Lucene search
+L

43 matches found

Prion
Prion
added 2020/06/04 8:15 p.m.16 views

Design/Logic Flaw

The update feature for Pydio Cells 2.0.4 allows an administrator user to set a custom update URL and the public RSA key used to validate the downloaded update package. The update process involves downloading the updated binary file from a URL indicated in the update server response, validating it...

8.5CVSS7.3AI score0.0235EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2019/11/25 3:15 p.m.1 views

DEBIAN-CVE-2019-13678

Incorrect data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page...

6.5CVSS6.8AI score0.00729EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/08/02 7:0 p.m.18 views

CVE-2015-0839

The hp-plugin utility in HP Linux Imaging and Printing HPLIP makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin downloads...

8.1AI score0.06296EPSS
Exploits0References7
NVD
NVD
added 2014/10/25 10:55 a.m.16 views

CVE-2014-6611

The BlackBerry World app before 5.0.0.262 on BlackBerry 10 OS 10.2.0, before 5.0.0.263 on BlackBerry 10 OS 10.2.1, and before 5.1.0.53 on BlackBerry 10 OS 10.3.0 does not properly validate download/update requests, which allows user-assisted man-in-the-middle attackers to spoof servers and trigge...

4.3CVSS6.3AI score0.0099EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2009/03/03 12:0 a.m.37 views

Imera Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Who: Imerahttp://www.imera.com Imera TeamLinks Clienthttp://teamlinks.imera.com/install.html What: ImeraIEPlugin.dll Version 1.0.2.54 Dated 12/02/2008 75CC8584-86D4-4A50-B976-AA72618322C6 http://teamlinks.imera.com/ImeraIEPlugin.cab How: This control ...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2009/03/03 12:0 a.m.13 views

Imera ImeraIEPlugin - ActiveX Control Remote Code Execution

Imera ImeraIEPlugin - ActiveX Control Remote Code Execution Who: Imerahttp://www.imera.com Imera TeamLinks Clienthttp://teamlinks.imera.com/install.html What: ImeraIEPlugin.dll Version 1.0.2.54 Dated 12/02/2008 75CC8584-86D4-4A50-B976-AA72618322C6 http://teamlinks.imera.com/ImeraIEPlugin.cab How:...

0.5AI score
Exploits0
Prion
Prion
added 2009/01/20 4:30 p.m.22 views

Code injection

The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods...

9.3CVSS7.9AI score0.37721EPSS
Exploits9References4Affected Software1
Prion
Prion
added 2008/07/01 6:41 p.m.18 views

Input validation

Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.4 allows user-assisted remote attackers to execute arbitrary code via a 1 .xht or 2 .xhtm file, which does not trigger a "potentially unsafe" warning message in a the Download Validation feature in Mac OS X 10.4 or b th...

6.8CVSS7.5AI score0.02554EPSS
Exploits1References7Affected Software2
Cvelist
Cvelist
added 2008/07/01 6:0 p.m.26 views

CVE-2008-2309

Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.4 allows user-assisted remote attackers to execute arbitrary code via a 1 .xht or 2 .xhtm file, which does not trigger a "potentially unsafe" warning message in a the Download Validation feature in Mac OS X 10.4 or b th...

7.2AI score0.02554EPSS
Exploits1References7
Prion
Prion
added 2008/06/02 9:30 p.m.25 views

Input validation

Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an 1 Automator, 2 Help, 3 Safari, or 4 Terminal content type for a downloadable object, which does not trigger a "potentially unsafe" warning message...

6.8CVSS7.5AI score0.04193EPSS
Exploits1References8Affected Software2
CVE
CVE
added 2008/06/02 2:0 p.m.70 views

CVE-2008-1032

Technical details about CVE-2008-1032 are not publicly available in the provided connected documents; monitor for updates.

6.8CVSS7.2AI score0.04193EPSS
Exploits1References8Affected Software2
Prion
Prion
added 2006/08/05 1:4 a.m.18 views

Input validation

The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types...

5.1CVSS7.8AI score0.54099EPSS
Exploits4References8Affected Software2
NVD
NVD
added 2006/08/05 1:4 a.m.29 views

CVE-2006-0395

The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types...

5.1CVSS7.4AI score0.54099EPSS
Exploits4References8
CVE
CVE
added 2006/08/05 1:0 a.m.60 views

CVE-2006-0395

CVE-2006-0395 describes a vulnerability in Mail.app on Apple Mac OS X where Download Validation for attachments fails to recognize unsafe types. This allows user-assisted remote attackers to trigger arbitrary code execution via crafted attachments (AppleDouble/resource fork scenarios). The issue ...

5.1CVSS7.5AI score0.54099EPSS
Exploits4References8Affected Software2
Cvelist
Cvelist
added 2006/08/05 1:0 a.m.30 views

CVE-2006-0395

The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types...

7.4AI score0.54099EPSS
Exploits4References8
NVD
NVD
added 2006/08/03 1:4 a.m.18 views

CVE-2006-3504

The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "safe", which could allow attackers to execute Javascript code in local context when the "Open 'safe' files after downloading" option is enabled in Safari...

5.1CVSS6.3AI score0.01491EPSS
Exploits1References7
Cvelist
Cvelist
added 2006/08/03 1:0 a.m.22 views

CVE-2006-3504

The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "safe", which could allow attackers to execute Javascript code in local context when the "Open 'safe' files after downloading" option is enabled in Safari...

6.3AI score0.01491EPSS
Exploits1References7
CVE
CVE
added 2006/08/03 1:0 a.m.56 views

CVE-2006-3504

CVE-2006-3504 affects Apple Mac OS X 10.4.7 where LaunchServices’ Download Validation can misclassify HTML as “safe.” If Safari’s “Open ‘safe’ files after downloading” is enabled, a downloaded HTML file could auto-open in a local context and allow embedded JavaScript to bypass local access restri...

5.1CVSS6.3AI score0.01491EPSS
Exploits1References7Affected Software2
Prion
Prion
added 2006/05/12 9:2 p.m.17 views

Open redirect

LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cause Safari to launch unsafe content via long file name extensions, which prevents Download Validation from determining which application will be used to open the file...

5CVSS6.3AI score0.03071EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2006/05/12 9:2 p.m.15 views

CVE-2006-1447

LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cause Safari to launch unsafe content via long file name extensions, which prevents Download Validation from determining which application will be used to open the file...

5CVSS6AI score0.03071EPSS
Exploits0References8
Rows per page
Query Builder