1464 matches found
Code injection
Unspecified vulnerability in Novell iManager before 2.7 SP1 2.7.1 allows remote attackers to delete Plug-in Studio created Property Book Pages via unknown vectors...
Solaris 9 (sparc) : 138536-01
Service Provisioning System 6.0: N1 SPS Webserver 7 Plug-in Patch. Date this patch was last updated by Sun : Jul/18/08 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...
Solaris 8 (sparc) : 138536-01
Service Provisioning System 6.0: N1 SPS Webserver 7 Plug-in Patch. Date this patch was last updated by Sun : Jul/18/08 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...
Sun ASP Server-vulnerability warning-the black bar safety net
iDefense yesterday to blast a bunch of Sun ASP Server vulnerabilities, the write scan plug-in when the way to Test it, to reproduce one of: http://ip:5100/caspsamp/shared/viewsource.asp?source=/caspsamp/../../../../etc/shadow It really is very powerful...
KLA10197 ACE vulnerability in IBM AFP Viewer plug-in
A buffer overflow was found in IBM AFP Viewer plug-in. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed property value. Original advisories - Related products IBM-AFP-Viewer-Plug-In CVE list...
Black Ice软件BiAnno.ocx控件远程栈溢出漏洞
BUGTRAQ ID: 29635 Annotation SDK/ActiveX是Black Ice图形工具包中的图形编辑插件。 Annotation SDK/ActiveX插件所安装的BiAnno Control ActiveX控件(BiAnno.ocx)在处理AnnoSaveToTiff函数参数时存在栈溢出漏洞,如果用户受骗访问了恶意网页并向该函数传送了超长参数的话,就可以触发这个溢出,导致执行任意指令。 Black Ice Annotation SDK/ActiveX Plug-In 10.9.5.0 临时解决方法:...
RHEL 5 : evolution (RHSA-2008:0514)
Updated evolution packages that fix two buffer overflow vulnerabilities are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Evolution is the integrated collection of e-mail, calendaring, contact...
Java Plugin same-origin-policy bypass
Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.216 and earlier, and 1.3.121 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors...
Critical: Red Hat Security Advisory: java-1.6.0-ibm security update
Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM's 1.6.0 Java release includes the IBM Java 2 Runtime Environmen...
Java Plugin same-origin-policy bypass
Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.216 and earlier, and 1.3.121 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors...
Critical: Red Hat Security Advisory: java-1.5.0-ibm security update
Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM's 1.5.0 Java release includes the IBM Java 2 Runti...
Code injection
Nik Sharpener Pro, possibly 2.0, uses world-writable permissions for plug-in files, which allows local users to gain privileges by replacing a plug-in with a Trojan horse...
CVE-2008-1638
Nik Sharpener Pro, possibly 2.0, uses world-writable permissions for plug-in files, which allows local users to gain privileges by replacing a plug-in with a Trojan horse...
CVE-2008-1638
CVE-2008-1638 affects Nik Sharpener Pro (possibly v2.0) where plug‑in files are world-writable. This enables local users to replace a plug‑in with a Trojan horse, potentially achieving privilege escalation. The provided sources confirm the vulnerability mechanism but do not specify affected build...
Nik Software Sharpener Pro vulnerable to privilege escalation
Overview The Nik Software Shapener Pro installs files with insecure permissions, which may allow a local attacker to elevate privileges. Description Nik Software Sharpener Pro is an Adobe Photoshop plug-in that provides image sharpening capabilities. The Nik Software Sharpener Pro installer sets...
Java Plugin same-origin-policy bypass
Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.216 and earlier, and 1.3.121 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors...
CVE-2008-1192
Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.216 and earlier, and 1.3.121 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors...
CVE-2008-1192
Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.216 and earlier, and 1.3.121 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors...
acroread JavaScript Insecure Method Exposure
Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that calls an insecure JavaScript method in the EScript.api plug-in. NOTE: this issue might be subsumed by CVE-2008-0655...
Java Plugin same-origin-policy bypass
Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.216 and earlier, and 1.3.121 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors...