1464 matches found
CVE-2001-0727
Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability."...
CVE-2000-0072
Visual Casel Vcasel does not properly prevent users from executing files, which allows local users to use a relative pathname to specify an alternate file which has an approved name and possibly gain privileges...
CVE-2001-0727
Summary of CVE-2001-0727 (File Execution Vulnerability) : Internet Explorer 6.0 on Windows is affected by a vulnerability in MIME header handling (Content-Disposition and Content-Type). An attacker can cause code execution by modifying headers to disguise downloaded content as safe, potentially t...
PHP-Address 0.2 e - Remote File Inclusion
source: https://www.securityfocus.com/bid/5039/info PHP-Address is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. If the remote file is a PHP script, this may allow for execution of attacker-supplied PHP code with the privileges of the...
osCommerce 2.1 - Remote File Inclusion
source: https://www.securityfocus.com/bid/5037/info osCommerce is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. If the remote file is a PHP script, this may allow for execution of attacker-supplied PHP code with the privileges of the...
W-Agora 4.1.x - Remote File Inclusion
source: https://www.securityfocus.com/bid/4977/info W-Agora is prone to an issue which may allow an attacker to include arbitrary files located on a remote server. In particular, the 'incdir' variable found in a number of the W-Agora scripts defines the path to the configuration file. It is...
CVE-2002-0307
Directory traversal vulnerability in ans.pl in Avenger's News System ANS 2.11 and earlier allows remote attackers to determine the existence of arbitrary files or execute any Perl program on the system via a .. dot dot in the p parameter, which reads the target file and attempts to execute the li...
Microsoft Internet Explorer 5.0.16.0 - Content-Disposition Handling File Execution
Microsoft Internet Explorer 5.0.16.0 - Content-Disposition Handling File Execution source: https://www.securityfocus.com/bid/4752/info An issue exists in the way Microsoft Internet Explorer handles conflicting information in some HTTP headers used to describe non-HTML content. A malicious web...
Clicky Web Pseudo-frames 1.0 - Remote File Inclusion
Clicky Web Pseudo-frames 1.0 - Remote File Inclusion source: https://www.securityfocus.com/bid/4756/info Pseudo-frames is an application written in PHP and is maintained by Clicky Web. Pseudo-frames permit remote file including. As a result, a remote attacker may include an arbitrary file located...
Clicky Web Pseudo-frames 1.0 - Remote File Inclusion
source: https://www.securityfocus.com/bid/4756/info Pseudo-frames is an application written in PHP and is maintained by Clicky Web. Pseudo-frames permit remote file including. As a result, a remote attacker may include an arbitrary file located on a remote host. If this file is a PHP script, it...
AOL Instant Messenger 4.x - Arbitrary File Creation
source: https://www.securityfocus.com/bid/4526/info An issue has been reported, which could allow an AIM user to save files to arbitrary locations. Reportedly, this is achievable when a direct connection is made between two AIM users. Files that are sent to a user include an img tag and a data ta...
Oracle JSP Apache/Jserv Path Translation Arbitrary JSP File Execution
Detects Vulnerability in the execution of JSPs outside docroot. A potential security vulnerability has been discovered in Oracle JSP releases 1.0.x through 1.1.1 in Apache/Jserv. This vulnerability permits access to and execution of unintended JSP files outside the docroot in Apache/Jserv. For...
PHProjekt 3.1 - Remote File Inclusion
PHProjekt 3.1 - Remote File Inclusion source: https://www.securityfocus.com/bid/4284/info PHProjekt is a freely available, open source PHP Groupware package. It is actively maintained by the PHProjekt Development Team. It will run on most Linux and Unix variants, in addition to Microsoft Windows...
Auto file execution vulnerability in Mac OS
Auto file execution vulnerability in Mac OS http://homepage.mac.com/vmconverter/macautoexecvuln.html Overview We found a vulnerability in Mac OS and Mac OS X with Classic Environment. If victims only browse malicious web-page; 1.Browsers start automatically download a compressed disc-image file...
php.windows.txt
Title 17/2/2002 PHP for Windows Arbitrary Files Execution GIF, MP3 Summary Through PHP.EXE, an attacker can cause PHP to interpret any file as a PHP file, even if its extensions are not PHP. This would enable the remote attacker to execute arbitrary commands, leading to a system compromise. Detai...
Macinosh IE file execuion vulerability
Problem: Malicious webmaster can execute files, if the victim is using Internet Explorer 5. Affected versions: IE 5.0, probably earlier, on Classic systemsbelow OS X Description: If you know the file path you can execute watever you want. What makes it difficult is that macintosh hard drives have...
Apple Mac OS Internet Explorer 3/4/5 - File Execution
source: https://www.securityfocus.com/bid/3935/info A vulnerability has been discovered in MacOS systems running Internet Explorer 5.1 and earlier. MacOS X is not affected by this issue. File URLs may be used by a malicious webmaster to execute programs on a web user's local system. The exact pat...
Apple Mac OS Internet Explorer 345 - File Execution
Apple Mac OS Internet Explorer 345 - File Execution source: https://www.securityfocus.com/bid/3935/info A vulnerability has been discovered in MacOS systems running Internet Explorer 5.1 and earlier. MacOS X is not affected by this issue. File URLs may be used by a malicious webmaster to execute...
CVE-2001-0727
Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability."...
[ALERT] Remote File Execution By Web or Mail: Internet Explorer
-----BEGIN PGP SIGNED MESSAGE----- NOMEN NESCIO SECURITY ALERT 9000989 666 Topic: Remote File Execution By Web or Mail: Internet Explorer Severity: Critical Datum: 2001-11-21 Affected Systems: |||||||||||||||||||||||||||||||| Microsoft Internet Explorer 5.01 and 6.00 - Microsoft Windows 95 -...