JVN#04665167: XacRett may insecurely load executable files

XacRett is a file extraction software that supports many file formats. XacRett loads certain executables .exe when extracting files. XacRett contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privilege of...

JVN#36921800: K2Editor may insecurely load executable files

K2Editor is a text editor. K2Editor loads certain executables .exe when opening the folder that contains the text file that is being edited. K2Editor contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privileg...

JVN#88850043: Lhasa may insecurely load executable files

Lhasa is a file extraction software that supports LZH and ZIP formats. Lhasa loads certain executables .exe when extracting files. Lhasa contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privilege of running...

Executables, Other Files Can Be Used in Attacks Similar to DLL-Hijacking

There are a number of other file types that can be used in the same kind of attacks that have been used in the DLL-hijacking exploit in recent weeks. Experts say that executable files, Windows INI files and some other file types can be used in these same attacks. The attack scenario would be...

Shadowserver Starts Free Binary-Checking Service

A non-profit group that tracks malicious activity online has just started a new free service that enables users to check executable files against a database of known good applications and to help determine whether a given file is malicious. The service, offered by the Shadowserver Foundation, is ...

Code injection

index.php in Yamamah Photo Gallery 1.00 allows remote attackers to obtain the source code of executable files within the web document root via the download parameter...

CVE-2010-2336

index.php in Yamamah Photo Gallery 1.00 allows remote attackers to obtain the source code of executable files within the web document root via the download parameter...

CVE-2008-4389

Symantec AppStream 5.2.x and Symantec Workspace Streaming SWS 6.1.x before 6.1 SP4 do not properly perform authentication, which allows remote Workspace Streaming servers and man-in-the-middle attackers to download arbitrary executable files onto a client system, and execute these files, via...

Authentication flaw

Symantec AppStream 5.2.x and Symantec Workspace Streaming SWS 6.1.x before 6.1 SP4 do not properly perform authentication, which allows remote Workspace Streaming servers and man-in-the-middle attackers to download arbitrary executable files onto a client system, and execute these files, via...

CVE-2008-4389

Symantec AppStream 5.2.x and Symantec Workspace Streaming SWS 6.1.x before 6.1 SP4 do not properly perform authentication, which allows remote Workspace Streaming servers and man-in-the-middle attackers to download arbitrary executable files onto a client system, and execute these files, via...

List executable and writable-executable Files, list path variable

List executable and writable-executable files, list path variable over an SSH Connection. Check for executable Files outside /usr/local/bin:/usr/bin:/bin:/usr/bin/X11: /usr/games:/sbin:/usr/sbin:/usr/local/sbin:, check for user write permission on valid executables. SPDX-FileCopyrightText: 2010...

SMB Remote Disk Scanning for Executable Files

Malware is a software designed to infiltrate or damage a computer system without the owner's informed consent. It is a general name for a variety of forms of hostile, intrusive, or annoying programs like Viruses, worms, Adware, Trojans, and spyware that exploit unprotected clients, using network...

[DSecRG-09-053] VMware Remoute Console - format string

Digital Security Research Group DSecRG Advisory DSECRG-09-053 Application: VMware Remoute Console Version: e.x.p build-158248 Vendor URL: http://vmware.com Bugs: Format String Vulnerabilitys Exploits: YES PoC Reported: 07.08.2009 Vendor response: 13.08.2009 Date of Public Advisory: 09.04.2010 CVE...

JustSystems Ichitaro Products 'RTF' Buffer Overflow Vulnerability

This host is installed with JustSystems Ichitaro products and is prone to buffer overflow vulnerability. OpenVAS Vulnerability Test $Id: secpodjustsystemsichitaroprdtsbofvuln.nasl 6515 2017-07-04 11:54:15Z cfischer $ JustSystems Ichitaro Products 'RTF' Buffer Overflow Vulnerability Authors: Madhu...

Mozilla Firefox and SeaMonkey Download Filename Spoofing Vulnerability

CVE:CVE-2009-3376 Mozilla Firefox and SeaMonkey are prone to a spoofing vulnerability. Attackers can exploit this issue to spoof the filenames displayed in the download dialog box and trick a user into downloading executable files. NOTE: This issue was previously covered in BID 36843 Mozilla...

[SECURITY] [DSA 2006-1] New sudo packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-2006-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano March 02, 2010 http://www.debian.org/security/faq -...

DSA-2006-1 sudo - several vulnerabilities

Bulletin has no description...

CVE-2010-0426

sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by...

Panda Global Protection / Panda Internet Security weak security permissions

Weak permissions for executable files...

Rising Multiple Products Local Privilege Escalation Vulnerability

ShineShadow Security Report 28102009-13 TITLE Rising Multiple Products Local Privilege Escalation Vulnerability BACKGROUND RISING has introduced a variety of operating system based antivirus software, firewall software and enterprise antivirus wall, firewall, network security warning system and...