1464 matches found
RealOne Player 1.0/2.0/6.0.10/6.0.11 - '.SMIL' File Script Execution
source: https://www.securityfocus.com/bid/8453/info Real Networks has reported a vulnerability in RealOne Player. Script embedded in SMIL presentations may be executed in the context of a domain that is specified by an attacker. This could allow for theft of cookie-based authentication credential...
Microsoft Internet Explorer 6 - %USERPROFILE% File Execution
Microsoft Internet Explorer 6 - %USERPROFILE% File Execution source: https://www.securityfocus.com/bid/7826/info Microsoft Internet Explorer is prone to an issue which could permit an attacker to load a known, existing file in a user's temporary directory or possibly other directories in a user's...
Microsoft Internet Explorer 6 - '%USERPROFILE%' File Execution
source: https://www.securityfocus.com/bid/7826/info Microsoft Internet Explorer is prone to an issue which could permit an attacker to load a known, existing file in a user's temporary directory or possibly other directories in a user's profile. It is possible to exploit this issue via a maliciou...
Restricted Zone: the OUTLOOK EXPRESS
Tuesday, 20 May, 2003 Silent delivery and installation of an executable on a target computer. No client input other than opening an email or newsgroup post. This can be achieved with the default setting of Outlook Express: RESTRICTED ZONE. Technically the following never worked, cannot work,...
WsMp3 Daemon (WsMp3d) HTTP Traversal Arbitrary File Execution/Access
The remote host is using wsmp3d, an MP3 streaming web server. There is a flaw in this server that allows anyone to execute arbitrary commands and read arbitrary files with the privileges this server is running with. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid1164...
Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! [CRITICAL]
Systems Affected : Internet Explorer 6.0.2800 6.x? Remotely exploitable: Yes Author: Marek Bialoglowy System Integra - [email protected] Attached files: dmz2.rar archive password:zones Note: This is part of my research and the purpose of this post is to consult results and potential...
Microsoft Internet Explorer 5/6 - 'file://' Request Zone Bypass
source: https://www.securityfocus.com/bid/7539/info Internet Explorer is reported to be vulnerable to a zone bypass issue. Allegedly, if Internet Explorer attempts to open a web page containing numerous 'file://' requests each contained in a separate Iframe, the requested file will eventually be...
Microsoft Windows Media Player 7.1 - Skin File Code Execution
Microsoft Windows Media Player 7.1 - Skin File Code Execution source: https://www.securityfocus.com/bid/7517/info Windows Media Player is vulnerable to code execution through skin files. WMP does not properly validate URLs that are passed to initiate a skin file download and installation. This...
Bea Weblogic multiple bugs
It's possible to download, upload and execute any file...
GTCatalog 0.8.16/0.9 - Remote File Inclusion
source: https://www.securityfocus.com/bid/6998/info GTCatalog is prone to an issue that may allow remote attackers to include files located on attacker-controlled servers. This vulnerability is as a result of insufficient sanitization performed on remote user supplied data. Under some...
Typo3 3.5 b5 - Translations.php Remote File Inclusion
Typo3 3.5 b5 - Translations.php Remote File Inclusion source: https://www.securityfocus.com/bid/6984/info TYPO3 is prone to an issue that may allow remote attackers to include files located on attacker-controlled servers. This vulnerability is as a result of insufficient sanitization performed on...
GONiCUS System Administrator 1.0 - Remote File Inclusion
source: https://www.securityfocus.com/bid/6922/info GONiCUS System Administrator is prone to an issue that may allow remote attackers to include files located on remote servers. This issue is present in several PHP pages existing in the /plugins and /includes folders. By crafting specific URI...
Cedric Email Reader 0.4 - Global Configuration Script Remote File Inclusion
Cedric Email Reader 0.4 - Global Configuration Script Remote File Inclusion source: https://www.securityfocus.com/bid/6820/info It has been reported that Cedric Email Reader is prone to an issue that may allow remote attackers to include malicious files located on remote servers. This issue is...
S8Forum 3.0 - Remote Command Execution
source: https://www.securityfocus.com/bid/6547/info S8Forum is prone to a remote command execution vulnerability. When a user registers with the forum, a file is created locally with the specified username. The contents of this file will be the data entered by the user. As a result, a malicious...
N/X Web Content Management System 2002 Prerelease 1 - 'menu.inc.php?c_path' Remote File Inclusion
source: https://www.securityfocus.com/bid/6500/info N/X Web Content Management System is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. An attacker may exploit this by supplying a path to a maliciously created file, located on an...
AIM 4.8.2790 remote file execution vulnerability
Description: AOL Instant Messenger version 4.8.2790 will execute programs when a user clicks on a not-so-specially crafted hypertext link. Versions affected: AOL Instant Messenger 4.8.2790. 4.7.2480 is not vulnerable and neither is 5.0.2938. This bug was confirmed on both Windows 2000 and Windows...
AOL Instant Messenger 4.8.2790 - Local File Execution
AOL Instant Messenger 4.8.2790 - Local File Execution source: https://www.securityfocus.com/bid/6027/info AOL Instant Messenger AIM is prone to an issue which may allow attackers to execute arbitrary files on the client system. It is possible to send a malicious link which references local files ...
AOL Instant Messenger 4.8.2790 - Local File Execution
source: https://www.securityfocus.com/bid/6027/info AOL Instant Messenger AIM is prone to an issue which may allow attackers to execute arbitrary files on the client system. It is possible to send a malicious link which references local files to a user of the client. When the link is visited, the...
wp-02-0012: Carello 1.3 Remote File Execution (Updated 1/10/2002)
Westpoint Security Advisory Title: Carello 1.3 Remote File Execution Risk Rating: High Software: Carello Shopping Cart Platforms: Win2k, WinNT Vendor URL: www.carelloweb.com Author: Matt Moore [email protected] Date: 10th July 2002 Advisory ID: wp-02-0012 Revision: Updated 22/02/2002 see...
wp-02-0012: Carello 1.3 Remote File Execution
Westpoint Security Advisory Title: Carello 1.3 Remote File Execution Risk Rating: Medium Software: Carello Shopping Cart Platforms: Win2k, WinNT Vendor URL: www.carelloweb.com Author: Matt Moore [email protected] Date: 10th July 2002 Advisory ID: wp-02-0012 Overview: ========= Carello 1.3 is ...