Open redirect

Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce...

SUSE: Security Advisory (SUSE-SU-2015:1053-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-22721

A File Upload Vulnerability in PNotes - Andrey Gruber PNotes.NET v3.8.1.2 allows a local attacker to execute arbitrary code via the Miscellaneous " External Programs by uploading the malicious .exe file to the external program...

Unrestricted file upload

A File Upload Vulnerability in PNotes - Andrey Gruber PNotes.NET v3.8.1.2 allows a local attacker to execute arbitrary code via the Miscellaneous " External Programs by uploading the malicious .exe file to the external program...

HackerOne: Private program disclosure via `vpn_suspended` GraphQL query

Summary: vpnsuspended of Team object got exposed Description: An attacker can get vpnsuspended value of any program including external program which also have private program eg. █████ and external program which does not have private program What an attacker can do with this ? If an external...

CVE-2018-16084

The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page...

Design/Logic Flaw

The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page...

HackerOne: User object in GraphQL exposes number of trial reports for External Programs that also have a Private Program

Summary: For this vulnerability to work, it is necessary that you should be Admin/member of atleast one sandbox team and running a GraphQL node can tell you if the external programs exist on directory page running a private program on hackerone or not...

cups-filters: foomatic-rip did not consider semicolon as illegal shell escape character

It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands...

CVE-2008-3329

Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs."...

Ubuntu Update for firefox vulnerabilities USN-493-1

Ubuntu Update for Linux kernel vulnerabilities USN-493-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4931.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for firefox vulnerabilities USN-493-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

Ubuntu Update for mozilla-thunderbird vulnerabilities USN-503-1

Ubuntu Update for Linux kernel vulnerabilities USN-503-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5031.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for mozilla-thunderbird vulnerabilities USN-503-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

openSUSE 10 Security Update : postfix (postfix-5603)

When exectuting external programs postfix didn't close the file descriptor of the epoll system call. This could potentially be exploited to shutdown postfix CVE-2008-3889. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fr...

CVE-2008-3329

Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs."...

Design/Logic Flaw

Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs."...

CVE-2008-3329

Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs."...

CVE-2008-3329

Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs."...

CVE-2008-3329

The CVE-2008-3329 entry concerns the Links web browser (before 2.1). In “only proxies” mode, it reportedly allows a vulnerability related to passing URLs to external programs; impact is described as unknown in early sources. For Slackware, SSA:2008-210-04 updates packages to fix this issue. Other...

SuSE 10 Security Update : gvim and vim (ZYPP Patch Number 4821)

Vim allows to open content via external programs if the argument contains a 'http:' sub-string. It insecurely invoked external web browsers to fetch the remote content. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

Ubuntu 6.06 LTS / 6.10 / 7.04 : mozilla-thunderbird vulnerabilities (USN-503-1)

Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious email, an attacker could execute arbitrary code with the user's privileges. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it...