JVN#68536660: Archive Decoder may insecurely load executable files

Archive Decoder is a file extraction software that supports multiple file formats. Archive Decoder loads certain executables .exe when extracting files. Archive Decoder contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary cod...

JVN#85599999: Explzh may insecurely load executable files

Explzh is a file compression/extraction software supporting multiple file formats. Explzh loads certain executables .exe when extracting files. Explzh contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privile...

Design/Logic Flaw

Untrusted search path vulnerability in XacRett before 50 allows attackers to execute arbitrary code via a Trojan horse executable file, related to the explorer.exe filename and use of Windows Explorer...

XSS in gopher parser when parsing hrefs — Mozilla

Google security researcher Robert Swiecki reported that functions used by the Gopher parser to convert text to HTML tags could be exploited to turn text into executable JavaScript. If an attacker could create a file or directory on a Gopher server with the encoded script as part of its name the...

Unsafe library loading vulnerabilities — Mozilla

Mozilla developer Ehsan Akhgari reported that a function used to load external libraries on Windows platforms was using a relative path to a DLL-loading application and was thus vulnerable to binary planting if an attacker was able to place an executable of the same name in the current working...

CVE-2010-2369

Untrusted search path vulnerability in Lhasa 0.19 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory...

Lhasa may insecurely load executable files

Overview Lhasa may use unsafe methods for determining how to load executables .exe. Lhasa is a file extraction software that supports LZH and ZIP formats. Lhasa loads certain executables .exe when extracting files. Lhasa contains an issue with the file search path, which may insecurely load...

JVN#18774708: Lhaplus may insecurely load executable files

Lhaplus is a file compression/extraction software supporting multiple file formats. Lhaplus loads certain executables .exe when extracting files. Lhaplus contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the...

JVN#04665167: XacRett may insecurely load executable files

XacRett is a file extraction software that supports many file formats. XacRett loads certain executables .exe when extracting files. XacRett contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privilege of...

JVN#36921800: K2Editor may insecurely load executable files

K2Editor is a text editor. K2Editor loads certain executables .exe when opening the folder that contains the text file that is being edited. K2Editor contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privileg...

Code injection

Cisco Secure Desktop CSD, when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a modified executable file...

CVE-2009-5008

Cisco Secure Desktop CSD, when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a modified executable file...

CVE-2009-5008

Cisco Secure Desktop CSD, when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a modified executable file...

CVE-2009-5008

Cisco Secure Desktop (CSD) together with an AnyConnect SSL VPN server is affected by CVE-2009-5008, where the component does not perform verification correctly, enabling local users to bypass policy restrictions via a modified executable file. Reports across multiple sources (NVD/Red Hat/CVE entr...

JVN#88850043: Lhasa may insecurely load executable files

Lhasa is a file extraction software that supports LZH and ZIP formats. Lhasa loads certain executables .exe when extracting files. Lhasa contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privilege of running...

Lyris ListManager - MSDE Weak sa Password (Metasploit)

$Id: lyrislistmanagerweakpass.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Adobe Cautions Users About Installing Unofficial Reader Patch

Adobe is cautioning its users about installing an unofficial patch for the Reader CoolType.dll bug that was released on Wednesday, saying that although the patch appears to prevent the crash in Reader, installing it could have some unintended consequences. The Reader bug, which was disclosed...

Executables, Other Files Can Be Used in Attacks Similar to DLL-Hijacking

There are a number of other file types that can be used in the same kind of attacks that have been used in the DLL-hijacking exploit in recent weeks. Experts say that executable files, Windows INI files and some other file types can be used in these same attacks. The attack scenario would be...

New Email Worm Turns Back the Clock on Virus Attacks

There appears to be an actual email worm in circulation right now, using the tried-and-true infection method of sending malicious emails to all of the names in a user’s email address book. As of Friday afternoon, the malicious files had been deleted from the remote server in the UK that was servi...

Mandriva Update for libgdiplus MDVSA-2010:166 (libgdiplus)

Check for the Version of libgdiplus OpenVAS Vulnerability Test Mandriva Update for libgdiplus MDVSA-2010:166 libgdiplus Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...