43 matches found
Design/Logic Flaw
The update feature for Pydio Cells 2.0.4 allows an administrator user to set a custom update URL and the public RSA key used to validate the downloaded update package. The update process involves downloading the updated binary file from a URL indicated in the update server response, validating it...
DEBIAN-CVE-2019-13678
Incorrect data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page...
CVE-2015-0839
The hp-plugin utility in HP Linux Imaging and Printing HPLIP makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin downloads...
CVE-2014-6611
The BlackBerry World app before 5.0.0.262 on BlackBerry 10 OS 10.2.0, before 5.0.0.263 on BlackBerry 10 OS 10.2.1, and before 5.1.0.53 on BlackBerry 10 OS 10.3.0 does not properly validate download/update requests, which allows user-assisted man-in-the-middle attackers to spoof servers and trigge...
Imera Code Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Who: Imerahttp://www.imera.com Imera TeamLinks Clienthttp://teamlinks.imera.com/install.html What: ImeraIEPlugin.dll Version 1.0.2.54 Dated 12/02/2008 75CC8584-86D4-4A50-B976-AA72618322C6 http://teamlinks.imera.com/ImeraIEPlugin.cab How: This control ...
Imera ImeraIEPlugin - ActiveX Control Remote Code Execution
Imera ImeraIEPlugin - ActiveX Control Remote Code Execution Who: Imerahttp://www.imera.com Imera TeamLinks Clienthttp://teamlinks.imera.com/install.html What: ImeraIEPlugin.dll Version 1.0.2.54 Dated 12/02/2008 75CC8584-86D4-4A50-B976-AA72618322C6 http://teamlinks.imera.com/ImeraIEPlugin.cab How:...
Code injection
The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods...
Input validation
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.4 allows user-assisted remote attackers to execute arbitrary code via a 1 .xht or 2 .xhtm file, which does not trigger a "potentially unsafe" warning message in a the Download Validation feature in Mac OS X 10.4 or b th...
CVE-2008-2309
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.4 allows user-assisted remote attackers to execute arbitrary code via a 1 .xht or 2 .xhtm file, which does not trigger a "potentially unsafe" warning message in a the Download Validation feature in Mac OS X 10.4 or b th...
Input validation
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an 1 Automator, 2 Help, 3 Safari, or 4 Terminal content type for a downloadable object, which does not trigger a "potentially unsafe" warning message...
CVE-2008-1032
Technical details about CVE-2008-1032 are not publicly available in the provided connected documents; monitor for updates.
Input validation
The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types...
CVE-2006-0395
The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types...
CVE-2006-0395
CVE-2006-0395 describes a vulnerability in Mail.app on Apple Mac OS X where Download Validation for attachments fails to recognize unsafe types. This allows user-assisted remote attackers to trigger arbitrary code execution via crafted attachments (AppleDouble/resource fork scenarios). The issue ...
CVE-2006-0395
The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types...
CVE-2006-3504
The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "safe", which could allow attackers to execute Javascript code in local context when the "Open 'safe' files after downloading" option is enabled in Safari...
CVE-2006-3504
The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "safe", which could allow attackers to execute Javascript code in local context when the "Open 'safe' files after downloading" option is enabled in Safari...
CVE-2006-3504
CVE-2006-3504 affects Apple Mac OS X 10.4.7 where LaunchServices’ Download Validation can misclassify HTML as “safe.” If Safari’s “Open ‘safe’ files after downloading” is enabled, a downloaded HTML file could auto-open in a local context and allow embedded JavaScript to bypass local access restri...
Open redirect
LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cause Safari to launch unsafe content via long file name extensions, which prevents Download Validation from determining which application will be used to open the file...
CVE-2006-1447
LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cause Safari to launch unsafe content via long file name extensions, which prevents Download Validation from determining which application will be used to open the file...