CVE-2007-2227

The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Doma...

Apple Safari 3 for Windows - Protocol Handler Command Injection

source: https://www.securityfocus.com/bid/24434/info Apple Safari for Windows is prone to a protocol handler command-injection vulnerability. Exploiting the issue allows remote attackers to pass arbitrary command-line arguments to any application that can be called through a protocol handler. Thi...

Safari for Windows, 0day URL protocol handler command injection

Apple released version 3 of their popular Safari web browser today, with the added twist of offering both an OS X and a Windows version. Given that Apple has had a lousy track record with security on OS X, in addition to a hostile attitude towards security researchers, a lot of people are expecti...

Multiple HyperAccess telnet / ssh terminal security vulnerabilities

Code execution with .HAW files and telnet: protocol handler...

Ubuntu 4.10 : gaim vulnerabilities (USN-85-1)

The Gaim developers discovered that the HTML parser did not sufficiently validate its input. This allowed a remote attacker to crash the Gaim client by sending certain malformed HTML messages. CAN-2005-0208, CAN-2005-0473 Another lack of sufficient input validation was found in the 'Oscar' protoc...

gaim security update

CentOS Errata and Security Advisory CESA-2005:627 Merged security bulletin from advisories: https://lists.centos.org/pipermail/centos-announce/2005-August/074197.html https://lists.centos.org/pipermail/centos-announce/2005-August/074198.html...

FreeBSD : gaim -- MSN denial-of-service vulnerabilities (f2d6a5e1-26b9-11d9-9289-000c41e2cdad)

The Gaim team discovered denial-of-service vulnerabilities in the MSN protocol handler : After accepting a file transfer request, Gaim will attempt to allocate a buffer of a size equal to the entire filesize, this allocation attempt will cause Gaim to crash if the size exceeds the amount of...

CVE-2004-1171

KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are 1 manually entered by the user or 2 created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to...

Microsoft Internet Explorer 6 - mms Protocol Handler Executable Command Line Injection

source: https://www.securityfocus.com/bid/10879/info A vulnerability has been reported to exist in Microsoft Internet Explorer that may allow remote attackers to pass arbitrary command line arguments to an application associated with the mms: URI protocol handler. Windows Media Player is the...

Mozilla 1.7 - External Protocol Handler

Mozilla 1.7 - External Protocol Handler source: https://www.securityfocus.com/bid/10681/info Mozilla Internet Browser is reported prone to a weakness that may permit an external protocol to be called without any user interaction. This may expose Mozilla users to vulnerabilities that exist in the...

MacOS X browsers files overwriting and scripts execution (multiple bugs)

By using vulnerability in telnet: protocol handling it's possible to add -f option to telnet command line. help: protocol handler allows scripts execution via help: command...

Apple Mac OS X help system may interpret inappropriate local script files

Overview A vulnerability has been reported in the default URI protocol handler in Apple's Mac OS X help system. Exploitation of this vulnerability may permit a remote attacker to execute arbitrary scripts on the local system. Description A vulnerability has been reported in Apple's Mac OS X...

CVE-2004-0380

The CVE-2004-0380 issue affects the MHTML URL Processing Vulnerability in Microsoft Outlook Express 5.5 SP2 through 6 SP1, rooted in the MHTML/ITS handling and cross-domain logic. A remote attacker could cause HTML/CHM content to execute arbitrary code in the Local Machine Zone by exploiting ITS,...