Code injection

Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that calls an insecure JavaScript method in the EScript.api plug-in. NOTE: this issue might be subsumed by CVE-2008-0655...

Debian Security Advisory DSA 490-1 (zope)

The remote host is missing an update to zope announced via advisory DSA 490-1. OpenVAS Vulnerability Test $Id: deb4901.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 490-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Adobe Flash Player ActionScript launch command execution

Added: 01/07/2008 CVE: CVE-2008-5499 BID: 32896 OSVDB: 50796 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem An input validation vulnerability allows command execution when the browser loads an SWF file which contains shell...

Adobe Flash Player ActionScript launch command execution

Added: 01/07/2008 CVE: CVE-2008-5499 BID: 32896 OSVDB: 50796 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem An input validation vulnerability allows command execution when the browser loads an SWF file which contains shell...

CVE-2007-6520

Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins...

CVE-2007-6520

Opera before 9.25 contains multiple vulnerabilities (CVE-2007-6520, CVE-2007-6521, CVE-2007-6522, CVE-2007-6524) that enable cross-domain scripting via plug-ins, TLS certificate handling that could allow arbitrary code execution, and memory disclosure through BMP/file handling. The issues affect ...

CVE-2007-5856

CVE-2007-5856 affects Apple Mac OS X up to version 10.5.1 in Quick Look: when previewing HTML, plug-ins can initiate network requests, potentially leaking sensitive information. The NVD entry cites a CVSSv2 base score of 9.4 (HIGH) with network attack vector and no user interaction. OpenVAS refer...

CVE-2003-1516

The CVE-2003-1516 entry concerns the org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01. The flaw allows signed and unsigned applets to share variables, violating the Java security model and potentially enabling remote attackers to read or write data belonging to a sign...

CVE-2003-1516

The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.201 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet...

CVE-2003-1521

CVE-2003-1521 affects Sun Java Plug-In 1.4–1.4.2_02. The issue enables remote attackers to repeatedly access the floppy drive via createXmlDocument in the org.apache.crimson.tree.XmlDocument class, violating the Java security model. The connected Red Hat and CVE records confirm the same descripti...

CVE-2003-1521

Sun Java Plug-In 1.4 through 1.4.202 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model...

Winamp < 5.5 FLAC Plug-in Multiple Buffer Overflows

The remote host is using Winamp, a popular media player for Windows. The version of Winamp installed on the remote Windows host contains a plug-in to handle playing FLAC files that contains several integer buffer overflow vulnerabilities. If an attacker can trick a user on the affected host into...

CVE-2007-5275

CVE-2007-5275 is an Adobe Flash Player plug-in issue affecting Flash 9 where a Flash movie can remotely induce the victim to establish TCP sessions to arbitrary hosts due to DNS rebinding-like behavior and insufficient hostname-IP pinning after processing cross-domain policy (allow-access-from). ...

CVE-2007-4470

Multiple stack-based buffer overflows in the Earth Resource Mapping NCSView ActiveX control before 3.4.0.242 in NCSView.dll, as distributed in ER Mapper ECW JPEG 2000 Plug-in before 8.1, allow remote attackers to execute arbitrary code via unspecified vectors...

Stack overflow

Multiple stack-based buffer overflows in the Earth Resource Mapping NCSView ActiveX control before 3.4.0.242 in NCSView.dll, as distributed in ER Mapper ECW JPEG 2000 Plug-in before 8.1, allow remote attackers to execute arbitrary code via unspecified vectors...

Earth Resource Mapping NCSView ActiveX control stack buffer overflows

Overview The Earth Resource Mapping NCSView ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Earth Resource Mapping NCSView ActiveX control, which is provided by...

Code injection

The mIRC Control Plug-in for Winamp allows user-assisted remote attackers to execute arbitrary code via the '|' pipe shell metacharacter in the name of the song in a .mp3 file...

CVE-2007-4403

The mIRC Control Plug-in for Winamp allows user-assisted remote attackers to execute arbitrary code via the '|' pipe shell metacharacter in the name of the song in a .mp3 file...

CVE-2007-4403

The mIRC Control Plug-in for Winamp allows user-assisted remote attackers to execute arbitrary code via the '|' pipe shell metacharacter in the name of the song in a .mp3 file...

SquirrelMail G/PGP Encryption Plug-in 2.0 Command Execution Vuln

No description provided by source. SquirrelMail G/PGP Encryption Plug-in Remote Command Execution Vulnerability Bugtraq ID: 24782 ----------------------------- There are various vulnerabilities in this software! One is in keyringmain.php! $fpr is not escaped from shellcommands! testbox:/home/w00t...