537 matches found
CVE-2019-9197
The com.unity3d.kharma protocol handler in Unity Editor 2018.3 allows remote attackers to execute arbitrary code...
CVE-2019-9197
Unity Editor 2018.3 is affected by CVE-2019-9197 via the com.unity3d.kharma protocol handler. A crafted com.unity3d.kharma URI can trigger remote code execution, with the attacker able to run code in the context of the current user. Exploitation requires user interaction (the target must visit a ...
Updated curl packages fix security vulnerabilities
The updated packages fix security vulnerabilities: An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. CVE-2019-5435 A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4...
EulerOS 2.0 SP3 : curl (EulerOS-SA-2019-2252)
According to the version of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.CVE-2019-5482 Note that Tenable Network Security has extracted the precedi...
Amazon Linux 2 : curl (ALAS-2019-1340)
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.CVE-2019-5481 Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.CVE-2019-5482 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Lin...
Heap overflow
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3...
CVE-2019-16305
In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command executio...
CVE-2019-16305
In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command executio...
Command injection
In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command executio...
CVE-2019-16305
In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command executio...
CVE-2019-16305
CVE-2019-16305 affects Mobatek MobaXterm 11.1 and 12.1. The protocol handler is vulnerable to command injection: a crafted MobaXterm protocol link prompts the user to run MobaXterm to handle the link, then prompts for further confirmation, enabling command execution (demonstrated via MobaXterm://...
CVE-2019-12805
NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have a vulnerability in the custom protocol handler that could allow remote attacker to execute arbitrary command. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. This...
CVE-2019-12805
NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have a vulnerability in the custom protocol handler that could allow remote attacker to execute arbitrary command. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. This...
Design/Logic Flaw
NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have a vulnerability in the custom protocol handler that could allow remote attacker to execute arbitrary command. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. This...
CVE-2019-12805 NC Launcher 2 Arbitrary Command Injection Vulnerability
NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have a vulnerability in the custom protocol handler that could allow remote attacker to execute arbitrary command. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. This...
PT-2019-12955 · Cncsoft · Ncsoft Game Launcher +1
Name of the Vulnerable Software and Affected Versions: NCSOFT Game Launcher, NC Launcher2 versions 2.4.1.691 and earlier Description: The issue is related to a vulnerability in the custom protocol handler, which could allow a remote attacker to execute arbitrary commands. This requires user...
CVE-2019-11701
The default webcal: protocol handler will load a web site vulnerable to cross-site scripting XSS attacks. This default was left in place as a legacy feature and has now been removed. Note: this issue only affects users with an account on the vulnerable service. Other users are unaffected.. This...
EA Origin Remote Code Execution
Exploit Title: EA Origin 10.5.38 Remote Code Execution Date: 05/22/2019 Exploit Author: Dominik Penner @zer0pwn Vendor Homepage: https://www.origin.com Software Link: https://www.origin.com/can/en-us/store/download Version: 10.5.38 and below Tested on: Windows 7, Windows 8, Windows 10 CVE :...
CVE-2019-11701
The default webcal: protocol handler will load a web site vulnerable to cross-site scripting XSS attacks. This default was left in place as a legacy feature and has now been removed. Note: this issue only affects users with an account on the vulnerable service. Other users are unaffected.. This...
UBUNTU-CVE-2019-11701
The default webcal: protocol handler will load a web site vulnerable to cross-site scripting XSS attacks. This default was left in place as a legacy feature and has now been removed. Note: this issue only affects users with an account on the vulnerable service. Other users are unaffected.. This...