Ubuntu 6.06 LTS / 6.10 / 7.04 : mozilla-thunderbird vulnerabilities (USN-503-1)

Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious email, an attacker could execute arbitrary code with the user's privileges. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it...

USN-503-1: Thunderbird vulnerabilities

Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious email, an attacker could execute arbitrary code with the user's privileges. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it...

SeaMonkey < 1.1.4 Multiple Vulnerabilities

The installed version of SeaMonkey allows unescaped URIs to be passed to external programs, which could lead to execution of arbitrary code on the affected host subject to the user's privileges, and could also allow privilege escalation attacks against addons that create 'about:blank' windows and...

Mozilla Foundation Security Advisory 2007-27

Mozilla Foundation Security Advisory 2007-27 Title: Unescaped URIs passed to external programs Impact: Critical Announced: July 30, 2007 Reporter: Jesper Johansson Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.6 Thunderbird 2.0.0.6 Thunderbird 1.5.0.13 SeaMonkey 1.1.4...

Unescaped URIs passed to external programs — Mozilla

Jesper Johansson pointed out that Mozilla did not percent-encode spaces and double-quotes in URIs handed off to external programs for handling, which can cause the receiving program to mistakenly interpret a single URI as multiple arguments. The danger depends on the arguments supported by the...

Apple Mac OS X chpass/chfn/chsh utilities do not properly validate external programs

Overview Apple Mac OS X Directory Service utilities use external programs insecurely, potentially allowing an attacker to execute arbitrary code. Description The OS X Directory Services have three utilities chpass, chfn, and chsh to update information in the user database, such as user name,...

CVE-2004-0850

Star before 1.5alpha46 does not drop the effective user ID euid before calling external programs, which could allow local users to gain privileges by modifying the RSH environment variable to reference a malicious program...

Shell-метасимволы в Network Tool PHP &#40;shell metacharacters&#41;

Не фильтруются метасимволы при вызове внешней программы...

Дырка в KW Whois &#40;unparsed shell chars&#41;

Вызов внешней программы со строкой введенной пользователем позволяет выполнить любое приложение на сервере...

CVE-1999-0817

Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet...

CVE-1999-0817

Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet...

CVE-1999-0817

Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet...

PT-1999-1371 · Lynx · Lynx

Name of the Vulnerable Software and Affected Versions: Lynx WWW client affected versions not specified Description: The issue allows a remote attacker to specify command-line parameters that Lynx uses when calling external programs to handle certain protocols, such as telnet. Recommendations: At...