144 matches found
OpenSSH < 3.6.1p2 Multiple Vulnerabilities
According to its banner, the version of OpenSSH running on the remote host is ealier than 3.6.1p2. When compiled for the AIX operating system with a compiler other than that of the native AIX compiler, an error exists that can allow dynamic libraries in the current directory to be loaded before...
GTK+ may insecurely load dynamic libraries
Overview GTK+ may use unsafe methods for determining how to load DLLs. GTK+ is a toolkit for developing applications with GUIs. GTK+ contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Naoto Katsumi of LAC Co., Ltd. reported this vulnerability to IP...
JVN#58019849: GTK+ may insecurely load dynamic libraries
GTK+ is a toolkit for developing applications with GUIs. GTK+ contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Impact In an application that uses GTK+, arbitrary code may be executed with the privilege of that application. Solution Solution for...
Java Web Start may insecurely load dynamic libraries
Overview Java Web Start provided Oracle may use unsafe methods for determining how to load DLLs. Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE Java Runtime Environment Java Web Start contains an issue with the DLL search path...
JVN#18680611: Java Web Start may insecurely load dynamic libraries
Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE Java Runtime Environment Java Web Start contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Impact An attacker may execute arbitrar...
Lunascape may insecurely load dynamic libraries
Overview Lunascape may use unsafe methods for determining how to load DLLs. Lunascape is a web browser. Lunascape loads certain DLL's when HTML files are opened. Lunascape contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Makoto Shiotsuki reported...
GVim may insecurely load dynamic libraries
Overview GVim may use unsafe methods for determining how to load DLLs. GVim is a text editor. GVim loads certain DLL's when TXT files are opened. GVim contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Makoto Shiotsuki reported this vulnerability t...
JVN#27868039: GVim may insecurely load dynamic libraries
GVim is a text editor. GVim loads certain DLL's when TXT files are opened. GVim contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Impact An attacker may execute arbitrary code with the privilege of running the application. Solution Update the...
Sleipnir and Grani may insecurely load dynamic libraries
Overview Sleipnir and Grani may use unsafe methods for determining how to load DLLs. Sleipnir and Grani provided by Fenrir are web browsers. Sleipnir and Grani loads certain DLL's when HTML files are opened. Sleipnir and Grani contain an issue with the DLL search path, which may lead to insecurel...
JVN#50610528: Sleipnir and Grani may insecurely load dynamic libraries
Sleipnir and Grani provided by Fenrir are web browsers. Sleipnir and Grani loads certain DLL's when HTML files are opened. Sleipnir and Grani contain an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Impact An attacker may execute arbitrary code with the...
JVN#48097065: TeraPad may insecurely load dynamic libraries
TeraPad is a text editor. TeraPad loads certain DLL's when TXT files are opened. TeraPad contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Impact An attacker may execute arbitrary code with the privilege of running the application. Solution Update...
Lhaplus may insecurely load dynamic libraries
Overview Lhaplus may use unsafe methods for determining how to load DLLs. Lhaplus is a file compression/extraction software supporting multiple file formats. Lhaplus loads certain DLL's when files are extracted. Lhaplus contains an issue with the DLL search path, which may lead to insecurely...
JVN#82752978: Lhaplus may insecurely load dynamic libraries
Lhaplus is a file compression/extraction software supporting multiple file formats. Lhaplus loads certain DLL's when files are extracted. Lhaplus contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Impact An attacker may execute arbitrary code with...
Qt Creator code execution
Dynamic libraries are loaded with relative path...
US-CERT Technical Cyber Security Alert TA10-238A -- Microsoft Windows Insecurely Loads Dynamic Libraries
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA10-238A Microsoft Windows Insecurely Loads Dynamic Libraries Original release date: August 26, 2010 Last revised: -- Source: US-CERT Systems Affected Any application running on the Microsoft...
Novell Privileged User Manager code execution
It's possible to load dynamic libraries including ones from network shares by user's request...
Apple MacOS X Xcode OpenBase SQL privilege escalation
On executing tar from suid root application TAROPTIONS environment variable is not unset, making it possible to execute any application with root privileges. External application are executed with relative path. Dynamic libraries are loaded with relative path. Symbolic links problem...
Design/Logic Flaw
The bundle API in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 loads dynamic libraries even if the client application has not directly requested it, which allows attackers to execute arbitrary code from an untrusted bundle...
CVE-2006-1442
The bundle API in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 loads dynamic libraries even if the client application has not directly requested it, which allows attackers to execute arbitrary code from an untrusted bundle...
CVE-2006-1442
The bundle API in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 loads dynamic libraries even if the client application has not directly requested it, which allows attackers to execute arbitrary code from an untrusted bundle...