1464 matches found
Microsoft Internet Explorer 'boundElements' Use-After-Free Error Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Aura...
Outlook ATTACH_BY_REF_RESOLVE File Execution
$Id: ms10045outlookrefresolve.rb 9925 2010-07-25 16:04:22Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Outlook ATTACH_BY_REF_ONLY File Execution
$Id: ms10045outlookrefonly.rb 9926 2010-07-25 17:31:04Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Outlook ATTACH_BY_REF_ONLY File Execution
It has been discovered that certain e-mail message cause Outlook to create Windows shortcut-like attachments or messages within Outlook. Through specially crafted TNEF streams with certain MAPI attachment properties, it is possible to set a path name to files to be executed. When a user double...
Outlook ATTACH_BY_REF_RESOLVE File Execution
It has been discovered that certain e-mail message cause Outlook to create Windows shortcut-like attachments or messages within Outlook. Through specially crafted TNEF streams with certain MAPI attachment properties, it is possible to set a path name to files to be executed. When a user double...
Outlook PR_ATTACH_METHOD file execution vulnerability
------------------------------------------------------------------------ Outlook PRATTACHMETHOD file execution vulnerability ------------------------------------------------------------------------ Yorick Koster, October 2009 -----------------------------------------------------------------------...
Fedora 12 : xinha-0.96.1-1.fc12 (2010-9260)
Name: CVE-2010-1916 URL: https://vulners.com/cve/CVE-2009-1916 Assigned: 20100511 Reference: MISC: http://www.php-security.org/2010/05/10/mops-2010-019-serendipity-wysiw yg-editor-plugin-configuration-injection-vulnerability/index.html Reference: MISC:...
Phreebooks 2.0 - Local File Inclusion
Phreebooks 2.0 - Local File Inclusion Advisory Name: Local File Inclusion in Phreebooks v2.0 Internal Cybsec Advisory Id: Vulnerability Class: Local File Inclusion Release Date: 2010-05-26 Affected Applications: Phreebooks v2.0 Affected Platforms: Any running Phreebooks v2.0 Local / Remote: Remot...
Sun Java Deployment Toolkit Plugin and ActiveX Control Vulnerability
The Sun Java Development Toolkit plugin and ActiveX control contain a vulnerability. This vulnerability is due to insufficient argument validation. By convincing a user to visit a specially crafted HTML document, an attacker may be able to exploit this vulnerability and execute an arbitrary JAR...
Microsoft Windows Vista Windows Mail File Execution (MS07-034; CVE-2007-1658)
Microsoft Windows Mail product is an implementation of an email and newsgroup client capable of handling most standard Internet protocols as well as numerous proprietary Microsoft protocols and formats. It is the successor to Outlook Express and is included in recent versions of Microsoft Windows...
Energizer DUO USB battery charger software allows unauthorized remote system access
Overview The software available for the Energizer DUO USB battery charger contains a backdoor that allows unauthorized remote system access. Description Energizer DUO is a USB battery charger. An optional Windows application that allows the user to view the battery charging status has been...
CVE-2010-0680
CVE-2010-0680 â ZeusCMS 0.2: A directory traversal in index.php allows remote attackers to include and execute arbitrary local files via the page parameter. This can impact confidentiality, integrity, and availability (CVSS v2 base score 7.5). Affected product/version: ZeusCMS 0.2. Connected reco...
CVE-2010-0157
CVE-2010-0157 is a Local File Inclusion (directory traversal) vulnerability in the Joomla! Bible Study component (com_biblestudy) version 6.1. An attacker can craft a .. in the controller parameter of studieslist to index.php to cause arbitrary local file inclusion, potentially enabling remote co...
CVE-2009-4435
Multiple directory traversal vulnerabilities in F3Site 2009 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the GLOBALSnlang parameter to 1 mod/poll.php and 2 mod/new.php...
[ISecAuditors Security Advisories] Simple PHP Blog <= 0.5.1 Local File Include vulnerability
============================================= INTERNET SECURITY AUDITORS ALERT 2009-005 - Original release date: March 2nd, 2009 - Last revised: December 18th, 2009 - Discovered by: Juan Galiana Lara - Severity: 6.8/10 CVSS scored ============================================= I. VULNERABILITY...
CVE-2009-4211
The U.S. Defense Information Systems Agency DISA Security Readiness Review SRR script for the Solaris x86 platform executes files in arbitrary directories as root for filenames equal to 1 java, 2 openssl, 3 php, 4 snort, 5 tshark, 6 vncserver, or 7 wireshark, which allows local users to gain...
Code injection
The U.S. Defense Information Systems Agency DISA Security Readiness Review SRR script for the Solaris x86 platform executes files in arbitrary directories as root for filenames equal to 1 java, 2 openssl, 3 php, 4 snort, 5 tshark, 6 vncserver, or 7 wireshark, which allows local users to gain...
Directory traversal
Directory traversal vulnerability in admin.php in Flashlight Free Edition allows remote attackers to include and execute arbitrary local files via a .. dot dot in the action parameter...
Design/Logic Flaw
Incomplete blacklist vulnerability in browser/download/downloadexe.cc in Google Chrome before 3.0.195.32 allows remote attackers to force the download of certain dangerous files via a "Content-Disposition: attachment" designation, as demonstrated by 1 .mht and 2 .mhtml files, which are...
Directory traversal
Directory traversal vulnerability in ls.php in LittleSite aka LS or LittleSite.php 0.1 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the file parameter to index.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a U...