Alan Coopersmith, a member of the X.Org development team, noticed a couple of serious security issues in the findings. In particular, the Xorg server can be exploited for...
CVE-2006-1269
Buffer overflow in the parse function in parse.c in zoo 2.10 might allow local users to execute arbitrary code via long filename command line arguments, which are not properly handled during archive creation. NOTE: since this issue is local and not setuid, the set of attack scenarios is limited,...
Buffer overflow
Buffer overflow in the parse function in parse.c in zoo 2.10 might allow local users to execute arbitrary code via long filename command line arguments, which are not properly handled during archive creation. NOTE: since this issue is local and not setuid, the set of attack scenarios is limited,...
Ubuntu 4.10 / 5.04 / 5.10 : imagemagick vulnerabilities (USN-246-1)
Florian Weimer discovered that the delegate code did not correctly handle file names which embed shell commands CVE-2005-4601. Daniel Kobras found a format string vulnerability in the SetImageInfo function CVE-2006-0082. By tricking a user into processing an image file with a specially crafted fi...
Firebird 1.5 - Inet_Server Local Buffer Overflow
Firebird 1.5 - InetServer Local Buffer Overflow source: https://www.securityfocus.com/bid/17077/info Firebird is susceptible to a local buffer-overflow vulnerability. This issue is due to the application's failure to properly check boundaries of user-supplied command-line argument data before...
Analysis from Autorun. inf file of the attack-vulnerability warning-the black bar safety net
Recently the popular online via the AutoRun. inf file so that the each other all the hard drive completely shared, or in the Trojan horse method, since the AutoRun. inf files in hack technology the application is still very rare, the corresponding data is not much, there are a lot of people feel...
Buffer overflow
Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via 1 a long command line argument and 2 a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the...