CVE-2004-0843

Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."...

CVE-2002-0384

Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows remote attackers to execute arbitrary code...

Mandrake Linux Security Advisory : gaim (MDKSA-2002:054-1)

Versions of Gaim an AOL instant message client prior to 0.58 contain a buffer overflow in the Jabber plug-in module. As well, a vulnerability was discovered in the URL-handling code, where the 'manual' browser command passes an untrusted string to the shell without reliable quoting or escaping...

RHEL 2.1 : gaim (RHSA-2002:122)

"Updated gaim packages are now available for Red Hat Linux Advanced Server. These updates fix a buffer overflow in the Jabber plug-in module. Gaim is an instant messaging client based on the published TOC protocol from AOL. Versions of gaim prior to 0.58 contain a buffer overflow in the Jabber...

sp-advisory-x10.txt

SP Research Labs Advisory x10 ----------------------------------- KarjaSoft Sami HTTP Server 1.0.4 Buffer Overflow ------------------------------------------------- Vendor Home Page: http://www.karja.com Date Released - 2.16.2004 -------------------------------------- Product Description from the...

CVE-2003-1516

The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.201 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet...

CVE-2003-1521

Sun Java Plug-In 1.4 through 1.4.202 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model...

PT-2003-2174 · Oracle · Sdk +4

Name of the Vulnerable Software and Affected Versions: Java Secure Socket Extension JSSE in SDK and JRE versions 1.4.0 through 1.4.0 01 JSSE versions prior to 1.0.3 Java Plug-in SDK and JRE versions 1.3.0 through 1.4.1 Java Web Start versions 1.0 through 1.2 Description: The X509TrustManager in t...

Trend Micro Emanager Detection

The Trend Micro Emanager software resides on this server. %NASLMINLEVEL 70300 This script was written by John [email protected] See the Nessus Scripts License for details Changes by Tenable: - Removed CVE and bid, changed description 09/24/19 include'deprecatednasllevel.inc';...

CVE-2002-0685

Heap-based buffer overflow in the message decoding functionality for PGP Outlook Encryption Plug-In, as used in NAI PGP Desktop Security 7.0.4, Personal Security 7.0.3, and Freeware 7.0.3, allows remote attackers to modify the heap and gain privileges via a large, malformed mail message...

CVE-2002-0688

ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes...

CVE-2002-0685

CVE-2002-0685 describes a heap-based buffer overflow in the message decoding function of the PGP Outlook Plug-in used by NAI PGP Desktop Security 7.0.4, Personal Security 7.0.3, and Freeware 7.0.3. A remote attacker could trigger this via a large, malformed email message to modify the heap and ga...

CVE-2002-0030

The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attackers to execute arbitrary code in certified mode by making the plug-in appear to be signed by Adobe...

Incorrect Certificate Validation in Java Secure Socket Extension

According to SUN it has been reported that: "the Java Secure Socket Extension JSSE may incorrectly validate the digital certificate of a web site. This may result in untrustworthy web sites being authenticated for SSL transactions. The Java Plug-in and Java Web Start may incorrectly validate the...

CVE-2002-1696

Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted...

CVE-2002-1777

NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus NAV 2002 allows remote attackers to bypass e-mail scanning via a filename in the Content-Type field with an excluded extension such as .nch or .dbx, but a malicious extension in the Content-Disposition field, which is use...

PT-2002-2498 · Symantec +1 · Symantec Norton Antivirus +1

Name of the Vulnerable Software and Affected Versions: Symantec Norton AntiVirus version 2002 Description: The issue allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office...

PT-2002-2499 · Symantec +1 · Symantec Norton Antivirus +1

Name of the Vulnerable Software and Affected Versions: Symantec Norton AntiVirus NAV version 2002 Description: The issue allows remote attackers to bypass e-mail scanning via a filename in the Content-Type field with an excluded extension, but a malicious extension in the Content-Disposition fiel...

CVE-2002-0384

Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows remote attackers to execute arbitrary code...

Important: Red Hat Security Advisory: gaim security update

Updated gaim packages are now available for Red Hat Linux Advanced Server. These updates fix a buffer overflow in the Jabber plug-in module. Gaim is an instant messaging client based on the published TOC protocol from AOL. Versions of gaim prior to 0.58 contain a buffer overflow in the Jabber...